One of the most worrying news that was recently broadcast είναι η δυνατότητα των μυστικών υπηρεσιών να παραβιάζουν το firmware ενός σκληρού δίσκου. με flashάρισμα maliciousυ κώδικα. Οι ερευνητές της Kaspersky που αποκάλυψαν το νέο είδος toolspy agencies reported that "it's better than anything else" they've seen to date.
The hacking tool, is believed to be a product of the NSA, and is particularly important as a firmware hack gives attackers full control of a system. It is called “nls_933w.dll”, and it is the first of its kind that uses both spyware platforms (EquationDrug and GrayFish) discovered by Kaspersky.
But worrying is that it can create an invisible storage space on the victim's hard disk to hide the data stolen from the system. So the attackers can retrieve them later. This allows attackers to intercept files even from encrypted discs. How;
When the computer is running, the data is decrypted. At that time, it is very easy to make copies at the very bottom of the disk that is not encrypted.
How it works
Hard disks have a controller, which is essentially a mini-computer, that includes a flash memory chip or ROM, where the firmware code for the hard disk operation is.
A Trojan firmware allows attackers to stay in the system even if the software is updated. From then on, the malicious code can not be eliminated. Even if the victim believes that his computer is infected, and performs a new installation of the operating system, the malicious code on the firmware remains intact.
According to the researchers, the firmware can be installed on many different brands of hard drives, such as IBM, Seagate, Western Digital, and Toshiba.
The ROM chip containing the software includes a small storage space that remains unused. If the ROM chip is 2 MB, the software can fit into 1,5 MB, leaving half a megabyte of unused space that can be used to hide data from the attackers.
Έτσι οι super hackers δεν χρειάζονται κωδικούς πρόσβασης, εάν μπορούν να αντιγράψουν ολόκληρο τον κατάλογο από το λειτουργικό σύστημα σε ένα κρυμμένο χώρο για να έχουν πρόσβαση αργότερα. Πως όμως αφού ο χώρος που μένει free by firmware is too small. Thus, attackers need a larger hidden space for storage. Fortunately for them, there is. There are large sectors of the disk that are unused and could be used to secretly store data, even those that may have been deleted from the system.
A interest .pdf published in February 2013, by Ariel Berkman states: “there are sectors that not only can not be accessed through standard tools, but also remain inaccessible to antivirus software. ”
Berkman, according to Wired, reports that a particular Western Digital disk model has 141 MB designed for a system service area but only uses 12 MB from it, leaving the rest free for hidden storage.
