With all eyes on the Vegas security conferences, some amazing news comes out of OHM2013, a security conference in The Netherlands. At the show a security researcher demonstrated how a hacker could re-program the firmware on a hard drive to maintain a backdoor, and apparently the attack would still work even if the hard drive was erased and reformatted!
This week at a European security conference a security researcher demonstrated an attack that would allow a hacker to access and modify the Flash Firmware on a hard drive and program it to protect his access.
Firmware is code stored on a special flash-able chip on the drive. The built in code tells the drive how to work, how to read and write data. It is flashable (can be reprogrammed) so the manufacturer can release updates to the firmware. Most people never re-flash or update their hard drive firmware.
At the security conference, the presenter demonstrated how the attack works. He ran the program to modify the firmware on a drive. He pretended his access was detected and the administrator password was reset.
The firmware was programmed to look for a special trigger code, a special website address perhaps, that once the hard drive cache sees, it grabs the password file the next time it is accessed and changes the password back to what the hacker set it to.
And it worked!
So basically, if the hard drive firmware is compromised by a hacker, they could change it to allow them to have access to the compromised system again, even if the entire drive was erased and re-formatted.
For more information, including a step by step explanation and proof of concept code, check out Spritesmods.com.