On 02/17/2015 02:31 PM, Chris Murphy wrote:
On Tue, Feb 17, 2015 at 12:02 PM, jd1008 <jd1008@xxxxxxxxx> wrote:
http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216
From the article, I'm not connecting the dots on exactly what the
sequence for persistent infection is, or how modified source code
ended up in actual products since 2001. Maybe that's detailed in the
Kaspersky Lab report. It seems obvious many foreign governments can
get access to drive firmware source code, but then modify it and get
it baked into production units? Or produce some kind of malware whose
sole job is to flash the drive firmware post-production? And then what
does the modified firmware do once on the drive? It can't have its own
network stack to start funneling data somewhere. It seems more likely
for e.g. OPAL drives it could retain the passcode for the KEK. So then
this means physically acquiring (stealing) the drive and being easily
able to decrypt the contents. Or could the firmware at power on not
actually supply the firmware with LBA0 contents to execute but some
arbitrary code (possibly even stored on hidden sectors on the drive)
that acts as a persistent bootkit?
Or, a government agency can easily demand that their "chip"
be inserted into the drive's controller board or their code be
inserted into the firmware.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
