Stories
Slash Boxes
Comments

SoylentNews is people

Hacking Hard Drive Firmware

posted by janrinok on Saturday November 29 2014, @03:22PM   Printer-friendly
from the old-school-hacking dept.

novak writes:

I ran across this article from last year again and it got me thinking. The article is a story about how a hardware hacker was able to hack hard drive firmware, first to upload his own firmware, but also to take advantage of the embedded controller, and even install linux on the controller. If you haven't read it it's fairly impressive. [Ed's Comment: I would go further and say that it is a amazing piece of hacking, in the traditional meaning of the word.]

It seems that lately there have been a lot of vulnerabilities targeting embedded peripherals. Those in the article come to mind, also badUSB, and some IPMI vulnerabilities.

What do you think? Are the number of attack vectors targeting embedded peripherals a consequence of more powerful controllers? Worse software? More sophisticated attackers? Or just a random occurrence?

 
This discussion has been archived. No new comments can be posted.
Hacking Hard Drive Firmware | Log In/Create an Account | Top | 31 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Saturday November 29 2014, @09:14PM

    by Anonymous Coward on Saturday November 29 2014, @09:14PM (#121165)

    i think real innovation comes in waves.
    sure, stuff "gets better" with each new model bu the big steps are leaps and they
    happen when the hardware and software used to build (mostly) hardware is deemed "old".
    now the manufacturers actually uses new stuff to make new stuff and this i consider such a leap;
    inbetween ... well ... they added more platters or made the display bigger or added more cores or such.
    -
    as for remote management "ease", people working in this field have a lucrative and secure job but,
    blame it on "humanness", want it to be even less work and as long as people are hoodwinked
    by centralized domain name system and generally "dumbed" down they will have a job forever managing
    other peoples data on their .. farms .. in ... the .. cloud.

    firmware stuff should be hard as hell to update else we are just opening the door (or giving a free pass)
    for manufacturers to become sloppy.

    then again it doesn't take a genius to see that "five eyes" will come in their pants (regularly) if updating firmware "thru
    the network" becomes the norm and a monthly thing.

    on the other hand: i wonder what they will call the people in a few years time that provide a service that
    can un-officially make historical personal data disappear from the future facebook or instagram or twitter or ...