Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
The Equation Group-Deadliest Security Threat Ever
#1
http://www.kaspersky.com/about/news/viru...-Espionage
HOLY SHIT.
Quote:GReAT has been able to recover two modules which allow reprogramming of the hard drive firmware of more than a dozen of the popular HDD brands. This is perhaps the most powerful tool in the Equation group’s arsenal and the first known malware capable of infecting the hard drives.

By reprogramming the hard drive firmware (i.e. rewriting the hard drive’s operating system), the group achieves two purposes:

An extreme level of persistence that helps to survive disk formatting and OS reinstallation. If the malware gets into the firmware, it is available to “resurrect” itself forever. It may prevent the deletion of a certain disk sector or substitute it with a malicious one during system boot.
“Another dangerous thing is that once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. It means that we are practically blind, and cannot detect hard drives that have been infected by this malware” – warns Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab.
The ability to create an invisible, persistent area hidden inside the hard drive. It is used to save exfiltrated information which can be later retrieved by the attackers. Also, in some cases it may help the group to crack the encryption: “Taking into account the fact that their GrayFish implant is active from the very boot of the system, they have the ability to capture the encryption password and save it into this hidden area,” explains Costin Raiu.
Valve hater, Nintendo hater, Microsoft defender, AMD hater, Google Fiber hater, 4K lover, net neutrality lover.
Reply
#2
And now, any news post about this will contain unsubstantiated accusations that the NSA is behind this.

Just fucking look at this. Nowhere does Kapersky even mention the NSA, but TPU is putting words into their mouth: http://www.techpowerup.com/209925/nsa-hi...mware.html
Valve hater, Nintendo hater, Microsoft defender, AMD hater, Google Fiber hater, 4K lover, net neutrality lover.
Reply
#3
I don't even see why firmware on things like hard drives should be flashable (except to allow lazy coders to ship half-baked code initially and try to patch it later on).

The hard drive firmware should be in a chip that uses a ROM mask to store the data, or at the very least there should be a jumper on the board that enables access to the erase/write/flash/reprogram function of the eeprom/flash memory, with the default/factory shipped state of the jumper being disabled write access.
Adam knew he should have bought a PC but Eve fell for the marketing hype.

Homeopathy is what happened when snake oil salesmen discovered that water is cheaper than snake oil.

The reason they call it the American Dream is because you have to be asleep to believe it. -- George Carlin
Reply
#4
(02-17-2015, 10:04 PM)SteelCrysis Wrote: And now, any news post about this will contain unsubstantiated accusations that the NSA is behind this.


Just fucking look at this.  Nowhere does Kapersky even mention the NSA, but TPU is putting words into their mouth: http://www.techpowerup.com/209925/nsa-hi...mware.html

This is why nothing is fully secure. Call it whatever you may, NSA or whatever. There are holes by design and hackers eventually find them. From OSes, CPUs, to HW.

Do you remember the major USB security risk. It allowed the total demise of Iran's nuclear project just by someone pluggin in a single USB device and it took down their entire system. It was no accident, by design. This is the chineese governemt is behind the push to make their own x86 CPU,

http://www.technologyreview.com/news/410...-to-intel/

There are holes by design and eventually hackers find them. I cant say all of them are because that just isnt true. But you ever wonder why there seems to be reluctance to patch sometimes? Or shall i say, it sometimes takes a very long time to address some really major vulnerabilities. Like there is no hurry.

There are vulnerabilities built in by design but it goes way back to the earliest days of computing.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)