[PLUG] Spyware in hard drive firmware - a reality for 10+ years

Rigel Hope gnu at rigelhope.org
Tue Feb 17 17:51:21 UTC 2015


some light reading on the topic of HD firmware backdoors:

http://www.s3.eurecom.fr/docs/acsac13_zaddach.pdf


On Tue, Feb 17, 2015 at 9:28 AM, Russell Senior
<russell at personaltelco.net> wrote:
>>>>>> "Michael" == Michael Rasmussen <michael at jamhome.us> writes:
>
> Michael> Or so reports Kaspersky.
> Michael> http://www.thestar.com/business/2015/02/17/us-can-permanently-spy-on-sabotage-foreign-computers-kaspersky-lab-report-says.html
>
> One thing the articles about this problem keep saying and which doesn't
> make complete sense is that "this infection is immune to removal".
> There is a method to get the infection into spare sectors and into
> firmware, which seems to me to mean that there *is* a way to see those
> raw sectors and/or firmware in a such a way as to a) see what's there;
> and b) remodify the firmware.
>
> It might be that if you are dependent on the firmware to inspect or
> replace the firmware, then the infected firmware could just lie to you
> in order to hide itself.  In which case, these devices really need to
> have some offline way of inspecting their flash sufficient to generate
> dumps and checksums to verify they are running what you think they are
> running.
>
> What tools currently exist on linux to inspect the hard disk firmware?
> I recall updating some hard disk firmware (several years ago), but
> perhaps using a vendor supplied freedos-based software kit.
>
>
> --
> Russell Senior, President
> russell at personaltelco.net
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug



More information about the PLUG mailing list