Sometimes you just are so much in the Flow with life that you don’t get to dive in as much as you would like on all topics. For me recently I have been heavy training CrossFit in preparation for some competitions coming in October, and very busy with some new projects. I also have a few personal pursuits underway that pretty much have made a the evenings more likely to be part of my day than anything else…. so this Labor Day weekend I worked, studied, did research, tinkered, hacked, and honestly just focused on consuming and not listening to ANY media outlets. I wanted to cut the noise and just get into the particulars. Now, those particulars are not always great for the regular reader, so I have included below a simple and concise write-up from Wired on this topic. I’ll try and share as all the research soon, but for now … happy Labor Day
The Trojanized firmware lets attackers stay on the system even through software updates. If a victim, thinking his or her computer is infected, wipes the computer’s operating system and reinstalls it to eliminate any malicious code, the malicious firmware code remains untouched. It can then reach out to the command server to restore all of the other malicious components that got wiped from the system. Even if the firmware itself is updated with a new vendor release, the malicious firmware code may still persist because some firmware updates replace only parts of the firmware, meaning the malicious portions may not get overwritten with the update. The only solution for victims is to trash their hard drive and start over with a new one. The attack works because firmware was never designed with security in mind. Hard disk makers don’t cryptographically sign the firmware they install on drives the way software vendors do. Nor do hard drive disk designs have authentication built in to check for signed firmware. This makes it possible for someone to change the firmware. And firmware is the perfect place to conceal malware because antivirus scanners don’t examine it. There’s also no easy way for users to read the firmware and manually check if it’s been altered.