My Take on Hard Drive Hacks and the Pervasive Backdoor

By _Elliptic's Blog

February 27, 2015

After reading this informative article, "How hackers could attack hard drives to create a pervasive backdoor", how firmware is vulnerable to modification in devices we use everyday in our daily routines. It's not just back-doors but any modification at all is a major flaw in today's consumer electronics. These devices have no "root of trust", no reason to trust that the device will operate as designed. Still, we put far too much implicit trust on these devices to behave in our best interest. What if they don't?

For example, we expect hard drives to store and retrieve the data stored on them in a reliable fashion. Not to spy on us, or collect on a region of the disk siphoned personal data, or even worse, to encrypt our entire drive after it's 80% full and active. Ransom-ware attacks typically send the encryption key to the attackers who will demand money from the victim to be placed in an anonymous bitcoin wallets or your data will stay encrypted.

Virus scanners don't scan firmware, nor can they authenticate any particular version of firmware for any device nor do we expect them to update the firmware in a secure manner.