[Cryptography] trojans in the firmware

Henry Baker hbaker1 at pipeline.com
Tue Feb 17 21:28:34 EST 2015


At 07:06 PM 2/16/2015, John Denker wrote:
>On 02/16/2015 01:39 PM, John Young wrote:
>
>> Kaspersky Q and A for Equation Group multiple malware program, in use
>> early as 1996. NSA implicated.
>> 
>> <https://t.co/bByx6d25YF>https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
>>
>>  Dan Goodin: How “omnipotent” hackers tied to NSA hid for 14
>> years­and were found at last
>> 
>> <http://t.co/0n1D05GOFN>http://ars.to/1EdOXWo
>
>Those are well worth reading.
>
>a) The disk manufacturer could allow you to read the firmware
> easily.  It's always going to be readable if somebody wants
> to go to enough trouble;  we're only arguing about the price.
>
>b) If they don't want to make reading easy, they should
> provide /at least/ the following:
>  -- the total number of times the firmware has been modified, and
>  -- the current hash.  Cryptologically strong hash.

I (and most everyone else, as well) no longer care about booting from "hard" disks.  Everyone boots from flash memories these days.

So now the problem is gaining access to flash disk firmware.  Normally, you can't.  However, there are now really decent file systems developed for Linux for _bare_ flash devices (i.e., not USB or uSD flash drives, which utilize internally managed flash memory "log-structured" file systems; see BadUSB for more info).

What I'm interested in now are completely raw flash devices having no microcode at all.  Perhaps someone is now packaging these chips in sodimm packages.  In any case, for many reasons having nothing to do with the NSA, I'd like to control exactly how my flash file system works.

Many of the OpenWRT router devices utilize completely raw flash devices for their internal memory, which allows OpenWRT itself to choose how to manage the "file systems" for use on these devices.

I haven't checked the details on the newest Raspberry Pi device, but perhaps its flash memory is based on similar completely raw flash devices.



More information about the cryptography mailing list