Hard drive modifying data in flight

Jann Eike Kruse jannkruse at fsfe.org
Tue Nov 25 09:54:31 UTC 2014

Hi Ben,

It's actually on the page 4 (proof-of-concept): [quote]

"This little bit of code would replace the first 4 bytes of every sector
in cache with 0x12345678 every time it's called, so if I uploaded all
this to the hard disk, I should see that number on the start of every
sector I read. I uploaded the bits of code over JTAG..."

You'll find that passage just before the white-on-black ROXTerm screenshot.

And some more possible scenarios on page 6:

"With the firmware hack in place, however, the attacker could tell the
hard disk to do something nefarious with the new install. He'd need to
trigger that behaviour first, though, and that could be done by writing
a certain magic string the firmware hack would look for to the disk. The
magic string can be in any file; the attacker could for example upload a
.jpeg-file with the string in it to the server. He could also request a
file from the webserver with the magic string appended to the URL. That
would eventually end up in the logs of the machines, triggering the
exploit. "

BTW: The same goes for SD cards, USB drives, etc. that have a
(micro)controller on board, which could be (remotely/before-hand)
programmed with malicious software.

A good thing to look at with this in mind is full disk encryption, so
the HDD/SD/USB-stick controller sees only "noise" as data. In case of
LUKS there's still the LUKS header on the disk, with the malware could
mess with... Not sure if that gives any chance to attack.


On 25/11/14 00:07, Ben Finney wrote:
> "Neal H. Walfield" <neal at walfield.org>
> writes:
>> At Sun, 23 Nov 2014 23:39:09 +0100,
>> Paul Hänsch wrote:
>>> I don't get this point:
>>> ""quote --
>>> - 128 GB SSD (this would be the one component that might have to be 
>>> proprietary as I’m not aware of another option)
>>> -- ""
>> Don't trust a hard drive to not modify the data in flight:
>>   http://spritesmods.com/?art=hddhack&page=5
> I've now read that (short) page, but it doesn't say anything to me about
> “hard drive […] modify the data in flight”. Probably because I'm not
> expert on hardware hacking.
> Can you point to, or write, an explanation of what a free-software
> proponent is expected to learn from the above page?

Sent with Open-Source Free Software. Respect your freedoms!
Send me encrypted messages for privacy with my OpenPGP key: 8a30148a

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20141125/801d5f6b/attachment.sig>

More information about the Discussion mailing list