Hard Drive Firmware Provides New Backdoor into YOUR Data

Binary data on HDD

Various software tools now exist that create backdoors into people’s data by exploiting the resident firmware code in their computer hard drives. Put simply, firmware is the computer program that runs a hard drive and is executed when the hard drive first starts up. It operates at a lower level than the computer’s operating system and therefore, computer security programs like anti-virus products can not interact or detect modifications to it.

These tools aren’t crappy pieces of software written by adolescent kids, these are state sponsored professional pieces of software written by governments (eg. America’s NSA et al). Their purpose is simple – surveillance and control of the systems they are installed on.

Exploiting hard drive firmware to provide a covert way in to computer systems is a technique that many cyber security professionals see as the new next step in digital terrorism and counter-terrorism. To flag wave for just a moment, Data Clinic documented this technique over 10 years ago, back in 2004 – see here: http://www.dataclinic.it/data-recovery/DRF-Hiding-data-on-a-hard-disk-tech1.pdf

With larger amounts of information and manufacturing processes now being controlled by computers, and security and encryption programs now being so strong they are almost unbreakable, increasingly clever ways have to be found of gaining access to important computer systems via backdoors. This government sponsored spying software isn’t interested in stealing credit card details, it’s purpose is international espionage.

The US-Iran Nuclear Agreement (July 2015)

This recent undated satellite image provided by Space Imaging/Inta SpaceTurk shows the once-secret Natanz nuclear complex in Natanz, Iran, about 150 miles south of Tehran. AP Photo/Space Imaging/Inta SpaceTurk, HO
This recent undated satellite image provided by Space Imaging/Inta SpaceTurk shows the once-secret Natanz nuclear complex in Natanz, Iran, about 150 miles south of Tehran. AP Photo/Space Imaging/Inta SpaceTurk, HO

In the last few days, you’ll be aware that a nuclear “agreement” has now been reached between the US and Iran (http://www.bbc.co.uk/news/world-us-canada-33636922). Wrecking Iran’s attempts to become a nuclear power has been high on the US agenda for years: Stuxnet was a state sponsored piece of software designed to infiltrate computers that were part of Iran’s nuclear development programme. It’s target was machines that controlled the centrifuges that enriched uranium. Once a system was detected, Stuxnet deliberately reprogrammed it to not only wreck the centrifuges but also ruin the enrichment process. Read about how Stuxnet successfully infiltrated Iran’s nuclear program here: http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/.

Hard Drive Manufacturers Fight Back

Seagate has become the first hard drive manufacturer to “lock down” it’s firmware. For example, the STxxxxDM03 series of hard drives has firmware that can no longer be manipulated or reprogrammed. This is bad news for data recovery companies, as firmware often becomes corrupted and prevents the hard drive working correctly. For us to retrieve data from these drives, we have to reprogram the hard drive’s firmware, something that is no longer possible (yet) with some of the the latest Seagate drives.

Recommended: Read more about the NSA firmware hacking here http://www.wired.com/2015/02/nsa-firmware-hacking/