[Cryptography] Open Storage Controllers

Bob Wilson wilson at math.wisc.edu
Tue Jun 26 18:43:46 EDT 2018

> On Sun, Jun 24, 2018, 9:33 PM R0b0t1 <r030t1 at gmail.com  <mailto:r030t1 at gmail.com>> wrote:
> Is anyone aware of either HDDs or SSDs that have firmware which is
> user modifiable? Even flash chips, "bare," as used in USB flash
> drives, or eMMC, as used in phones, can have storage controllers.
I don't know much detail, but I do remember half a dozen years ago (more 
or less) having a couple of Seagate HDDs go bad in a home system: I sent 
one to a professional place to recover data (It had been in use just a 
few days, no good backup program in place yet, :>(  ) and they diagnosed 
it as corrupted firmware. I was told they had already received a bunch 
of Seagate drives that had failed in the same way, that malware 
rewriting the firmware in the drive was suspected. I do know that 
firmware upgrades were being shipped to users in some group, so the 
ability to write was certainly there. Later I even found online a 
program that claimed it could check for authenticity of your drive 
firmware and arrange to install a corrected version. So as always there 
is "whom do you trust"...

Remember when easily upgradeable BIOS proms for PCs first hit the scene? 
At first you had to switch an on-board jumper to allow writing, but 
maybe that was too much work or the extra three cents for hardware was 
too expensive. This seems to me still a big vulnerability!

Maybe somebody on this list has more information...
Bob Wilson, emeritus prof mathematics UW-Madison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180626/cfcd2cc1/attachment.html>

More information about the cryptography mailing list