SoylentNews is people
SoylentNews
I ran across this article from last year again and it got me thinking. The article is a story about how a hardware hacker was able to hack hard drive firmware, first to upload his own firmware, but also to take advantage of the embedded controller, and even install linux on the controller. If you haven't read it it's fairly impressive. [Ed's Comment: I would go further and say that it is a amazing piece of hacking, in the traditional meaning of the word.]
It seems that lately there have been a lot of vulnerabilities targeting embedded peripherals. Those in the article come to mind, also badUSB, and some IPMI vulnerabilities.
What do you think? Are the number of attack vectors targeting embedded peripherals a consequence of more powerful controllers? Worse software? More sophisticated attackers? Or just a random occurrence?
(Score: 5, Interesting) by maxwell demon on Saturday November 29 2014, @04:27PM
That would actually a nice way to implement hidden volumes. I mean, with TrueCrypt, it is general knowledge that hidden volumes are supported. The existence of them may not be provable, but the mere installation of TrueCrypt is already a hint that hidden volumes might be present. However if you have just a stock hard disk, most people wouldn't expect hidden volumes to be even possible. If a sector reads all zeroes, then people would think it's all zeroes on the hard disk. And cloning the disk, even when removed from the original computer, would also just copy those zeroes. But thanks to hacked firmware, a secret passphrase written to a secret position in the hard disk could uncover the hidden volume, which suddenly appears where previously all those apparently blank sectors had been.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by meisterister on Saturday November 29 2014, @07:50PM
+1 this is a very interesting idea. The resources required to determine whether the hard drive even had any encrypted data would also be very expensive (if I recall correctly, services to recover data from a badly broken hard drive are in the $10k-20k range), as the controller itself would be the uncooperative part.
(May or may not have been) Posted from my K6-2, Athlon XP, or Pentium I/II/III.
(Score: 1) by Wrong Turn Ahead on Sunday November 30 2014, @05:35AM
I had a laptop hard drive recovered back in 2008 and it cost ~$1100 at the time...
(Score: 3, Interesting) by Immerman on Saturday November 29 2014, @08:10PM
You could get even trickier: Take a 4GB drive and slap a 1GB sticker on it, and have the custom firmware report sizes accordingly. BAM! 3TB of completely invisible storage capacity that could be selectively mapped onto the visible 1TB when the proper secret handshake is provided.
(Score: 1, Troll) by maxwell demon on Saturday November 29 2014, @09:19PM
I'd really be interested in the firmware update that can upgrade a 4GB drive to 4TB. That could save a lot of money when buying hard disks. ;-)
On a more serious note: When replacing the sticker, you risk generating a drive that doesn't look right (if the drive you label it as looks slightly different than the one you relabel).
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Immerman on Sunday November 30 2014, @03:04PM
Damn, how'd that slip through?
And yes, you are correct - but how many investigators are likely to notice the visual anomalies? I'm guessing looking at photo studies of the drive the label is from isn't part of the normal data extraction process. Especially if you throw a decoy Truecrypt volume on the visible portion to throw them off the track.
And if you could find a family of drives where the case/controller board/etc. are basically the same for several capacities, with only a few controller parameters tweaked to match the platters, then you could eliminate virtually all evidence. Unless they swapped the controller board itself out of general suspicion there'd be no way to tell anything was wrong.
(Score: 3, Funny) by frojack on Saturday November 29 2014, @10:46PM
Well, if you can make a 3TB drive from a 4GB drive you're already ahead of the game.
No, you are mistaken. I've always had this sig.
(Score: 2) by pixeldyne on Sunday November 30 2014, @10:46PM
That is a good idea but you'd also need to fake a new serial and product number, otherwise that would give it away. I don't think an investigator would bother with the label?
(Score: 2) by sjames on Saturday November 29 2014, @08:45PM
For bonus points, hold a write in cache as if the zeros had been overwirtten. That way it would withstand at least a cursory examination of the 'blank' areas.
For cases where loss of the data is more acceptable than having it discovered, let the write succeed and start wiping the encrypted volume.
(Score: 2) by maxwell demon on Saturday November 29 2014, @09:24PM
You could also reuse the spare sectors (used by the drive as replacement if regular sectors fail) for storing such test writes. Then it would even survive a power cycle, provided the written data doesn't exceed the spare sector capacity.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by davester666 on Sunday November 30 2014, @06:40AM
Well, you've already lost on the data, because it's in the hands of someone else, so it's gone. If the data was that important to you, you needed to find a better place to store it than you did.