[Cryptography] Open Storage Controllers
Bob Wilson
wilson at math.wisc.edu
Tue Jun 26 18:43:46 EDT 2018
>
> On Sun, Jun 24, 2018, 9:33 PM R0b0t1 <r030t1 at gmail.com <mailto:r030t1 at gmail.com>> wrote:
> Is anyone aware of either HDDs or SSDs that have firmware which is
> user modifiable? Even flash chips, "bare," as used in USB flash
> drives, or eMMC, as used in phones, can have storage controllers.
I don't know much detail, but I do remember half a dozen years ago (more
or less) having a couple of Seagate HDDs go bad in a home system: I sent
one to a professional place to recover data (It had been in use just a
few days, no good backup program in place yet, :>( ) and they diagnosed
it as corrupted firmware. I was told they had already received a bunch
of Seagate drives that had failed in the same way, that malware
rewriting the firmware in the drive was suspected. I do know that
firmware upgrades were being shipped to users in some group, so the
ability to write was certainly there. Later I even found online a
program that claimed it could check for authenticity of your drive
firmware and arrange to install a corrected version. So as always there
is "whom do you trust"...
Remember when easily upgradeable BIOS proms for PCs first hit the scene?
At first you had to switch an on-board jumper to allow writing, but
maybe that was too much work or the extra three cents for hardware was
too expensive. This seems to me still a big vulnerability!
Maybe somebody on this list has more information...
Bob Wilson, emeritus prof mathematics UW-Madison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180626/cfcd2cc1/attachment.html>
More information about the cryptography
mailing list