NSA firmware spying ... and business opportunities

[lucidity]

Hello Siblings,

There are clear opportunities here.

A Russian security firm, Kaspersky Labs, announced at a conference Monday, 16 Feb 2015, that they have identified a highly sophisticated hack of hard drive firmware in the wild. The hack is invisible to all ordinary software tools. The hack survives the disk being entirely erased and the operating system being reinstalled. The hack hooks into the computer booting sequence to ensure that it is loaded into the operating system during system boot (so long as one is booting one of the common versions of Windows or Mac OS X that the hack knows about.)

source: Paul's excellent thread

So we now know that disc drives in particular, but probably also many other
computer devices have spyware built right into the firmware.

There are real opportunities here for those with the technical
skills and/or entrepreneurial/management skills to cease them.

Firmware writers can write their own firmware utilities with the same
interface as the maker's firmware. If a company devoted itself to writing
firmware for (say) hard drives to create spyware-free firmware for
hard drive brands: A, B and C.

For example, You might be able to pay $X dollars to download the 'spyware-free'
firmware for Brand A disk drive that runs in your laptop/computer.
This would service the privacy needs of journalists, dissidents, politicians,
spies .... as well as ....govt departments, banks, insurance companies,
commercial companies (big money here!) and private individuals.

I can imagine there are lots of companies and govt departments
where the senior management would be happy to sign off on the
purchase of spy-free firmware for 'sensitive' infrastructure,
senior management laptops... etc.

Spyware-free firmware... could make lots of independent companies lots and lots
of money. Budding entrepreneurs should look closely at this and start
figuring out how to contact appropriately experienced C and C++ developers.
Skilled C/C++ developers might start thinking about partnering up with
appropriately skilled/experienced entrepreneurs managers.
(Developers, make sure you get a clear and specific partnership contract
signed right at the start)

This same business model can be used for:
1. disc drives, optical drives, USB drives, web cams, mouse and keyboard drivers.
2. mobile phones and tablets.
3. modems, routers and firewalls.

Plenty of business opportunities there.

If you know anyone that's been looking for good business ideas
maybe you could mention it to them... perhaps... just perhaps...
they will take up the challenge.
(And then maybe we'll all benefit)

be happy

lucidity :-)

[korgh]

Nice! Sounds like a new job opportunity!
Just kidding
By years this "technique" is known mainly when the HP built spyware chips and sent them to Iraq attached on printers. The process of hardware identifying is easy to do and it can be done bypassing the drivers written specifically for those hardware. You can write your own using the latest SMI by API's with a OOP (object oriented language) or just coding like old school using low level language like assembler. You can compare both using some technics and prevent or develop.
My two cents.
Cheers.

[Carmody]

here's the problem, for some of this stuff:

In the mid 1990's the backdoor activation was carried out via regular data throughput in the given telecommunications chips.

That the secondary control system sequences were enabled via the application of signal to and via normal signal paths.

Ie, imbedded in the 'normal usage' signals. Which means that the hardware, the chips themselves...are permanently compromised.

This was not about control via normal pin assigned control systems, it was all about imbedded control, 'normal signal pathway' imbedded signal control.

To try and clarify further, if the chip's job is to transfer data, clandestine control of the chip is imbedded in the datastream.

That's the only way telecommunications devices could be controlled remotely, from anywhere. The control sequences are imbedded in the datastream.

Which means the chip is permanently open to control, as long as that chip is in the given system, and is transferring data.

It has nothing to do with bios or any given control software.

[Anchor]

Posted by Carmody (here)
It has nothing to do with bios or any given control software.

The other problem is that most firmware systems are write only to prevent theft of intellectual capital, so you cant actually probe the device to find out if it has been doctored.

I think that what we will see in future is that devices have "tamper evidence" features developed.

Also, in assessing the threat - one has to consider that the NSA is not going to waste their top tier hacks (hardware backdoors) on low value targets. They didn't with the software from "the equation group" which is why they got away with it for so long.

I do not believe these people are invulnerable. They make mistakes and what is done in the dark is soon shown in the light. This is an accelerating process.