Login
Username:

Password:

Remember me



Lost Password?

Register now!

Sections

Who's Online
116 user(s) are online (53 user(s) are browsing Forums)

Members: 1
Guests: 115

Swisso, more...

Headlines

 
  Register To Post  

Hard disk firmware spyware and virus
Just popping in
Just popping in


See User information
http://www.pcworld.com/article/288495 ... s-to-hit-iran-russia.html

I've heard that this may not only be infected firmware, but disk manufacturers may also be shipping drives with spyware hidden in the firmware. I'm guessing the malware is coded for x86 processors, and not a threat to OS4 unless specifically coded for it?

Sam460 : X1000 : X5000
Go to top
Re: Hard disk firmware spyware and virus
Just popping in
Just popping in


See User information
Heh, cool! Someone posted this on the news site:

Quote:
Dale Chitwood ... someone will solve it and figure out how to recover. But if they don't I will just browse with my Commodore Amiga 4000 and have no worries.

Sam460 : X1000 : X5000
Go to top
Re: Hard disk firmware spyware and virus
Just can't stay away
Just can't stay away


See User information
@logicalheart

hmmm... Amiga, the terrorists computer of choice... should boost sales and they're not usually short of a bob or two

Amiga user since 1985
AOS4, A-EON, IBrowse & Alinea Betatester

Ps. I hate the new amigans website. <shudder>
Go to top
Re: Hard disk firmware spyware and virus
Just can't stay away
Just can't stay away


See User information
@logicalheart
Quote:
I'm guessing the malware is coded for x86 processors, and not a threat to OS4 unless specifically coded for it?

Not necessarily. With the proliferation of powerful scripting languages, it's possible to infect almost any operating system regardless of CPU used. For example, suppose the malware in the hard-disk scans the disk for a Python installation and inserts Python malware that would be executed any time a Python script is executed by the OS or user. I don't think an Amiga would be immune to that.

Also, consider the fact that most chips and Internet devices are manufactured in other countries like China, Korea or Taiwan. How do you know what your network interface chips, router, or modem are sending out over the Internet? It could be sending your GPS location, IP address or other information about your system without your knowledge. Unless all your computer equipment (including the chips) is being manufactured in your country under strict regulation, inspection and testing, you are vulnerable.

Amiga X1000 with 2GB memory & OS 4.1FE + Radeon HD 5450

Go to top
Re: Hard disk firmware spyware and virus
Home away from home
Home away from home


See User information
@xenic

Quote:



Not necessarily. With the proliferation of powerful scripting languages, it's possible to infect almost any operating system regardless of CPU used. For example, suppose the malware in the hard-disk scans the disk for a Python installation and inserts Python malware that would be executed any time a Python script is executed by the OS or user. I don't think an Amiga would be immune to that.



So this firmware virus comes with FFS SFS SFS2 filesystem builtin? Once it has that it can then hack into a random python distro laid out in an unexpected pattern and insert secret code into that?

I seriously doubt it! Unless one of our number really is a terrorist and the CIA are actively persusing them, and have CIA spy also amongst our midts to suss out the subversive OS we are running.

Quote:

Also, consider the fact that most chips and Internet devices are manufactured in other countries like China, Korea or Taiwan. How do you know what your network interface chips, router, or modem are sending out over the Internet? It could be sending your GPS location, IP address or other information about your system without your knowledge. Unless all your computer equipment (including the chips) is being manufactured in your country under strict regulation, inspection and testing, you are vulnerable.


There are whole communities of security experts out there that would spot that kind of ting within a very short time of it being on the market.


Go to top
Re: Hard disk firmware spyware and virus
Just can't stay away
Just can't stay away


See User information
@broadblues

Quote:
and have CIA spy also amongst our midts to suss out the subversive OS we are running.
Hmm - hey, Andy, what were you REALLY doing in the US of A recently, apart from visiting AmiWest?



Best regards,

Niels

Go to top
Re: Hard disk firmware spyware and virus
Just can't stay away
Just can't stay away


See User information
@nbache

Hmmm... So the low quantity CD smuggling was just a cover in case he was caught?

Amiga user since 1985
AOS4, A-EON, IBrowse & Alinea Betatester

Ps. I hate the new amigans website. <shudder>
Go to top
Re: Hard disk firmware spyware and virus
Just can't stay away
Just can't stay away


See User information
@broadblues
Quote:
So this firmware virus comes with FFS SFS SFS2 filesystem builtin? Once it has that it can then hack into a random python distro laid out in an unexpected pattern and insert secret code into that?


Why would it need to know the filesystem? Copy the Python/lib/distutils directory to a diskimage_device IDF0: and read the adf file in a hex reader like the one in Dopus4. Better yet use AmiDVD to create an iso image of the entire Python directory and load it into a hex reader. The text is all human readable but split into parts. I don't know what parts of a Python installation might be the same for all operating systems but I'm betting a smart program in the hard-disk CPU could find the parts it wants to alter with simple text analysis and alter parts of the Python code without knowing anything about the filesystem.

Amiga X1000 with 2GB memory & OS 4.1FE + Radeon HD 5450

Go to top
Re: Hard disk firmware spyware and virus
Just can't stay away
Just can't stay away


See User information
@broadblues
Quote:
There are whole communities of security experts out there that would spot that kind of ting within a very short time of it being on the market.

I'm sure all the companies making billions of dollars (or whatever currency) from the Internet would like us to believe that. Why are hackers so successful and the so-called security experts only finding viruses etc. after millions of computers are infected? Internet security is an illusion perpetrated by companies who have a big financial stake in everyone trusting the Internet.

Do you think security experts can xray a tiny chip and determine if any commands are hard-wired into those chips? I have my doubts. Do you think the same experts are testing every network related product for thousands of hours to see if any minute amount of unexplained data is contained in network packets? I have my doubts. Call me paranoid but I think everyone will be surprised by what kinds of security holes are discovered in the future.

Amiga X1000 with 2GB memory & OS 4.1FE + Radeon HD 5450

Go to top
Re: Hard disk firmware spyware and virus
Home away from home
Home away from home


See User information
@xenic

Quote:

Why would it need to know the filesystem?


How else would it be able to read the contents of the filesystem?

This thing is suppose to be a virus on hardisk.

Quote:

Copy the Python/lib/distutils directory to a diskimage_device IDF0: and read the adf file in a hex reader like the one in Dopus4. Better yet use AmiDVD to create an iso image of the entire Python directory and load it into a hex reader. The text is all human readable but split into parts. I don't know what parts of a Python installation might be the same for all operating systems but I'm betting a smart program in the hard-disk CPU could find the parts it wants to alter with simple text analysis and alter parts of the Python code without knowing anything about the filesystem.


How is a virus going to read something in a hex editor? Your discribing the actions of a hacker phyically present or at best attached via VNC to an already compromised system with amigaos knowledge, in fact that CIA agent I described earlier....

_

Go to top
Re: Hard disk firmware spyware and virus
Just can't stay away
Just can't stay away


See User information
@xenic

Quote:
Why would it need to know the filesystem? Copy the Python/lib/distutils directory to a diskimage_device IDF0: and read the adf file in a hex reader like the one in Dopus4. Better yet use AmiDVD to create an iso image of the entire Python directory and load it into a hex reader. The text is all human readable but split into parts. I don't know what parts of a Python installation might be the same for all operating systems but I'm betting a smart program in the hard-disk CPU could find the parts it wants to alter with simple text analysis and alter parts of the Python code without knowing anything about the filesystem.


Without knowing the filesystem, which no harddrive knows anything about, all it can do it scan through binary data looking for matches. The harddrive doesn't even know the block size used by the filesystem so has no idea how the data is split up, how fragmented it is, how big a file is, or anything about the directory structure of the disk. even if it finds a match it has no idea where the next block is.

It's far more likely the harddrive chip is just used as a storage place for a very simple virus to install a highly compressed better virus on the users computer where things can be accessed at a much higher level.

Thinking about it, SFS's 512 block size is far more secure than the big 32k blocks some systems use... much easier to put a book back together when its in chapter size chunks instead of half pages...

Amiga user since 1985
AOS4, A-EON, IBrowse & Alinea Betatester

Ps. I hate the new amigans website. <shudder>
Go to top
Re: Hard disk firmware spyware and virus
Just popping in
Just popping in


See User information
I just read about this a few hours ago. I very much enjoyed the discussions among the "general public" about risk and remidiation options.
Many say "just format the disk", they have not fully understood where the virus lives and what it runs on.. Many have said "pull the drive and re-flash the firmware". Great, but who will audit the firmware to make sure it's not the "bad" one?
While driving my wife around this morning, I began to wonder exactly what the "payload" of this virus might be.. It _could_ insert other virii into your file system if it knows what OS and processor family you are running.
If this virus wanted to export any of your "secrets" I can see only a few ways out. If it knows the OS then the network might be viable, but also subject to detection. It could simply make hidden copies of some specific data and hold them for some agent to do a "hands on" retrieval, but that seems unlikely as well.

Then I thought of some more dangerous options. Without any knowledge or care about OS or system processor, it has the ability to corrupt any or all of your data. And it could, as Severin pointed out, be triggered into action by something as simple as saving a specific string of characters.

With a system like that ALL OS's would be vulnerable, including ours. And all you'd need to trigger it is to get the end-user to save a trigger file anywhere on the drive. True that some processors may play with byte order, but sending the "key" in a couple variations solves that problem.

The article I read said that the corrupted drives were only being sold to certain countries. I think that bit was the hardest to believe at all. But that's just me. :)

Brave New World indeed.

Go to top
Re: Hard disk firmware spyware and virus
Just can't stay away
Just can't stay away


See User information
@Severin
Quote:
Without knowing the filesystem, which no harddrive knows anything about, all it can do it scan through binary data looking for matches.

Exactly. The hard-drive circuit board has a processor that executes the microcode contained in the firmware. Nowadays most firmware can be reflashed with updated code. I can update the firmware in my router by accessing the Netgear web site.

My comment to broadblues about the human-readable text was just to point out that the raw binary data on the hard drive can be alphanumeric and scanned by the hard drive's processor for known script commands. If a human can retrieve data from a hard disk and reassemble it (like some law enforcement agencies) the processor in a hard-disk can be programmed to do it too. If the processor can identify script code (Python, Java etc.) that connects to the Internet, it can alter that code to send data over the Internect when the user runs the script.

All the microcode in a device's flashable firmware isn't necessarily all the code that is contained in the chip. The chips you see on a circuit board are usually far larger that the circuitry inside them so that they can connect to the main circuit board. A chip can contain a lot more than the circuitry necessary to perform it's advertised function. I think that anyone who thinks that espionage agencies aren't working on sophisticated ways to control or access any computer might be surprised in the near future.

Amiga X1000 with 2GB memory & OS 4.1FE + Radeon HD 5450

Go to top

  Register To Post

 




Currently Active Users Viewing This Thread: 1 ( 0 members and 1 Anonymous Users )




Powered by XOOPS 2.0 © 2001-2023 The XOOPS Project