Stories
Slash Boxes
Comments

SoylentNews is people

Hacking Hard Drive Firmware

posted by janrinok on Saturday November 29 2014, @03:22PM   Printer-friendly
from the old-school-hacking dept.

novak writes:

I ran across this article from last year again and it got me thinking. The article is a story about how a hardware hacker was able to hack hard drive firmware, first to upload his own firmware, but also to take advantage of the embedded controller, and even install linux on the controller. If you haven't read it it's fairly impressive. [Ed's Comment: I would go further and say that it is a amazing piece of hacking, in the traditional meaning of the word.]

It seems that lately there have been a lot of vulnerabilities targeting embedded peripherals. Those in the article come to mind, also badUSB, and some IPMI vulnerabilities.

What do you think? Are the number of attack vectors targeting embedded peripherals a consequence of more powerful controllers? Worse software? More sophisticated attackers? Or just a random occurrence?

 
This discussion has been archived. No new comments can be posted.
Hacking Hard Drive Firmware | Log In/Create an Account | Top | 31 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by sjames on Saturday November 29 2014, @08:52PM

    by sjames (2882) on Saturday November 29 2014, @08:52PM (#121163) Journal

    Bricking is a big part of the problem. When a brick is a potential outcome, the testing must be more rigorous and so expensive and the justification to ignore updates grows larger. It is quite possible to make sure bricks can't happen, but most manufacturers fail miserably at it.

    On servers, let the BMC flash the main BIOS and let the OS flash the BMC (when a jumper is set).

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2