[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Extra juicy! | Home]

>hard drives found to have a backdoor programmed into the

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.

Thread replies: 187
Thread images: 9

File: Hard Drive.jpg (56KB, 1000x706px)
Hard Drive.jpg
56KB, 1000x706px
>hard drives found to have a backdoor programmed into the firmware

Do you feel safe?

http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage
>>
A backdoor to what?
>>
>>46610657
to your [spoiler]_jk[/spoiler]
>>
Please post only after reading
https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
>>
>>46610743
>.com
>>
>>46610743
this totally makes me want to develop something like that.
>>
>>46610613
>Do you feel safe?
no

its time to make an open source hardware hard-drive, with full schematics for all circuitry and running only open source firmware
>>
>>46610743
according to the pdf, some of their tools work in linux. But as linux kernel is open source, can we patch the kernel to deny any attempt of HDD firmware flash (by blocking UPDATE MICROCODE)?
>>
Doesn't hardware use certificates for their firmware?
>>
>>46610743
>pdf
Fuck off.

Also, I'd love to see shitware in some firmware on a HDD actually access the internet through a non-NSA sanctioned OS.
>>
>>46610743
>ctrl f
>linux
nothing

man it feels good to use a FOSS operating system
>>
File: 1420388565795.jpg (83KB, 342x380px)
1420388565795.jpg
83KB, 342x380px
>All the malware we have collected so far is designed to work on Microsoft’s
Windows operating system.

Serious question though about these firmware attacks, badUSB included, why is it even possible to write the firmware software from the OS level? and since it is possible, shouldnt it be easy to write the "stock" firmware back onto it, fixing the problem?
>>
>>46611807
>The main function to reflash the HDD firmware receives an external payload, which
>can be compressed by LZMA. The disk is targeted by a specific serial number and
>reprogrammed by a series of ATA commands. For example, in the case of Seagate
>drives, we see a chain of commands: “FLUSH CACHE” (E7)→ “DOWNLOAD
>MICROCODE” (92) → “IDENTIFY DEVICE” (EC) → WRITE “LOG EXT” (3F).
>Depending on the reflashing request, there might be some unclear data
>manipulations written to the drive using “WRITE LOG EXT” (3F).
>For WD drives, there is a sub-routine searching for ARM NOP opcodes
>in read data, and then used further in following writes.
>Overall, the plugin uses a lot of undocumented, vendor-specific ATA
>commands, for the drives mentioned above as well as all the others.

Also
https://blog.kaspersky.com/equation-hdd-malware/
>To complicate things further, firmware checks and reprogramming rely on firmware itself,
>so it’s not possible to verify firmware integrity or reliably reupload firmware on a computer.
>In other words, once infected, hard drive firmware is indetectable and almost indestructible.
>It’s easier and cheaper to ditch a suspect drive and buy a new one.
>>
>Linux
problem solved
>>
>>46611911
>vendor-specific ATA commands

That's the rub right there. Even in the close-knit data recovery community, this sort of information is very hard to get one's hands on.

The drive manufacturers keep it locked away for competitive reasons, and the DR community almost always keeps it locked away because it's the fruit of years of reverse engineering and the basis of many data recovery services. The ATA spec is publicly available for a price and various versions of it float around the 'net. The VSCs are not generally available at any price.
>>
>>46611807
You would need the source code of the operating system of the hardware device.

So.. Not really, no.
>>
>>46611923
>>46611807
>>46611658
linux doesn't run on your harddisk you nubs
>>
The fanny worm? Seriously?
>>
>>46612934
0/10
>>
>>46611277
>open source hardware

GOOD LUCK LMAO
>>
>>46613978
i dont know what youre getting at. open source hardware is a real thing. pic related
>>
>>46612722
>DR community almost always keeps it locked away because it's the fruit of years of reverse engineering and the basis of many data recovery services.

Why? Why not share it with the world like the security folks do with their findings?
>>
File: botnet.png (764KB, 960x660px)
botnet.png
764KB, 960x660px
you realize this shit has been happening since they e-vented eeproms, right?
>>
File: 1421528594320.jpg (22KB, 270x271px)
1421528594320.jpg
22KB, 270x271px
>>46614034
>that fucking image
>>
>>46614034
That gril looks stupid
>>
Oh cmon, you guys didn't read any of the stuff snowden put out did you?

Nothing new here.
Shit is known for more than a year now.
>>
>>46614018
My cynical side's honest answer: DR folks don't like to share because if you could do it yourself, they couldn't charge $500-5000 for data recovery.

The industry's honest answer: It's almost the same logic as /g/ isn't your personal tech support. When my car's fucked up, I take it to a mechanic. I could probably fix my own brakes. But if I fuck that up, I die. So I leave my car there and it's fixed like magic. He has a sign over his garage that reads "Shop time: $80/hr, $90/hr if you watch, $100/hr if you tried to fix it first."

The DR folks have a valid point in that while most of us on /g/ could figure out how to hook up a serial port converter to a Seagate 7200.1 drive to fix the BSY problem ( http://www.msfn.org/board/topic/133604-seagate-720010-hdds-how-to-fix-bsy-state-too/ ), 99% of their customers would fuck up the soldering, short +12V to GND, and otherwise permanently fuck up their drives in the process.

True honest answer: The DR community is slowly coming around to a pretty sensible middle ground. If you're willing to put some time into it and figure shit out, people in the community are willing to help. I'm not going to get into the catfight between hddguru.com and the nascent community working in the open at malthus.mooo.com - I'm just going to say that both sites (and whatever you can crunch through Google Translate because most of the R&D is being done in Eastern Europe) are invaluable resources for those of us who have backups, don't give a damn about getting the data back from the drives we've retired for bad sectors or wiped drives we pulled out of the trash bin at work, we just wanna know how our hard drives actually work under the hood.
>>
All the more reason to use Tails.
>>
>>46614587
Yeah I'm mostly just curious myself. Throwing out some random info like reverse-engineered hard drive communication protocols somewhere on the internet is only going to benefit folks like me, who are already acquainted with tech in general and enjoy reading for curiosity's sake.
>>
>>46611807
So that's why they were gathering all those names for people who use Linux.
/conspiracy
>>
>>46614273
>Oh cmon, you guys didn't read any of the stuff snowden put out did you?
>We can all just read things given to Glen Greenwald
Okay
>>
>>46614679
Me too, Anon. Felt like a god the first time I got MHDD to talk to a drive, even if it was just getting it to run the ID command and scan to see how fast various bits of the drive would read.

Part of the problem is that the open community doesn't have firmware module dumps of a wide range of hardware.

Another part of the problem is that even the open part of the community presumes a lot of knowldege. Drives are referred to by their manufacturer and vendor-internal codenames. Sorta like how a norm might call his CPU an "Intel" and might know now many cores he has, we might call it an "i7-[number]" and know exactly what chip we're buying, but these guys skip the numbers and just talk about "Bloomfield, Sandy Bridge, or Haswell, and which stepping?" because it's less important the model number on the outside of the drive ("WD green/blue/black") and more important what's written on the firmware/controller ("Mars/Jupiter/Pluto/Dragon/Atlantis...") level
>>
Report shows that hardware is just as vulnerable as any piece of software out there. Also literally MITM attacks. Inserting fake demo CDs that are given out at conference to infect certain computers...just wow
>>
>>46615410
/g/ was all over it, you really didn't see the uproar? The threads talking about what manufacturers can be trusted?
>>
>>46616559
Completely missed it but for curiosity sakes, how much of it was of the following?

>hurr
>seagate
>samsung
>botnet

and whatever related shitposting
>>
>>46612737
That isn't the problem. The problem is that changing the firmware relies on the firmware.
>>
>>46616710
According to the report, even verification of the firmware making sure it's valid is done through the firmware itself. So basically once the drive is infected, you might as well chuck it and start again
>>
>>46611658
>ctrl f
>windows
quite a lot

Makes sense, though. No reason why the government would want to spy on neckbeard neets, since anyone that matters uses Windows.
>>
>>46616770
>making me reply to obvious b8 4/10
The platform also seems to have an OS X component. Just because Linux wasn't mentioned doesn't mean there isn't a component that works with the platforms they mentioned in the report or part of a completely different program.
>>
>>46610613
So how can one prevent this short of having their hard drive attached to a forensic write blocker (assuming those block the flashing of the firmware)? You can't just use a live CD as they could just overwrite the firmware in your CD/DVD drive instead. SD cards and flash drives are also out of the question as they also have controllers that could be flashed.
>>
>>46617026
>So how can one prevent this short of having their hard drive attached to a forensic write blocker (assuming those block the flashing of the firmware)?
Don't forget the possibility of them just flashing the firmware on your write blocker, a quick look shows companies advertising how you can update the firmware on their write blockers.
>>
>>46611277
It runs of static electricity given off by the users neckbeard
>>
>>46610743
Thanks for link.
>>
>>46610613
I thought the NSA intercepting routers was something else. Now hard drives since 2001?

Guess all that time on kazaa back in the day was a okay.
>>
>>46610613
>Do you feel safe?
Nnnnnnnope.
>>
>>46610613
So now we need open source hardware in the following categories:

CPU
HDD/SSD
Motherboard
USB firmware

Jesus Christ.
>>
>>46611303
Does this mean 2015 is definitely the year of Linux?
>>
>>46618404
Only if you have anything to hide. 2015 is the year Linux users will be sent to concentration camps for questioning
>>
>>46618397
Open source is harmful terminology.
Use free software if you mean free software.

Or do you think stallman isn't worth listening to?
>>
>>46618397
I feel like we are fucked either way. If anyone writes shitty shit for any of those platforms, then the NSA will be able to find vulnerabilities and utilize them. We are so fucked
>>
>>46618463
But we would know also instead of secrets being kept and could patch it quickly.
>>
>>46618397

Then we'll also need open-source fabs.
>>
>>46618452
He's talking about hardware retard.
>>
How hard would it be to make our own cpu and stuff? Maybe we could make one of equal power to a cpu from the mid 90s as proof of concept?
>>
>>46618516
Almost impossible.
>>
>>46618516

Whoever is going to produce a new CPU design without any economical backing? And having open process specifications to boot?
At that point you might as well design an asynchronous CPU.
>>
>>46618516
RISC-V for CPU
CoreBoot for Motherboard BIOS

Harddrives have nothing yet. You'll have to use Live-CDs.
>>
>>46618561

CD readers need firmware you know.
>>
>>46618576
Or you could just run it on the ram.
>>
>>46618576
That's true, but there is a larger selection of DVD-RWs in circulation and, they can be re-flashed in ways that are not possible (yet) with hard disks.

It looks like that hard-drive manufacturers had to hand over their source code to the U.S. Government for "security audits". Hence why exploits such as these could be written for them.

Chinky no-brand DVD-RW hasn't handed anything over, and can be flashed easily.
>>
>Thanks for WubTheCaptain for donating 2x4TB WD Black disks!
>>
Fuck off trolls and shills we need to have a serious conversation.

If the NSA has the ATA commands and can modify the firmware it doesn't matter what OS you're running right? All the people saying linux is the answer explain yourself. I'm not a comp sci major or anything but to me it seems like we're essentially screwed.

I imagine SSDs are no better off. Who knows what kind of modifications could be made to controllers and firmware on those.
>>
Does the hhd and stuff stallman uses been compromised yet?
>>
>>46610613
>Do you feel safe?

In what way? Right now I don't feel specifically attacked, because I highly doubt that I'm of any interest for national intelligence agencies.
I'm pretty sure that they would immediately start spying on me if that ever changed though.
>>
>>46618728
>If the NSA has the ATA commands and can modify the firmware it doesn't matter what OS you're running right?


You need an OS and a programme to run those ATA commands, they don't apear out of fucking no where.

It would be hard to hide that in an open source software and even then you'll need the root privileges to do that.
>>
>>46616559
soo, what manufacturers can and can not be trusted?
>>
>>46618516
http://opencores.org/or1k/Main_Page

>>46618536
http://opencores.org/or1k/Main_Page

>>46618557
http://opencores.org/or1k/Main_Page
>>
>>46616559
majority of that uproar was just sensationalism
>>
G-g-guys, what if encrypt the whole drive? How the fuck are they going to have access to any data then?
>>
>>46619940
The data on your drive is not encrypted at some point.
>>
>>46610613
can they do anything if i encrypted whole disk with linux?
>>
>>46619951
its encrypted in ram by OS, data written to hdd is fully encrypted
>>
I know you can install an OS on a RAMdisk, but is it also possible to install it on VRAM, since modern Graphic Cards have already 4GB (or 3.5) VRAM?
>>
kek.
>>
Correct me if I'm wrong, but this is an issue only when connected to a wireless source, right? they couldn't get to the "backdoor" if my connections were off?
>>
>>46618397
You're also going to have to remove the ability to update the firmware.
>>
>>46618911
you think he re flashed his HDDs after reading this?
>>
ITT: people making wild assumptions.

Thanks to OP for sharing, and anon a couple posts down about the FAQ. Very interesting and informative read.

To those who are spewing 'muh FOSS', there are, have been, and always will be zero-day exploits for software. A bug is a bug until it is patched, big or small. Assume you are not safe, and take the best precautions with apps like NoScript, as well as robust firewall configurations to prevent people from getting in, in the first place.

Not that it's fool-proof, but at least you tried. RIP
>>
>>46619550
but you can block any ATA flash command from the kernel, making it impossible even for root user
>>
>>46621371
Exactly
Not than i know how, just saying that having a malicious software to flash your HDD is way more likely to happen on windows then linux
>>
>>46620544
its obvious that using FOS software is much safer and more secure than using prorietary shit.

using a non-foss operating system is retarded
>>
>Another example is a Trojanized Oracle installation CD that contains
an EQUATIONLASER Trojan dropper alongside the Oracle installer

Wow.
>>
This is why we must support Daesh.
>>
>>46621867
enjoy being put on a drone kill list i guess
>>
>>46621877
>Implying everyone who visits 4chan isn't on it already for dissidence
>>
>>46611911
Well, how can you even suspect a HDD is infected if you have no way of knowing whether the firmware is compromised or not? The infected firmware can basically deny all attempts to re-write
>>
>>46621950
Low level analysis of the firmware
>>
>>46610613
>Do you feel safe?

No, but then again they don't care about me but still someone might find some exploit and abuse it, corporations abusing corporations (stealing data exc,) journalist's in trouble, alternative groups in various countries fighting for resistance, user related cracking it never ends.

I'm just going to change the way I use my computer (invest in VPN, Linux, encryption exc.) and boycott all USA brand name goods.

Don't care if other manufacturers that have that are in bed with the NSA at least I'm not giving money to USA.
>>
So presumably older/more esoteric systems like amiga, PPC, etc would be outside of this yeah?
>>
How difficult would it be to find/develop/jerryrig an alternative to HDDs and NAND flash drives? Are tape drives vulnerable?
>>
It's not that hard to hack a HDD's firmware. This guy reverse engineered it to insert a vulnerability in his spare time with NO DOCUMENTATION using a $30 JTAG board.

http://spritesmods.com/?art=hddhack

If some random guy can do all this, imagine what a nation-state can do.
>>
>>46622373
Security through obscurity should work with this,at least for a little while, but as more processing power becomes needed you will have to move to newer systems that will be vulnerable.

>>46622754
Anything where the drive firmware can be updated directly from the computer is vulnerable. Thinkpads have had CD drives where the firmware was flashable back to at least 2001.

>>46622790
Especially when that nation state can get a hold of the firmware directly from the manufacturer instead of having to reverse engineer it.
>>
>>46610613
from what I've read this firmware backdoor looks for a presence of a magic string. then it injects code onto a NTFS partition.

So if you have whole disk encryption and a backup copy of your MBR... you're safe. They might be able to do damage to your computer, but they wouldn't be able to siphon off your data.
>>
>>46610613
Dont want to make bread for this dumb question help me out /g/. I found same desktop at work that i have at home mine has i5 this one has i7 can i swap cpu's or is the i5 cpu fan too weak for i7 giving me heat problems
>>
>>46622908
Need this answered pls
>>
>>46619940
>>46619974
What if the malware just waits running in the background and intercepts your encryption key, then gives it to the modified firmware before writing the modified firmware to the hard drive. If one was to format the hard drive they could then possibly load a small virus that could intercept your new encryption key before the drive is encrypted (if you were to change it), then send it back to modified firmware. The only way around this would be to regularly format your hard drive and change the encryption key, then make sure everything that will be written to the hard drive is encrypted before it ever touches the hard drive.
>>
>>4662290
Pls respond/g/
>>
>>46622978
don't steal from you work you stinky thief
>>
>>46623047
It was going to be dismantled and scrapped you nigger
>>
>Companies embedding vulnerabilities into the firmware.

What the fuck, guys.
You're not the only ones who can exploit these things, you know.
>>
>Still using hard drives in 2015

b-b-but muh placebo

Serves you right you dumb niggers. We told you the benefits of SSD for half a decade now and you refused to give up your anime collections. Well look what happened now. You're part of the botnet.
>>
>>46622908
Answer this fellas
>>
>>46623086
This isn't companies embedding vulnerabilities in the firmware, any piece of computer hardware that can have the firmware flashed while hooked up to the computer (as opposed to requiring a special connector that is separate from the components normal connections) is vulnerable.
>>
>Companies enforce signed firmware

MUH FREEDOM

>Companies don't enforce signed firmware

MUH FREEDOM

Can't win with you fuckers.
>>
>>46622908
fuck off cunt

>>46622978
fuck off you stupid cunt

>>46623113
no and go fuck yourself you dumb little cunt bitch faggot fuck off
>>
>>46622908
/g/ has failed me
>>
>>46623139
>companies use foss firmware on their devices
and we have a winrar
>>
>>46623145
Why you mad though
>>
>>46623110
>implying SSDs don't have firmware that can be flashed from the computer that they are hooked up to
>>
>>46623153
>it's the other way around
>>
>>46610613
>Putin's backdoor programmed to Kaspersky antivirus
Do you feel safe?
>>
>>46623139
Or you publish the firmware source code and allow us to manage our own computers.
>>
>>46623171
Apparently/g/ doesnt know shit or my question would be answered and i would have fucked off by now
>>
>The classes supported are:
>• “WDC WD”, <Western Digital Technologies Inc> additional vendor specific
>checks used
>• “ST”, “Maxtor STM”, “SEAGATE ST”, <Seagate Technology>
>• “SAMSUNG”, <SAMSUNG ELECTRONICS CO., LTD.>
>• “WDC WD”, <Western Digital Technologies, Inc.> additional vendor specific
>checks used
>• <HGST a Western Digital Company>, “IC”, “IBM”, “Hitachi”, “HTS”, “HTE”,
>“HDS”, “HDT”, “ExcelStor”
>• “Max”, “Maxtor STM”
>• <MICRON TECHNOLOGY, INC.>, “C300”, “M4”
>• <HGST a Western Digital Company>, <TOSHIBA CORPORATION>
>• “OCZ”, “OWC”, “Corsair”, “Mushkin” additional vendor specific checks used
>• <Samsung Electronics Co., Ltd., Storage System Division>, <Seagate
>Technology>, <SAMSUNG ELECTRONICS CO., LTD.> +additional checks
>• <TOSHIBA CORPORATION COMPUTER DIVISION>, “TOSHIBA M” +checks
>• <Seagate Technology>, “ST

So are there any HDD companies that aren't on the list? Or any open-firmware/open-hardware HDDs commercially available?
>>
>>46623145
>>46623171
Ignore him you dumbasses, then he'll go away.
>>
>>46610743
DOUBLE FANTASY
TRIPLE [email protected]
>>
>>46623165
how did you even find your way to /g/?

run along little retard
>>
>>46623208
Calls me the retard, can't even answer question
>>
>Hackers exploit up to ten thousand systems with HDD firmware
becomes
>Hackers with ties to NSA exploit HDD firmware
becomes
>NSA exploiting HDD firmware
becomes
>HDDs shipping with NSA backdoor in firmware

Conspiracy theorists don't realize they're alienating the public by embellishing fact with fiction.
>>
>>46623184
k
will you go away now?
>>
So what's being said is that the government has access to all the files of everyone in the world using a hard drive that's semi-recent. If that's the case, how are they still cracking down on child porn rings one by one if they in theory know exactly who has it? Why go through all the trouble of setting up a sting operation on the Silk Road guy if they already had all his data in the first place? What about all those servers out there that are still hosting illegal data? It's hard to believe they're ALL using specialty drives that are 5 years old.

I can see the NSA bugging hard drives in a case-by-case basis, put to say that every hard drive is a privacy threat just seems a bit too far-fetched.
>>
>>46623234
Not until my question is answered, then i fuck off to /o/
>>
>>46623245

Read the article. It's not a widespread mass infiltration of all HDDs on the market. It's an exploit aimed at high profile targets for now.

>Since 2001, the Equation group has been busy infecting thousands, or perhaps even tens of thousands of victims in more than 30 countries worldwide, covering the following sectors: Government and diplomatic institutions, Telecommunications, Aerospace, Energy, Nuclear research, Oil and Gas, Military, Nanotechnology, Islamic activists and scholars, Mass media, Transportation, Financial institutions and companies developing encryption technologies.

They don't even have concrete evidence it's on more than ten thousand machines in the world.
>>
>>46623260
>>46622908

It's a slippery slope helping with tech support on /g/, but I'll throw you a bone.

i5 and i7 are cooled by identical systems. You can interchange an i5 fan with an i7 fan and notice no difference in temperature. I won't lecture you on thievery as it's none of my business, but there shouldn't be an issue with heating if that's your only concern.
>>
>>46623245
>implying they aren't using this to put large libraries of undeletable child prons on the computers of dissidents, and choosing to bring down child pron rings down immediately after that and having a few of said dissidents thrown in with the child pron ring
>>
>>46623316
Thank you, and pc was going to get scrapped, cpu might not even work. Now i fuck off.
>>
>>46623316
hopefully he believes you and actually tries it
>>
>>46616559
Do you even know what's going on? This isn't the NSA planting backdoors by paying sketchy manufacturers, this is a case of advanced hackers rewriting the firmware on hard drives.
>>
>>46623295
Better stock up on hard drives before this spreads to all of them.
>>
>>46623295
>Read the article.
b-but muh hysteria
>>
>>46623405

This is how conspiratards usually operate.
>EVERYTHING IS FUCKED
actually only some things are fucked
>EVERYTHING WILL BE FUCKED
there's no reason to believe that
>THE FACT THAT I BELIEVE EVERYTHING COULD BE FUCKED IS PROOF THINGS ARE FUCKED

Anything to confirm their preconceived notions.
>>
>>46619883
>updated: 2012
>license: LGPL
dropped
>>
>>46621950
>>46621984
Even if you detect it, you can't necessarily fix it because the firmware can simply refuse to write itself.
>>
>>46622052
Once again, this has nothing to do with the NSA. Why are there so many idiots on this board that start spewing uneducated sensationalism at the first whiff of something bad? Yeah, this is bad, but there's no reason to associate it with as many buzz words as you can.
>>
>>46623214
>is retarded
>acts retarded
>>
>>46623468
>implying any of that is negatives
>>
Since I work with hard drive forensics kit, I'm quite curious to see if I could prod this potential 'backdoor' and see what happens. I don't find it particularly likely to work like it does, especially not on Seagates which require extra hardware to read through Terminal. Hitachi and WD though, you could probably fuck around with those a bit since they're quite easy to prod over regular SATA.
>>
So, I was wondering:
What is the giant hurdle that is stopping a company from starting an open source hardware company. I'm sure that many companies would switch to some backdoor free products if they are proven to be a stable and affordable alternative.
I assume that it is very difficult to develop open drivers and get in touch with production that is willing to work under that license but it sounds like a good business opportunity after all these recent happenings
>>
>>46618516
you already have the Longsoon
>>
i made the mistake of buying a seagate so i'm probably fucked either way
>>
>>46624334
...you have to be retarded or something. This does not deal with a backdoor in the hard drive firmware, this has to deal with the simple fact that it is possible to flash the hard drive firmware from the computer that it is being used with. Going to standardized open source hard drive firmware without getting rid of the ability to flash the firmware from the computer will make computers more vulnerable as the standardized open source firmware will allow an average Joe hacker to simply make some modifications to the standardized open source firmware (as opposed to having to reverse engineer the firmware of every hard drive they wanted to infect) and use a script that he downloaded off the internet to flash it to various the hard drives of various computers that he accessed.
>>
>>46624493
the problem is that drives are being shipped with backdoors from manufacturers which were meant to be trusted
>>
>>46624470
Longsoon is NOT an open source CPU.

An open source CPU is one which the schematics of the hardware have been released. Of all mass-produced CPUs, only UltraSPARC T1 and UltraSPARC T2 fall into this category
>>
>>46624689
Really? I thought the Yeelong boasted no proprietary blobs (Longsoon based)
>>
>>46622052
If there is one thing people seem to forget, its that most backdoors can also be exploited by just about anyone who has the knowledge, not just the NSA
>>
>>46623190
Didn't even know there were that many HDD manufacturers. The only ones that probably arnt on there are little known shoddy Chinese ones which probably fail in less than a year
>>
File: 1424214577277.jpg (44KB, 345x224px)
1424214577277.jpg
44KB, 345x224px
>>46610613
Yes, I feel safe knowing the government is protecting me. You're not a terrorist are you?
>>
>>46623114
I wonder why companies don't offer some kind of secure option to flash firmware only through a special connector or device. Even though it wouldn't really apply to the average user, I would think it would be of interest to corporations.

Flashing the firmware through the PC itself definitely opens it to attack
>>
>>46623180
I've always wondered how kaspersky is able to be taken seriously despite being basedbout of Russia and ran by a former member of the KGB.
>>
>>46623190
>So are there any HDD companies that aren't on the list?

Quantum, though I don't think they made drives bigger than 10-20gb.

Plextor isn't there on what you quoted either, but I'm not sure if they ID drives as their own since they just rebrand everything nowadays.
>>
>>46625087
Before this no one ever thought it would be used in an attack because they would have to write a modified firmware for every different hard drive they wanted to infect. Being able to flash the firmware without a special connection has the advantage of allowing the company to push an update for a device instead of having to recall it if they messed up.
>>
>>46624802
it is true that there is no firmware blobs. Im not sure that in itself is particularly special. It does however enable it to fall into the definition of free and open source software

However, that does not allow it to fall into the definition of open source hardware. Similar to software, it would be considered open source if the schematics and hardware documentation were available

It would be considered free if you were allowed to use these schematics and documentation to make a derivative work or create a new product using elements from the original

UltraSPARC T1 and T2 CPUs are free and open source hardware CPUs
>>
>>46624493
you have an obvious lack of understanding on the subject. please do not comment further

>>46624334
there are open source hardware companies. Theyre just not as popular as software ones. Here is a piece of open source hardware which can be bought and that I own:

http://en.wikipedia.org/wiki/Bus_Pirate

It is a chip flasher, and could be used to manually flash firmware chips. It interfaces with a program called flashrom, which is an FOSS program which runs on Linux. This could be used to do exactly what you are talking about; the drive could not be able to be flashed unless doing it manually with a chip flasher
>>
>>46616770
Which is ironic considering the criminals are running hardened Linux, Unix, and obscure os boxes.

Anyone doing true criminal intent wouldn't be using NSA opened, back doored, insecure, closed windows or osx. Unless you're a sheep script kiddie.

All the NSA is really doing is attacking the most popular os to spy on its citizens and using it tell congress this is why they need their multi billion dollar salary to attack teh terroiztz!!!!!!!
>>
>>46610743
This is fucking terrifying
>>
>>46626124
Please tell me how that idea would make hard drives less hackable rather than more. You want to move from requiring someone to reverse engineer the code for every hard drive they want to be able to hack to having standardized firmware that they don't have to reverse engineer which would allow someone to write the code once and easily port it to a range of hard drives, all while doing nothing to address the original vulnerability.
>>
>>46626201
Exactly.

Who would want to run a closed source, back doored, insecure, used by everyone including atms os to hide their top secret shit and use as their primary os?

That's like building a bomb and keeping your door wide open for everyone can see.
>>
>>46626201
>One such incident involved targeting participants at a scientific conference
in Houston. Upon returning home, some of the participants received by mail a copy of
the conference proceedings, together with a slideshow including various conference
materials. The [compromised ?] CD-ROM used autorun.inf to execute an installer
that began by attempting to escalate privileges using two known EQUATION group
exploits. Next, it attempted to run the group’s DOUBLEFANTASY implant and install
it onto the victim’s machine. The exact method by which these CDs were interdicted
is unknown. We do not believe the conference organizers did this on purpose. At the
same time, the super-rare DOUBLEFANTASY malware, together with its installer with
two zero-day exploits, don’t end up on a CD by accident.

I'd argue it's more than that. But yeah, not necessarily going after the terrorists.
>>
>>46626315
Citizens are the terrorist. The NSA will always need someone to attack to keep their funding.

They have to fight off the "homegrown" terrorist and plus teh terroriztzz!!!!! Are already here of course
>>
>>46610743
Woah, this is considerably worse than I thought. When I first heard of this I assumed they were installing into the HDD firmware by planting their code at the factories. They've got an exploit that actually flashes whatever HDD you're using at the time in your computer (as long as it's one of the ones they're compatible with, and it's compatible with most options).
>>
>>46626368
Only way this could work on Linux is a root exploit or the user doing it themselves.

Or them breaking into a repo and merging it into a common package secretly. Signing and checksums can take care of this, unless they use a exploit to get around it.
>>
So they've had this for that long and haven't bothered busting people with CP on their shit.
>>
>>46626413
They used it for the fappening.
>>
>>46626351
Terrorists have nothing to do with it. Look who they're going after:

>Victims generally fall into the following categories:
>Governments and diplomatic institutions
>Telecommunication
>Aerospace
>Energy
>Nuclear research
>Oil and gas
>Military
>Nanotechnology
>Islamic activists and scholars
>Mass media
>Transportation
>Financial institutions
>Companies developing cryptographic technologies

That's what I'd put on my supervillian "make sure to know as much as possible/control all these things" list.
>>
>>46626436
They use terrorist as the the reasoning
>>
>>46626411
In one case they were using a known vulnerability inside a signed dll to escalate privileges. Granted, that was Windows, but the same could occur in Linux. Given the level of sophistication shown, I'd really, really question the theory that Linux is safe
>>
>>46626413
See >>46623335
>>
>>46626475
Linux isn't safe, its just more safe since almost everything around Linux is oss. People are always auditing / looking at the code. Always forking it. New things coming in to replace previous stuff. Well, that's the idea.

Like the op you quoted said, a exploit can do it too.
>>
>>46626505
Mac is open source and there's evidence OSX has been compromised. It doesn't have near the constant eyes on it that Linux does though.
>>
>>46626492
O_O That actually makes a lot of sense.
>>
>>46626276
you seem like you are not familiar with open source software at all. I suggest reading up on comparisons of security, stability, and bugs of open source software vs closed. it should answer your question
>>
>>46626711
I am familiar with open source software, I'm wondering why you think that just moving to open source software without patching the security hole that made this hack possible will help anything. Especially when what keeps the average hacker from being able to exploit this is how many drives they would have to write new firmware for considering each drive uses it's own proprietary firmware. Moving all hard drives to one open source firmware without patching this security hole will result in more people being able to exploit this, not less.
>>
>>46626505
You mean how openssl, one of the most important security related OSS projects, was audited? And how they found that horribly stupid bug by looking at the code?
(protip: they didn't)

The 'many eyes' theory of open source is a myth, nothing else.
>>
Would running your storage setup in RAID0 help make it more difficult for "them" to spy on us?
I don't fully understand what they're doing, but from what I think I understand, they're using the firmware to install software onto the computer on an OS level, or they're sending info from the harddrive back to themselves.. or something like that?
So if you setup your comp with a raid 0 setup, it would be obfuscating the data since they're only receiving every other, third, fourth, fifth, or however many drives you have setup, bits, right?
I'm pretty stupid when it comes to this stuff, but I figured this is probably the best place to ask
>>
>>46626525
>Mac is open source
no, no it is not
>>
>>46626815
And how do you fix a bug when you dont have access to the source code?

bugs and security holes get found and fixed a lot faster on open source software
>>
>>46627162
Except the main way to fix this security hole is to remove the ability to flash the firmware from the computer without a special connector. That would be new hardware that would be required, not open source firmware.
>>
>>46627214
and then all future security problems in the firmware are more difficult to fix; good job
>>
>>46627336
Or you could just use a USB programing cable when you need to upgrade the firmware.
>>
>>46626815
>It's not better because the code comes out of the "womb" perfectly formed and ready to take on the world. No, it's better precisely because its transparency and availability makes bugs far easier to find and fix.
>>
>>46627389
I dont particularly care if the firmware is made to be unmodifiable through the operating system

what does bother me is the firmware being closed-source
>>
>>46627435
I agree that it would be better if firmware was open source. I just have a problem with people claiming that simply moving to open source firmware would fix this while completely ignoring the security hole that made this possible.
>>
>>46625087
Why not a write lock ala floppy disks and some usb drives?
You want to flah the firmware? Make sure to toggle it into write mode first.
No need for a separate connector or device imo
>>
>>46627474
youre suggestion does not apply to drives that are already produced, while switching to a FOSS firmware does

also, you seem to be suggesting that the mere ability to update firmware through your oerating system is a security hole, but it isnt
>>
>>46610613
>inb4:
RLL
MFM

disk controllers and dumb drives.
>>
>>46627624
>MFM
what do threesomes have to do with anything?

but seriously what are those acronyms for?
>>
>>46627522
The problem is smart people now days using software write protect instead of hardware write protect (like in SD cards and the flash drives that offer it).

>>46627544
>youre suggestion does not apply to drives that are already produced, while switching to a FOSS firmware does
My suggestion would fix the problem of malware getting put on the hard drive controller, switching to FOSS firmware doesn't.

>also, you seem to be suggesting that the mere ability to update firmware through your oerating system is a security hole, but it isnt
>something that makes a system less secure and can't be disabled isn't a security hole
http://www.businessdictionary.com/definition/security-hole.html
Thread posts: 187
Thread images: 9


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.