Undetectable NSA-linked hybrid malware hits Intel Security radar CTB Locker ransomware attacks rose 165 per cent in the first three months of 2015. More than a third (35 per cent) of victims were based in Europe, McAfee Labs reported. CTB Locker encrypts files and holds them hostage until the ransom is paid. As such, the crimeware is picking up the baton that dropped with the takedown of …
SSD's been around for a while, HDs even longer. One would think the risk of using write once chips for the devices "firmware" would not be large especially if some R&D money was spent to re-verify the code. A clever suppler could even market it as a feature and charge extra.
It they made the memory write once, it would also solve those nasty questions about SMART parameters and the number of bad blocks - All the SMART would say perfect health and there would be no bad blocks - ever.
Sarcasm aside, the firmware needs some space to write stuff in non-volatile memory that isn't the disk, and it's certainly better to put one chip than 2. I've also seen disks that appear to store some of the disk firmware actually on the disk. A bit like the old days, when you enter the bootloader by hand, that then reads code from the paper tape, which becomes the OS, and then you can start loading programs.
It would not be difficult for HDD manufacturers to plug that the vulnerability. For new products, allow firmware updates only when a physical jumper is removed on the HDD (and inhibit normal HDD operation to stop people forgetting to replace the jumper after an upgrade). That would prevent malware rewriting the HDD firmware while also allowing a user to update its firmware on the rare occasions that it becomes necessary. For existing drives (which obviously do not have such a jumper), the firmware could be signed with the vendor's private key and the HDD will reject any new firmware download unless the embedded public key in the *existing* firmware confirms the signature on the *new* code. A virus-writer would then need to get hold of the disk vendor's private key in order to install malicious code.
That's how the economy works.
Take the example of wireless networking gear. There's two approaches:
1. a system that involves rushing crap to market as quickly and cheaply as possible so consumers can afford it and have at least a 50% chance of it working with their existing gear.
2. a system where wireless devices spend years in development and have a 100% chance of compatibility, but nobody would ever be able to afford it.
That's not strictly true, of course the telecoms companies can afford it and the gear they use is a whole other level of precision engineering, but it's not reasonable to apply the same rigors to consumer gear (unless you want to do it at no extra charge, in which case, send me your details).
>>EASY, put the firmware chip in a socket, to 'fix', replace the chip in the socket with the fixed version.
>And how do you do that when the hardware is 2000 miles away?
Admiral Benson: [while standing on top of the aircraft carrier, his cap blew off and landed in the ocean] Holy Cow! My cap blew off! Swing her round. We'll pick it up.
Officer: But, sir, we're on the mission.
Admiral Benson: Good thinking. We'll pick it up on the way back. We gotta mark the spot, though. Put Robinowitz in a life raft. Have him row in circles until we return.
Officer: It could be days.
Admiral Benson: Then put some food in the life raft, for god's sake, man. Do I have to think of everything? We'll tape his favorite shows, he won't miss anything.
"I have this group of EMC Vx arrays over here - lets see... 2400 spindles. You want to come update that firmware?"
If you have a support contract, just phone EMC support, they will connect at an agreed time and update your firmware. It can all be done online.
Or if you don't have full support then doing it yourself is easy. See https://community.emc.com/docs/DOC-40251 for how long it takes...
(As someone experienced with Vmax and VNX)
"If you have a support contract, just phone EMC support, they will connect at an agreed time and update your firmware. It can all be done online."
I believe this was in regards to having to physically replace the firmware chip to fix bugs. How can you physically switch a chip from the Internet? As others have noted, if you're forced to switch out a chip, you might as well switch out the entire hard drive, which in a large-scale or remote setting, isn't a chore; it's a project.
"How can you physically switch a chip from the Internet?"
Well, that's easy too. ROBOTS!!!!
First drive comes with a robotic arm connected to the manufacturer over the internet so they can remotely replace the firmware chip. They'll also include a supply of blank chips and a PROM burner of course. Subsequent drives in the array will cheaper since they won't need a new robot arm.
Now, do I really need a joke icon here?
"I believe this was in regards to having to physically replace the firmware chip to fix bugs."
If so that would surely be "replace", not "update"...
Firmware level persistent malware is likely only a problem for local OS boot drives, not for enterprise storage arrays that introduce another layer of seperation / translation between the disk and the OS.
I have this group of EMC Vx arrays over here - lets see... 2400 spindles. You want to come update that firmware?
Do you have it fully backed up as HDD firmware updates in my experience tend to be destructive... Hence I see no real reason to have a simple way of updating such critical firmware.
Indeed, like the Seagate drives which just upped and died a few years ago but were recoverable with a firmware flash.
Bugs happen and it's a damn good idea to occasionally check for firmware updates.
My preference would be for a firmware write protect jumper next to the SATA connector or a small toggle switch somewhere, said write protect should also stop the drive being used until it's 'locked' in read only for firmware.
Of copurse that'd not stop a TLA from corrupting the original firmware but at least it'd need to be someone with that sort of clout and not some extortion oriented criminal hacker gang
Until you find you have do repeat this job several thousand times or several thousand miles away, in which case the cure is worse than the disease.
No, it really isn't. If you value convenience then set all your switches to write enabled and foresake any security. The rest of us can sit there with them in write protect mode given few home users update firmware and we can have the security.
"The rest of us can sit there with them in write protect mode given few home users update firmware and we can have the security."
Not if the EXISTING firmware is vulnerable, and you can't leave it alone since it can be used to alter the platter contents, even if the firmware is write-protected.
""Nothing a simple hardware 'write protect' switch won't cure..."
Until you find you have do repeat this job several thousand times or several thousand miles away, in which case the cure is worse than the disease."
Fine, have the vendor ship them with the write protect off. There is no rational reason to force everyone else to have shit security just because it suits your use case.
Firmware update jumper the way forward for sure..
Re: doing updates at a distance, it's called *REMOTE HANDS* - if you're not set up to deal with this you have way bigger fish to fry. Even still leave the update jumper in place and accept the risk, job done.
Seriously though what do you do when you have failed disks or motherboards or ethernet cables?
Since Microsoft admit back-dooring some versions of Windows ( and who's to really say they have not back-doored all versions), what's there to stop SSD vendors from back-dooring an SSD?
Then of course you could just go whole hog and backdoor hardware. For example, an ethernet controller can typically access the whole address range of memory without any software support. That allows a maliciously designed ethernet controller (or video card, or ...) to do some very interesting things.
>Surely that was Open BSD?
No some wannabe was looking for attention and claimed it and after all the code he touched was carefully audited (what they do as well as anyone) it turned out being nothing but FUD after all. Even then it only affected IPSEC which the NSA has supposedly attacked from within regardless of platform and which nobody in their right mind uses any way (not with OpenVPN tls being better in virtually every use case I have seen). OpenBSD is still the most secure widely available open source OS because even the NSA can't find hardware it supports (I keed).
...the risk of using write once chips for the devices "firmware" would not be large especially if some R&D money was spent to re-verify the code. A clever suppler could even market it as a feature and charge extra.
The safest way to do this is with a ROM, which are also a lot cheaper than Flash.
I'm not sure which I find most unsettling... The suggestion that a government *might be involved in subverting personal or corporate property or the fact that we are now all so used to such behavior, comments on The Register revolve around the failings of vendor quality control and capability, ignoring the reference to the NSA.
* I say might, as we have no proof. However, post-Snowden, it's unlikely that we'd be shocked by anything.
And whilst I'm at it, I'd just like to say that I think the NSA are a great bunch of people who deserve a pay rise for their invaluable work (just in case they're reading this).
are a great bunch of people who deserve a pay rise for their invaluable work (just in case they're reading this)
They are the state bureaucracy. They vote themselves their own payrises, numbskull!
No need to sweettalk yourself into a job in the comment section either.
"They are the state bureaucracy. They vote themselves their own payrises, numbskull!"
They've got the dirt on the people who do the voting of their payrises. And even if they haven't got any dirt on scrupulously clean individuals, they're not averse to making something up. So the vote goes their way.
This post has been deleted by its author
Why not have vendors use all the available flash space so that there is no "extra space" to hide anything. Something simple when they write it like "what is the XOR of these two huge numbers (the numbers being the space-taking elements), if the answer is 1, goto next function". Or fill the space with compiled code that doesn't do anything, but looks like the real functions of the firmware. Obviously the bad guys could still just use the harddisk to store their malware like they always have done, but then it could be searched for in the traditional way, and a low-level could clean it off easily.
Like putting your bag down in the empty seat next to you on the bus to stop the crack-head from sitting there.
Because the malware writers usually just flash complete firmwares from the ground up, not sneak stuff into existing firmware. Meaning taking up unused space is meaningless as they'll work from the whole storage allotment from the go. To use your analogy, it'd be like someone crazed from PCP picking you up bodily and throwing you out the bus window, then taking your bag and throwing it out after you.
I don't write firmware-virus-hiding-malware so I just assumed it read out the target devices original firmware, inserted itself into the same memory area as the original, and then loaded the original firmware after (and this was possible because the firmware wasn't using the whole memory area in the first place, so there was room for both files in the same space). It seems hard to believe that someone has the time and ability to recreate the factory firmware for so many different devices without access to the original firmware's sourcecode.
"It seems hard to believe that someone has the time and ability to recreate the factory firmware for so many different devices without access to the original firmware's sourcecode."
Thing is, they can obtain the firmware through other means, such as a legitimate update download. They can then tinker with it offline at their leisure, allowing them to basically rebuild it to their needs (including taking out things to make room and so on), THEN find a way to inject the malware.
If we have to assume NSA can force any vendor to do things like that, then there is no solution. Even if the firmware were burned into real ROM, and unmodifiable by anyone, we would have to worry about NSA forcing manufacturers to pre-install their malware. That way lies madness...
Easy!
Let one cut the cake, but let the other choose his half.
Theoretically, you can enforce security on unsafe systems by running a virtual machine on several of them together, so that no single machine has full control or full key to decrypt the data. This will either work safely, or fail integrity checks.
But theory doesn't hold out in real life. To use your analogy, one will try to steal the entire cake so there's nothing to cut while the other will try to steal the knife so there's no way to split it. IOW, even if you try to segregate the duties, someone clever enough will try to collect the duties together to break the whole works. Failing that, they can try to set up a race condition, a compound failure, or a liminality where things aren't well-defined.
As for the intergrity check, that's probably one of the first things they'll attack, sending us into the whole "Who watches the watchers?' problem.
as the 'enemy state' of so many foreign countries, the usa is fully capable of doing preeeety much what it pleases, yu know, to maintain that aura of respectability/viability and politically pristeeness that make so many in the usa (and allies) happy as clams. with china/syria/other middle eastern clans simmering with envy at the smarty pants trying to overtake their commerce, trade and 'cultural integrity' systems, expect feecal matter to fly and rude political families to do unconscionable things. Creating a company (ohh so clever) that presumes to be a hard/ss drive manufacturer, then simply hacks any common drive, re-brands it as 'new and improved" and guess what. the good onsumer sheep will buy them, use them and distribute them for the NSA gratis. who cares where they end up, they now are 'target capable', usually as soon as someone hooks it up to the big bad internet. isis may play a small part, by encouraging the animosity between so many people, but the big fat wealthy ones, really arent affected. malware is like the thousand people willing to cheat you to get ahead in the line, short you on quality, trick you to buy junk and countless other typical human traits.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
