One of the most worrying news that was recently broadcast is the ability of the secret services to break the firmware of a hard drive. by malicious code flashing. Kaspersky researchers who have unveiled the new type of espionage tool say it is "better than anything else" they have seen to date.
The hacking tool is believed to be a product of the NSA, and is particularly important as the infringement of firmware gives attackers full control of a system. It is called “nls_933w.dll”, and it is the first of its kind that uses both spyware platforms (EquationDrug and GrayFish) discovered by Kaspersky.
Worryingly though, it can create an invisible storage space on the victim's hard drive to hide the data που έχουν κλαπεί από το system. So attackers can retrieve them later. This allows attackers to steal files even from encrypted drives. How;
When the computer is running, the data is decrypted. At that time, it is very easy to make copies at the very bottom of the disk that is not encrypted.
How it works
Hard disks have a controller, which is essentially a mini-computer, that includes a flash memory chip or ROM, where the firmware code for the hard disk operation is.
A Trojan firmware allows attackers to stay in the system even if the software is updated. From then on, the malicious code can not be eliminated. Even if the victim believes that his computer is infected, and performs a new installation of the operating system, the malicious code on the firmware remains intact.
Σύμφωνα με τους ερευνητές το firmware μπορεί να εγκατασταθεί σε πολλές διαφορετικές μάρκες σκληρών δίσκων, όπως της IBM, της Seagate, της Western Digital, και της Toshiba.
The ROM chip containing the software includes a small storage space that remains unused. If the ROM chip is 2 MB, the software can fit into 1,5 MB, leaving half a megabyte of unused space that can be used to hide data from the attackers.
So super hackers don't need passwords if they can copy the entire directory from operating system in a hidden space to be accessed later. But how since the space left free by the firmware is too small. Thus, attackers need a larger hidden space for storage. Fortunately for them, there is. There are large sectors of the disk that are unused and could be used to secretly store data, even those that may have been deleted from the system.
A interest .pdf published in February 2013, by Ariel Berkman states: “there are sectors that not only can not be accessed through standard tools, but also remain inaccessible to antivirus software. ”
Berkman, according to Wired, reports that a particular Western Digital disk model has 141 MB designed for a system service area but only uses 12 MB from it, leaving the rest free for hidden storage.
