some light reading on the topic of HD firmware backdoors: http://www.s3.eurecom.fr/docs/acsac13_zaddach.pdf
On Tue, Feb 17, 2015 at 9:28 AM, Russell Senior <[email protected]> wrote: >>>>>> "Michael" == Michael Rasmussen <[email protected]> writes: > > Michael> Or so reports Kaspersky. > Michael> > http://www.thestar.com/business/2015/02/17/us-can-permanently-spy-on-sabotage-foreign-computers-kaspersky-lab-report-says.html > > One thing the articles about this problem keep saying and which doesn't > make complete sense is that "this infection is immune to removal". > There is a method to get the infection into spare sectors and into > firmware, which seems to me to mean that there *is* a way to see those > raw sectors and/or firmware in a such a way as to a) see what's there; > and b) remodify the firmware. > > It might be that if you are dependent on the firmware to inspect or > replace the firmware, then the infected firmware could just lie to you > in order to hide itself. In which case, these devices really need to > have some offline way of inspecting their flash sufficient to generate > dumps and checksums to verify they are running what you think they are > running. > > What tools currently exist on linux to inspect the hard disk firmware? > I recall updating some hard disk firmware (several years ago), but > perhaps using a vendor supplied freedos-based software kit. > > > -- > Russell Senior, President > [email protected] > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
