[PLUG] Equation may p0wn your hard drive

Larry Brigman larry.brigman at gmail.com
Wed Feb 18 20:49:28 UTC 2015 

Not just hard drives but the whole of the electronics coming out of china
in the near future.
http://www.zdnet.com/article/us-slams-new-chinese-rules-for-tech-firms/?utm_campaign=OpenStack+Now&utm_source=hs_email&utm_medium=email&utm_content=16098696&_hsenc=p2ANqtz-8xi16xIK3jwISc8800aWwOSL-U9XA5KTClYb16Hu8RWAAdEV_ORznb5jVFUHD6G1UQtVhEt4UTYTjyOQxRzbcYgu0tLQ&_hsmi=16098696

On Wed, Feb 18, 2015 at 12:23 PM, Keith Lofstrom <keithl at gate.kl-ic.com>
wrote:

>
> http://www.kaspersky.com/about/news/virus/2015/Equation-Group-The-Crown-Creator-of-Cyber-Espionage
> http://tinyurl.com/osdhxs8
>
> A week ago, I merely worried that hard drive manufacturers
> could insert backdoors into the disk firmware on the assembly
> line.  According to this Kapersky Lab report, it is worse than
> that.  Hard drives shipped to 30 target countries can have
> backdoors in the hard drive firmware.  Software on USB drives
> and CDs (such as those provided at conferences) can also add
> backdoors by exploiting firmware vulnerabilities in the drives.
>
> Without open hardware designs, verifiable by third parties down
> to the chip transistor level, software security ... isn't.  If
> you don't own the schematic, and occasionally tear a chip down
> to the transistors to look for deviations from that schematic,
> you are trusting the chip manufacturer too much.
>
> The even more frightening thing is that a transistor level chip
> designer like me can add "analog hacks" that are invisible to
> gate level logical analysis, but can be subtly triggered to
> have logic-level outcomes.  Bits are a myth.
>
> The EVEN MORE frightening thing ... well, I won't go there in
> a public forum, but you want continuous and verifiable live
> security camera surveillance, and surprise inspections, during
> some phases of wafer manufacturing, so the fab should be
> "open", too.
>
> If you have superb software security procedures, and pay no
> attention to the electronics, it is like adding a steel bank
> vault door to the front of a tissue paper tent.
>
> Keith
>
> --
> Keith Lofstrom          keithl at keithl.com
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>

More information about the PLUG mailing list