Harddisk firmware dangers

Nico Rikken nico.rikken at fsfe.org
Sat Feb 21 23:01:24 UTC 2015

Thanks for referring to an article, as I only heard about it briefly. 

This only seems logical in light of the eavesdropping devices installed
in products whilst in shipment, and the announcement last week about
leaking software keys. Also the research of BadUSB has shown what kind
of integrated systems are possible.

I guess there are many ways in which the security can be improved. For
example explicitly approving the features an USB-device can use. Or
storing hashes of all files on disk on another storage device to notice
malicious behaviour by the disk, or by refraining from using keys used
in a simcard when messaging. As much as I'd like to fully trust all the
systems produced, all processes are vulnerable to attack and thus we
have to be cautious. 

By having as much of the hardware and software stack verified or
verifiable as possible, it becomes harder to hide such malicious
programs. Especially if the interfaces are clearly defined and strictly
implemented. In that regard it is wonderful there is being worked on an
open processor http://www.lowrisc.org/ and there exists a formally
verified free software kernel http://l4hq.org/projects/kernel/ 

Thanks for sharing the article,
Nico Rikken
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20150222/98b34c48/attachment.sig>

More information about the Discussion mailing list