Main Area and Open Discussion > Living Room
Destroying your hard drive is the only way to stop this super-advanced malware
SeraphimLabs:
A hardware jumper to enable any firmware flashing seems like a great idea for all devices.
-mouser (February 26, 2015, 12:57 PM)
--- End quote ---
hey! I like that!
-superboyac (February 26, 2015, 05:01 PM)
--- End quote ---
I did too initially, but I don't think it will scale well for data centers that have (SAN) racks full of drives that would then need to be physically touched.
-Stoic Joker (February 26, 2015, 06:18 PM)
--- End quote ---
The way I learned IT stuff, you don't upgrade any sort of firmware unless you either have issues to be corrected or are trying to add new features.
A data center would probably not be upgrading hard drive firmware in the first place unless they had a bad batch of drives that came through bugged, and such machines would likely already have had their drives exchanged for bug-free versions to maintain uptime.
Having a jumper setting to enable/disable firmware updates would provide containment for such malware and would prevent fully automated malware from installing exploits at that level because the typical user would not ever open the case let alone move the jumper to install the update.
It would not protect against intentional sabotage or a technician unknowingly installing a bugged update.
bit:
^I reread and very much appreciate everyone's technical comments, what little I could understand.
Yes, it is very worrisome.
Renegade:
I've seen reports of firmware deliveries being intercepted en-route and physically modded with spyware.
-bit (February 27, 2015, 05:22 PM)
--- End quote ---
I remember reading 2 reports, though I forget the exact details and links.
In one case, a security researcher (?) ordered a drive through Amazon (?), and tracked the shipping as it was routed across the country to some place in Virginia (?) (which has an army base or intelligence service), and then back over to the person. I'm fuzzy on the details, but that was the gist.
Does anyone have links? Or remember the details?
bit:
Historical political cartoon.
The headband of the woman says 'Press'.
Today it might say 'Internet'.
I fully appreciate comments about the technical difficulty of rooting out the implanted malware.
This addresses the political side of the same situation.
This historic political cartoon shows that this kind of corruption and shady deals in high places is nothing new, and highlights the efficacy of (then) the Press, and (now) the Internet, to expose it to the light of day.
It also ennobles those exposing ethical wrongdoing as a just and time-honored pursuit, and shows that the miscreants involved do not like being exposed, and fear exposure for good reason.
(gets off soap box)
bit:
Are Your Computer Devices Hardwired for Betrayal?
"How Do We Fix It?
1. Firmware must be properly audited.....
2. Firmware updates must be signed......
3. We need a mechanism for verifying the integrity of installed firmware......."
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version