
How the NSA’s Firmware Hacking Works and Why It’s So Unsettling - rl3
http://www.wired.com/2015/02/nsa-firmware-hacking/
======
mmastrac
> “You know how much effort it takes to land just one firmware for a hard
> drive? You need to know specifications, the CPU, the architecture of the
> firmware, how it works,” Raiu says. The Kaspersky researchers have called it
> “an astonishing technical accomplishment and is testament to the group’s
> abilities.”

I honestly don't think it's as difficult as they make it out to be. About ten
years ago we were hacking Treo 650 firmware to read and write to flash without
actually knowing how to do it at a low level. We just found the appropriate
"read sector" and "write sector" commands and wrote a heuristic to search for
them in whatever version was running. Later Android hacking attempts did
exactly the same thing with HTC's HBOOT.

HDD, CD-ROM, DVD-ROM, BluRay -- firmware for all of those types of drives have
been decompiled before. With the right JTAG hardware and/or creativity it just
isn't that difficult for someone who knows that they are doing.

Now, if you can execute code on the HDD's CPU through whatever exploit you can
find, you can search through RAM for whatever methods you need to write
yourself to persistent storage. That persistent exploit can then use
heuristics to hook the appropriate methods to intercept reads and writes as
needed.

~~~
sliverstorm
Hacking around with something in a lab is not quite the same as weaponizing an
exploit. And, while your thresholds for technical accomplishment might be
higher than Kaspersky's, regardless whether we knew this was "feasible"
before, it's the first documented case of completely taking over the hard
drive. That I know of.

~~~
mmastrac
You are correct that it does require more effort to make things production-
ready. From my experience doing similar things -- not weaponizing exploits,
but turning them into polished tools as part of [1] and [2] which I'd consider
roughly equivalent -- I would estimate that productionizing an exploit takes
about 3-5 times longer than the time required to find the exploits themselves.

Note that there have been proofs-of-concept of this for some time [3], as
linked elsewhere in this thread. While it is still impressive that they could
link it into their exploit framework, I honestly believe that you could
"weaponize" something like the previously linked exploit without a massive
effort.

Also note that this is not a "complete takeover" of an HDD, but rather an
exploit that allows it to interpose between the platter data and the computer.

[1] grack.com/romtool

[2] unrevoked.com

[3]
[http://spritesmods.com/?art=hddhack&page=1](http://spritesmods.com/?art=hddhack&page=1)

~~~
sliverstorm
Yes, it's not something totally unprecedented that we hadn't even imagined
possible before. You are correct there.

How is it not a complete takeover? I realize news articles are not the best
technical sources as they get terms & concepts wrong, but I am reading that
the firmware is completely reflashed, which means the HDD CPU has been utterly
"pwned", for lack of a better term.

~~~
qb45
Technically it's pwned, but you are still limited by the amount of time you
have for reverse engineering, implementation and validation. For example, it
seems that they obtain storage area by calling some kind of drive's own
reserved space allocator, without hacking it to hide this usage from host
queries. That's clearly a "limited hack" with potential for improvement.

------
AnthonyMouse
> Hard disk makers don’t cryptographically sign the firmware they install on
> drives the way software vendors do.

That is _not_ a solution for this. You have to assume that a state-level
attacker will be able to either coerce the vendor or its employees into
signing malicious firmware or just compromise their network and steal the
signing key.

The right way to secure firmware updates is with a hardware write-enable
switch/jumper that has to be physically set to make any changes to the
firmware.

~~~
userbinator
Even with hardware write-enable, they could just ship the firmware with the
backdoor code by default, and sign it too. This somewhat reminds me of
Computrace in the BIOS - it's advertised as a "theft recovery" solution, but
could also be used as a firmware-level backdoor, and many laptops are sold
with this preinstalled in the BIOS without the user's knowledge. (It's easy
enough to remove for those who are into hacking BIOSes, but anyone asking how
gets accused of stealing hardware...)

The ultimate solution would be to make HDD firmware open-source, just like
Coreboot for BIOSes, so the truly paranoid could download, verify, compile,
and flash their drives themselves. Unfortunately, I don't see this happening
due to all the trade secrets (including some existing backdoors into
passworded drives that you can find on data recovery forums, but obviously
manufacturers don't want you to know about...) that are likely involved.

~~~
psykovsky
RE: passworded drives.

To access a BIOS passworded drive all you had to do was swap it for another
for which you knew the password, boot into the BIOS and change the HDD
password. It will ask you for your old password, you enter it and you go to
the new password input screen. Now you take out the HDD and put the locked one
in its place. You press enter twice, setting the password as blank, and voilá,
you have your locked drive unlocked. Just boot the computer and no more HDD
password. Have fun.

------
andy_ppp
Presumably some of the people writing these firmwares are reading hacker news.
I'm pretty sad that extremely competent software people are building these
things for the government - just following orders so to speak.

They must know that it's wrong? Or do they buy the government arguments about
the balance between privacy and security; maybe are they just young, talented
and excited to be doing something "legally" that most people would be put in
jail for?

What to do when governments become untrustworthy actors to such an extent?

~~~
junto
Spying is often seen as a necessary requirement to diplomatic stability. I
have much more of a problem with blanket surveillance than this targeted
spying to be honest.

Lots of these revalations are being published by a non-US security company.
The US security companies have either missed these security issues,
deliberately ignored them, or have been forced to keep them secret. In my
opinion, the fact that there are still some non-US IT security companies is a
good thing.

~~~
coldtea
> _Spying is often seen as a necessary requirement to diplomatic stability._

Also for having the upper hand in negotiations and forcing the lesser states
and their politicians to do as you please...

Which is much more important than some BS need for "diplomatic stability"
without any other major player like USSR around, except maybe with China.

If you're the 10,000-pound gorilla you don't get instabilized by the small 10
pound zoo animals...

~~~
frostmatthew
> If you're the 10,000-pound gorilla you don't get instabilized by the small
> 10 pound zoo animals

That's not always true for either countries[1] or animals[2].

[1]
[https://en.wikipedia.org/wiki/Category:Former_British_coloni...](https://en.wikipedia.org/wiki/Category:Former_British_colonies)

[2]
[https://en.wikipedia.org/wiki/War_pig](https://en.wikipedia.org/wiki/War_pig)

~~~
Retric
There is a big difference between a 10 pound animal and lots of 100-400lb pigs
on fire.

 _Megarians doused some pigs with combustible pitch, crude oil or resin, set
them alight, and drove them towards the enemy 's massed war elephants. The
elephants bolted in terror from the flaming, squealing pigs, often killing
great numbers of their own soldiers by trampling them to death._

From of foreign policy standpoint it's often less about the entire country vs
small groups of well-connected people with foreign interests. In the end most
of what the US government does is easier to understand when you reolise and
account for just how corrupt it is.

EX: US immigration policy seems vary reasonable when you reolise exploting
both legal and illigal immigrants makes some people lot's of money.

------
A_COMPUTER
It's sort of funny that the NSA can remotely flash a running system's hard
drive firmware, but Seagate makes me make a DOS bootdisk to do it. they really
do have tech that the rest of us can't conceive of.

~~~
Sanddancer
It's fairly likely that the hard drive can be flashed from within the OS
without any problems. The most likely reason for Seagate's actions is a good,
old fashioned, case of CYA. By making you use a boot disk, you're getting rid
of a lot of other factors, like buggy drivers for other components, etc, that
could cause a system to hang mid-flash and brick the hard drive.

~~~
cnvogel
Also probably they don't see enough demand for people being able to
effortlessly reflash/reprogram their harddisks to invest the necessary R&D to
make it work seamlessly. There are hundreds of tricks to make flashing more
reliable and unsusceptible to data corruption, but it's cheaper to just use a
DOS tool and write "DO NOT TURN OFF OR RESET YOUR COMPUTER!" on the screen.

------
deadfece
Some of Seagate's drives require signed firmware.

[http://www.seagate.com/www-content/product-content/savvio-
fa...](http://www.seagate.com/www-content/product-content/savvio-
fam/savvio-10k/savvio-10k-6/en-us/docs/100699181c.pdf)

 _8.7 AUTHENTICATED FIRMWARE DOWNLOAD In addition to providing a locking
mechanism to prevent unwanted firmware download attempts, the drive also only
accepts download files which have been cryptographically signed by the
appropriate Seagate Design Center. Three conditions must be met before the
drive will allow the download operation: 1\. The download must be an SED file.
A standard (base) drive (non-SED) file will be rejected. 2\. The download file
must be signed and authenticated. 3\. As with a non-SED drive, the download
file must pass the acceptance criteria for the drive. For example it must be
applicable to the correct drive model, and have compatible revision and
customer status._

~~~
elchief
Next week on Der Spiegel: NSA stole drive manufacturers' private keys.

~~~
pstrateman
"stole"

~~~
cdr
Yes, stole. As repeatedly evidenced - most recently with the Gemalto documents
- the NSA far prefers to obtain keys surreptitiously than to go through the
trouble of legally compelling corporations to provide them.

~~~
chinathrow
Issuing an NSL is not really "trouble" for them. As we have seen now countless
of times...

~~~
jacquesm
Note the 'N'stands for 'National' and Gemalto is not American.

~~~
chinathrow
So? Listed company, locations in TX.

[http://www.gemalto.com/companyinfo/offices-
locator](http://www.gemalto.com/companyinfo/offices-locator)

------
drivingmenuts
That the NSA succeeded in this is somewhat alarming, but what is most alarming
is that the document describing this is _EIGHT YEARS OLD_.

No telling what other exploits those sons-a-bitches have come up with and
deployed in the meantime.

------
glabifrons
I've only read part of the article so far, but scanned it for the NSA's
codename and am surprised it is not mentioned (there or here).

They're describing SWAP [0]. Cool they Kasperksy now has binaries to reverse-
engineer.

What's impressive is the number of OSes and filesystems that are supported.
Keep in mind the documentation publicized is from 2008, so they likely support
ZFS, ext4 & btrfs as well now.

[0]
[https://www.schneier.com/blog/archives/2014/02/swap_nsa_expl...](https://www.schneier.com/blog/archives/2014/02/swap_nsa_exploi.html)

------
mirimir
The NSA's Trojanized HDD firmware is indeed “an astonishing technical
accomplishment”. But I'm wondering whether their firmware reprogramming
modules are especially capable, or are merely customized to add requisite
APIs. Maybe Kaspersky will release them. Or not.

In particular, I'm wondering whether host machines' HDDs can be flashed from
VMs. And further, which hypervisors and emulators are least vulnerable in that
way.

~~~
userbinator
_In particular, I 'm wondering whether host machines' HDDs can be flashed from
VMs._

If the VM is using an emulated disk based on an image file on the host,
probably no chance at all as only "read block" and "write block" types of
commands will be interpreted by the virtual disk. Even other mundane commands
like "spin down to save power" won't make it to the hardware due to the effect
that would have on the host or other VMs on it.

If the VM is configured to passthrough directly to the hardware, then it has
full control over the HDD.

~~~
chirayuk
Some thoughts: VMs are an interesting case. Someone with the motive and means
would have exploits to get out of the VM. This is probably easier if the guest
is running something to accelerate (e.g. VMWare Tools / VirtualBox Guest
Additions.) Once you get out, you have to account for the host OS. Assuming
you could do it, how does one determine if the VM is part of a honeypot or the
target?

~~~
temp0larry
Not really. Consider how many hypervisors are there really to exploit from a
virtual OS?

Maybe four.

HyperV, KVM, ESX, what you mentioned, etc...

But really, 3 vendors - Oracle, Microsoft, and VMWare covers the majority.

Way fewer virtualization technologies (mainstream) than hard drive firmwares.

------
coldtea
I think all those articles into details also help to triviliaze the issue.

"They do this specific thing, or they do that specific thing" \-- at the level
of implementation / deployment etc.

The "unsettling" thing should be that they spy on citizens, period. Not how
they do it, if it's 200,000 or 40.000.000 targets, how long they retain the
data, if they're "allowed" to see them, etc...

------
mirimir

        Modern workstations and servers implicitly trust hard disks
        to act as well-behaved block devices. This paper analyzes
        the catastrophic loss of security that occurs when hard disks
        are not trustworthy. First, we show that it is possible to
        compromise the firmware of a commercial off-the-shelf hard
        drive, by resorting only to public information and reverse
        engineering. Using such a compromised firmware, we present a
        stealth rootkit that replaces arbitrary blocks from the disk
        while they are written, providing a data replacement backdoor.
    

Zaddach et al. (2014) Implementation and Implications of a Stealth Hard-Drive
Backdoor

[http://www.s3.eurecom.fr/docs/acsac13_zaddach.pdf](http://www.s3.eurecom.fr/docs/acsac13_zaddach.pdf)

------
elchief
If you want an air gapped machine I guess you better buy the parts separately,
from different sources, via anonymous intermediaries.

------
vasundhar
It intrigues me how , NSA pulls the best of the hackers To accomplish this
task and who is behind the architecture and direction of this ? It's bad, it's
terrible in privacy violation perspective and in security perspective , but
also remember this is nothing less than magic to bring the resources together
effectively and make it scale.

~~~
Htsthbjig
"It intrigues me how , NSA pulls the best of the hackers To accomplish this
task and who is behind the architecture and direction of this ?"

They don't need to be the best of the hackers.

The fascist(collusion between private companies and State) laws that were
created after 11-9 let them have access to the source code of hardware and
software.

With source code, doing this is not that hard. I believe most of them do not
need to be stars.

I don't know about the specific NSA, but normally secret agencies have lots of
ways of finding who is good at hacking-cracking(the stars). For example who is
behind the release of the crack to a software protection.

As simple as "recording the web" for unique documents upload, and analyzing
which dark web page was the first to upload the document. Follow all the
proxies and who is really behind is not that hard if you have resources.

Once you know who is the target you want to hire you study her with social
connections in facebook-twitter-whatsapp- gmail-smartphone, very easy for the
NSA.

You study her weaknesses, she probably needs money, you give her(first one's
is free, so you give her lots of money for her first easy job so she believes
she could be rich easily). She is lonely, you give her a partner. Needs sex?
And so on.

The rest is easy, once they take the bait maintaining them hooked requires
them much less energy(money, resources or coercion). They can destroy you life
with the pinky finger.

Life is good if you do exactly what they ask you. If your vice is thinking for
yourself or ethical scruples(and most hackers have those vices) your life
could be hell.

If you help them, you are a patriot, if you don't, you are a traitor. You are
with me or against me is their favorite motto.

Stars know personally other stars, and they know who is good at it at a
glance. So you make one of her jobs to hire other hackers crackers.

------
Kennedy0808
Do you need hackers for hire? Do you need to keep an eye on your spouse by
gaining access to their emails? As a parent do you want to know what your kids
do on a daily basis on social networks ( This includes facebook, twitter ,
instagram, whatsapp, WeChat and others to make sure they're not getting into
trouble? Whatever it is, Ranging from Bank Jobs, Flipping cash, Criminal
records, DMV, Taxes, Name it, We can get the job done. We're a group of
professional hackers with 25 Years+ experience. Contact at
hacksville147@gmail.com ... Send an email and Its done. Its that easy, try us
out today.

------
DanBlake
Does the firmware itself have the capability to issue outbound/inbound
networking requests?

That might be the case for a hacked firmware on a ethernet card, but on a
hard-drive? How would windows even interpret a outbound request that comes
from the hardware in the first place?

The only way I can imagine this works is if when doing a fresh install with a
hacked hard-drive, the operating system would request the drivers from the
hard-drive itself, which would give it the infected DLL which could obviously
do whatever it needed- But it doesn't work that way, drivers are almost always
downloaded, no?

------
giancarlostoro
I notice only Windows is mentioned, so how does this affect Mac or Linux?
Curious about how they approach entirely different systems? Or am I not
understanding how hard drives work? I'm not as knowledgeable on hardware, as I
am on software.

------
biturd
Why can't the HDD vendors publish a md5/sha1 hash of the firmware so we know
what the value should be?

If the NSA ( or anyone ) are going to modify the firmware and hide malicious
or preparatory exploit code in that area, the end user will have little
recourse post-exploit. Though, beforehand, if the HDD vendor published, for
example: the md5/sha1 of the firmware the OS vendor could then write a
"control panel" or application that the number has been entered/seeded by that
vendor. If the hash on boot does not match the hash in storage, alert the user
the drive has been hampered with. Alert the vendor, they send you a new drive,
and you throw away the old drive.

I'm not entirely sure how to do this if they happen to not modify the firmware
but instead just store in the areas wasted space. I can think that you would
use sized to make values you could then hash. As long as the vendor knows the
values of of what they did, those can always become keys to compare to make
sure they have not been modified. ( I hope at the very least. I don't want a
stalemate or a loss when it comes to this type of security, it has to be a win
for the consumer. )

Is there any reason this approach wouldn't work? What other alternatives are
there if they are writing to the firmware area of the HDD?

What if this were the firmware of the hardware itself. There are firmware(s)
within your USB bus, wifi chipset, cpu chipset, keyboard chipset, display,
power management, some cables, everywhere. Those can be leveraged individually
or via a RAID style merging of all these firmware areas to give you, hundreds
of MB of super difficult to locate storage space.

If no one is looking, you can get away with anything you want. And in this
case, even if someone is looking, it will take a very good set of eyes a few
times over, as it seems one voice is never loud enough to get the word out. Be
prepared to go to jail for talking about any of their methods, even in a
theoretical sense.

~~~
tryp
>Why can't the HDD vendors publish a md5/sha1 hash of the firmware so we know
what the value should be?

Because the only way to actually verify the hash of the firmware is to connect
to the drive's controller outside of the firmware's control with something
like JTAG or a direct dump of the flash. Otherwise, the PC would send a
command to ask the HD firmware what it's own hash is. The compromised HD
firmware can then simply respond with a published vendor hash.

~~~
romaniv
The hash can be computed in hardware or via ROM program.

~~~
tryp
Of course the firmware could hash itself. The question is what value is there
in trusting and untrusted component to tell you it's trustworthy.

