What's in my hard drive?
jd1008
jd1008 at gmail.com
Tue Feb 17 22:26:01 UTC 2015
On 02/17/2015 02:31 PM, Chris Murphy wrote:
> On Tue, Feb 17, 2015 at 12:02 PM, jd1008 <jd1008 at gmail.com> wrote:
>> http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216
> From the article, I'm not connecting the dots on exactly what the
> sequence for persistent infection is, or how modified source code
> ended up in actual products since 2001. Maybe that's detailed in the
> Kaspersky Lab report. It seems obvious many foreign governments can
> get access to drive firmware source code, but then modify it and get
> it baked into production units? Or produce some kind of malware whose
> sole job is to flash the drive firmware post-production? And then what
> does the modified firmware do once on the drive? It can't have its own
> network stack to start funneling data somewhere. It seems more likely
> for e.g. OPAL drives it could retain the passcode for the KEK. So then
> this means physically acquiring (stealing) the drive and being easily
> able to decrypt the contents. Or could the firmware at power on not
> actually supply the firmware with LBA0 contents to execute but some
> arbitrary code (possibly even stored on hidden sectors on the drive)
> that acts as a persistent bootkit?
>
>
Or, a government agency can easily demand that their "chip"
be inserted into the drive's controller board or their code be
inserted into the firmware.
More information about the users
mailing list