[Cryptography] trojans in the firmware

Jerry Leichter leichter at lrw.com
Fri Feb 20 06:19:55 EST 2015


On Feb 19, 2015, at 11:12 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> I would love to be able to program this device myself, instead of relying on Samsung's firmware.
Good luck with that.  SSD performance and even proper operation is still somewhat of a black art; much of the value of the device comes from the proprietary algorithms that control it, which are build knowing details of the design.  Samsung, like other SSD makers, has every reason to keep that stuff secret.  The market advantage of increments in speed and other features is significant; the market to people who want to program it themselves is essentially non-existent.

> BTW, what's the point of AES encryption on this pre-p0wned device?  More security theatre?
It depends on the implementation and what kind of attacker you're considering.  There have been implementations in the past which use simply match a password stored in the device - encrypted with AES so that the advertising claims aren't outright lies - against a password entered at boot; the data itself was left unencrypted.  But there's plenty of power in a device like this to essentially build FDE right into the SSD.  That's probably proof against any attack against a stolen/seized SSD.  (Of course, Samsung may have deliberately, or through incompetence, provided a back door - we'd never know.  But most attackers wouldn't know either.  I'm sure North Korea would *assume* that the South Korean intelligence services have access, whether it's true or not.)

Low-enough level attacks against the boot sequence could intercept and leak the password.  The OS typically would come in way too late to see the password - but of course if you take it over, you have full access to the device.

In summary:  Assuming a decent implementation and no back doors available to the attackers of interest to you, this has exactly the strengths and weaknesses of FDE, with no overhead in the host.  Not really security theatre, but given modern hardware, perhaps not much of an advantage either.  You could go for defense in depth by using FDE on top of what the device provides.

                                                        -- Jerry



More information about the cryptography mailing list