http://arstechnica.com/information-technology/2015/02/how-hackers-could-attack-hard-drives-to-create-a-pervasive-backdoor/
By Sean Gallagher
Ars Technica
Feb 18, 2015
News that a hacking group within or associated with the National Security
Agency compromised the firmware of hard drive controllers from a number of
manufacturers as part of a 14-year cyber-espionage campaign has led some
to believe that the manufacturers were somehow complicit in the
hacking—either by providing source code to controller firmware or other
technical support. But it's long been established that hard drive
controllers can be relatively easily reverse-engineered without any help
from manufacturers—at least, without intentional help.
Despite keeping hardware controller chip information closed, hard drive
manufacturers' use of standard debugging interfaces makes it relatively
simple to dump their firmware and figure out how it works—even inserting
malicious code that can trigger specific behaviors when files are
accessed. Reverse-engineering it to the point of creating a stable
alternative set of firmware for multiple vendors' hard disk controllers
that also includes persistent malware, however, is a significant feat of
software development that only the most well-funded attacker could likely
pull off on the scale that the "Equation group" achieved.
Hard drive controller boards are essentially small embedded computers unto
themselves—they have onboard memory, Flash ROM storage, and a controller
chip that is essentially a custom CPU (usually based on the ARM
architecture). They also generally have diagnostic serial ports, or other
interfaces on the board, including some based on the JTAG board debugging
interface. Using software such as Open On Chip Debugger (OpenOCD), you can
even dump the "bootstrap" firmware from the controller and analyze it with
an ARM disassembler.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
