Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Sign in to follow this  
hex11

NSA firmware hacking

Recommended Posts

Just in case someone didn't hear about this yet... NSA have developed methods to infiltrate deep into the firmware of computer components. So far only infected HDD's were found, but who knows how deep the rabbit hole goes? Firmware is in basically all components these days, even the CPU.

http://www.wired.com/2015/02/nsa-firmware-hacking/

Anyway, there's no way to really defend against this, because the host OS doesn't control what happens at the firmware level. And apparently just rewriting/updating the firmware provides no guarantee to cleanse your system. So for the time being, everyone who uses HDD's is vulnerable to this attack. And it's only a matter of time before random black hats start using this technique.

Well there is actually a way, but most people won't like it... I doubt this attack is possible against old 8-bit machines with cassette tapes and floppy drives.

Share this post


Link to post

Is this going to end up like that machette ban?

Don't think PC users need it. Might have to just use consoles and raspberri pi's...?

Will everyone be forced into cloud computing? Funny it's called "cloud computing". It's like whoever implented cloud computing, wants the sky to end up like on the Matrix movie.

Share this post


Link to post

I'd take this with a pinch of salt -for one, modern HDDs have large firmwares that are (at least partially) stored on the hard disk platters themselves (that's why a physically borked HDD generally cannot be "reflashed").

Second, the firmware update procedure is manufacturer-specific, takes a (relatively) long time to perform and cannot be combined with other types of hard disk accesses.

Third, the HD's MCU cannot be used to access data in the computer's memory directly, so any hidden code in the firmware would have to be injected to the host machine in a way that can be executed (so the payload would have to be platform-specific, and executed at boot time, e.g. replacing the disk's boot sector with an infected one on-the-fly as soon as the HDD is powered on).

Sounds like this "firmware hack" is more like an advanced form of boot sector virus or rootkit.

So performing all these actions together and transparently in a way that's cross-OEM, cross-OS and cross-platform would be quite an achievement.

Share this post


Link to post

Well the Kaspersky dude was impressed by how many different HDD's the malware could infect, so whoever wrote it had some accurate specs and a really good background in low-level stuff. But it sounds like the virus itself is Windows-specific, because they mention some .dll files. There's no reason they can't also write malware for other OS too, except there's less potential targets.

They also have to infect the OS somehow (over network, or USB), unless maybe some of these machines actually shipped from the factory with the nasty firmware.

And maybe the firmware flasher waits until there's no HDD activity for a long time, or maybe it just kills off other processes just to be sure, and then crashes the machine so it looks like some kind of Windows driver error.

Share this post


Link to post

So lesson #1 if you are suffering from a serious infection: Replace the HDD, too.

So what does the paranoid computer user do? Make sure that no HDD can accumulate larger amounts of data by frequent short term replacements. This entire thing is useless once it's known because the security-minded will easily be able to work around it.

Share this post


Link to post

Actually, a much cruder form of this sort of compromised firmware had occurred in consumer electronics (Digital photo frames) not long ago.

And let's not forget the various CD anti-copying schemes (especially Sony's infamous rootkit) which pretty much hijack the user's computer.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
×