[PLUG] Equation may p0wn your hard drive

Keith Lofstrom keithl at gate.kl-ic.com
Wed Feb 18 20:23:06 UTC 2015


http://www.kaspersky.com/about/news/virus/2015/Equation-Group-The-Crown-Creator-of-Cyber-Espionage
http://tinyurl.com/osdhxs8

A week ago, I merely worried that hard drive manufacturers
could insert backdoors into the disk firmware on the assembly
line.  According to this Kapersky Lab report, it is worse than
that.  Hard drives shipped to 30 target countries can have
backdoors in the hard drive firmware.  Software on USB drives
and CDs (such as those provided at conferences) can also add
backdoors by exploiting firmware vulnerabilities in the drives.

Without open hardware designs, verifiable by third parties down
to the chip transistor level, software security ... isn't.  If
you don't own the schematic, and occasionally tear a chip down
to the transistors to look for deviations from that schematic,
you are trusting the chip manufacturer too much.

The even more frightening thing is that a transistor level chip
designer like me can add "analog hacks" that are invisible to
gate level logical analysis, but can be subtly triggered to
have logic-level outcomes.  Bits are a myth.

The EVEN MORE frightening thing ... well, I won't go there in
a public forum, but you want continuous and verifiable live
security camera surveillance, and surprise inspections, during
some phases of wafer manufacturing, so the fab should be
"open", too.

If you have superb software security procedures, and pay no
attention to the electronics, it is like adding a steel bank
vault door to the front of a tissue paper tent.

Keith

-- 
Keith Lofstrom          keithl at keithl.com



More information about the PLUG mailing list