SoylentNews

Hacking Hard Drive Firmware

posted by janrinok on Saturday November 29 2014, @03:22PM   
from the old-school-hacking dept.

novak writes:

I ran across this article from last year again and it got me thinking. The article is a story about how a hardware hacker was able to hack hard drive firmware, first to upload his own firmware, but also to take advantage of the embedded controller, and even install linux on the controller. If you haven't read it it's fairly impressive. [Ed's Comment: I would go further and say that it is a amazing piece of hacking, in the traditional meaning of the word.]

It seems that lately there have been a lot of vulnerabilities targeting embedded peripherals. Those in the article come to mind, also badUSB, and some IPMI vulnerabilities.

What do you think? Are the number of attack vectors targeting embedded peripherals a consequence of more powerful controllers? Worse software? More sophisticated attackers? Or just a random occurrence?

• Re:Update Mechanism (Score: 2) by Arik on Sunday November 30 2014, @03:13AM

  by Arik (4543) on Sunday November 30 2014, @03:13AM (#121201) Journal

  "It is not all Dell's fault - in a sane world, ESXi would natively support linux bin firmware installers or work with the manufacturers to provide a consistent API for flashing firmware so they could produce flash images for ESXi."
  
  In a sane world, firmware updates would be extremely unusual, and accompanied with both a hearfelt apology and an offer to simply RMA the hardware if that is more convenient for you.

  --
  If laughter is the best medicine, who are the best doctors?

  Parent

  Starting Score:	1		point
  Karma-Bonus Modifier		+1
  Total Score:		2