Modifying Hard drive Firmware

I was reading the following article, and then watched an awesome video of somebody reverse engineering the firmware on their hard-drive by utilising the JTAG debugging interface and “diagnostic serial port” to dump and disassemble the firmware, modifying it and then uploading the changed firmware to demonstrate how an attacker could create a persistent backdoor that could survive OS re-installation.

http://arstechnica.com/information-technology/2015/02/how-hackers-could-attack-hard-drives-to-create-a-pervasive-backdoor/

I suggest that you watch the entire presentation as it’s very informative and scary 🙂
Hard disks: More than just block devices

Some very interesting security enhancements could also be created. One idea that I would like to share with you would be if you were to add a file-system driver into the firmware and then added file-system auditing, to keep a checksum of certain files/inodes using a fast hashing algorithm optimised for the ARM architecture wrote to a sector on the disk outside of the OS. Of course you’d need to write the driver in ARM assembly and need the additional space to be able to update the firmware.

Other spin-offs from this research could be better data recovery and performance enhancements.

Advertisements
This entry was posted in security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s