The NSA may be hiding payloads in the firmware of consumer hard drives, according to a new report from Kaspersky Lab. The report tracks a group that researchers have dubbed "Equation," which uses previously undiscovered methods to plant targeted malware in hard drive firmware, where it is difficult to detect or remove. The report found exploits for hard drives made by many of the largest brands in the industry, including Samsung, Western Digital, Seagate, Maxtor, Toshiba, and Hitachi. The group is closely tied to Stuxnet, using many overlapping vulnerabilities and techniques over the same time period, and those similarities combined with previously published NSA hard drive exploits have led many to speculate that Encounter may be part of the NSA. HARD TO DETECT AND EVEN HARDER TO REMOVE If true, the program would give the NSA unprecedented access to the world's computers, even when disconnected from the larger web. Viruses stored on a hard drive's firmware are typically activated as soon as a device is plugged in, with no further action required. They're also usually undetectable and survive reformatting, making them difficult to detect and remove. In July, independent researchers discovered a similar exploit targeting USB firmware — dubbed BadUSB — but there was no indication of the bugs being developed and deployed at this scale. It also raises real questions about device manufacturers' complicity in the program. It would take extensive and sustained reverse engineering to successfully rewrite a device's firmware. The NSA would certainly be capable of it, but it's also possible the NSA compelled companies to hand over the firmware code or intercepted it through other means. Reached by Reuters, only Western Digital actively denied sharing source code with the NSA; the other companies declined to comment.
None us believe that the NSA would spy on the citizens of the USA...Only the bad guys overseas. U.S. Embedded Spyware Overseas, Report Claims | Survival Monkey Forums
Not really...it's not as complex as you might think...I know of at least 2 guys capable of doing this SOLO and they're only mid-level ISP techs....State-level bios malware is often crafted like virtual circuits or even root kits from what they tell me in the smoke pit.
And we are not already monitored/exploited? Went onto a Home Depot site looking for parts for our patio swing. Right afterwards everywhere I went a sales pitch about swings popped up. If commercial ventures track our moves just how much more can others track us.
Kaspersky's core expertise is hype, not malware detection or removal. I never act on their "warnings" unless the "threat" they're pumping has been confirmed by the CERT (Computer Emergency Response Team at Carnegie-Mellon) or US-CERT. If true, it might give the NSA some access to hard drives which were modified while in transit from one pacific-rim factory to OEM's at another pacific-rim factory. However, the engineers whom design those disks would never spend the money or suffer the power drains required for the manufacturers to use EEPROM chips in their devices, so every hard drive the NSA wanted to "access" would have to be modified by hand, and that's only worthwhile for very high-value targets, if the NSA were able to get access to such a machine, after a FISA judge had issued a search warrant, and if the machine was located within U.S. jurisdiction, and if the FBI was involved in the case. Sorry, and no offense, but Kaspersky Labs is expert at playing on the fears which brain-dead purchasing managers have because they watched some gee-wiz exploit on television. Don't lose any sleep over it. William Warren