One of the most worrying news that was recently broadcast is the ability of secret services to tamper with the firmware of a hard drive disk. by flashing malicious code. Kaspersky researchers who uncovered the new type of spying tool said it "is better than anything else" they've seen to date.
The hacking tool, believed to be a product of the NSA, is particularly important, as hacking the firmware gives attackers full control of a system. It's called “nls_933w.dll”, and it's the first of its kind to use both two spyware platforms (EquationDrug and GrayFish) discovered by Kaspersky.
But worrying is that it can create an invisible storage space on the victim's hard disk to hide the data stolen from the system. So the attackers can retrieve them later. This allows attackers to intercept files even from encrypted discs. How;
When the computer is running, the data is decrypted. At that time, it is very easy to make copies at the very bottom of the disk that is not encrypted.
How it works
Hard drives have a controller, which is essentially a mini-computer, that includes a flash memory chip, or ROM, that holds its code. software (firmware) for the operation of the hard disk.
A Trojan firmware allows attackers to stay in the system even if the software is updated. From then on, the malicious code can not be eliminated. Even if the victim believes that his computer is infected, and performs a new installation of the operating system, the malicious code on the firmware remains intact.
According to the researchers, the firmware can be installed in many different hard disk chips, such as IBM, Seagate, Western Digital, and Toshiba.
The ROM chip containing the software includes a small storage space that remains unused. If the ROM chip is 2 MB, the software can fit into 1,5 MB, leaving half a megabyte of unused space that can be used to hide data from the attackers.
So the supers hackers δεν χρειάζονται κωδικούς πρόσβασης, εάν μπορούν να αντιγράψουν ολόκληρο τον κατάλογο από το functional system in a hidden space to be accessed later. But how since the space left free by the firmware is too small. Thus, attackers need a larger hidden space for storage. Fortunately for them, there is. There are large sectors of the disk that are unused and could be used to secretly store data, even those that may have been deleted from the system.
A interest .pdf published in February 2013, by Ariel Berkman states: “there are sectors that not only can not be accessed through standard tools, but also remain inaccessible to antivirus software. ”
Berkman, according to Wired, reports that a particular Western Digital disk model has 141 MB designed for a system service area but only uses 12 MB from it, leaving the rest free for hidden storage.
