[PLUG] Equation may p0wn your hard drive

Keith Lofstrom keithl at gate.kl-ic.com
Wed Feb 18 21:28:10 UTC 2015 

On Wed, Feb 18, 2015 at 12:23 PM, Keith Lofstrom <keithl at gate.kl-ic.com>
wrote:
> http://www.kaspersky.com/about/news/virus/2015/Equation-Group-The-Crown-Creator-of-Cyber-Espionage
> http://tinyurl.com/osdhxs8
>
> A week ago, I merely worried that hard drive manufacturers
> could insert backdoors into the disk firmware on the assembly
> line.  According to this Kapersky Lab report, it is worse than
> that.  Hard drives shipped to 30 target countries can have
....

On Wed, Feb 18, 2015 at 12:49:28PM -0800, Larry Brigman wrote:
> Not just hard drives but the whole of the electronics coming out of china
> in the near future.
> http://www.zdnet.com/article/us-slams-new-chinese-rules-for-tech-firms/?utm_campaign=OpenStack+Now&utm_source=hs_email&utm_medium=email&utm_content=16098696&_hsenc=p2ANqtz-8xi16xIK3jwISc8800aWwOSL-U9XA5KTClYb16Hu8RWAAdEV_ORznb5jVFUHD6G1UQtVhEt4UTYTjyOQxRzbcYgu0tLQ&_hsmi=16098696

Indeed.  Hard drives (and large solid state drives) are the worst,
because they have the most room and can hide gigabytes of exploits
for multiple OSes in the spare tracks.  Chips are worse in a
different way, less room for exploits but easier to hide more
subtle exploits, because chips are black boxes without the
expensive equipment to probe them deeply.

The price of liberty is eternal vigilance.  Since we are not
vigilant individuals, we are not free.  This is not something
a responsible person can entirely delegate to others, though
practically speaking we must divide the problem up into
subdomains, with overlapping scrutiny and continuous re-testing.

Hardware wise, I love taking physical objects apart and learning
how they work.  I would do the more often with chips, even huge
chips such as Intel multicore processors, if there were enough
people sharing the effort and expense to fill in the whole map.

This is straying towards plug-talk territory, but only because
the Linux community focuses on a far too narrow segment of the
threat map, which actually spans from physics to psychology,
raw materials to international organization.  We need the
source code for everything, not just the bits in a distro.  

Keith

-- 
Keith Lofstrom          keithl at keithl.com

More information about the PLUG mailing list