14 DAY TRIAL // Many people are aware of or at least suspect that their hardware devices might have some sort of code that allows their computers to be subverted, but actually being faced with the reality of it all is something else.
Unfortunately, that is exactly what has just occurred, and the revelation comes from Russian cyber-security company Kaspersky Labs.
The company has discovered a very advanced US spying program that can tap into deliberately designed backdoors in the firmware of HDDs.
The woes of centralized HDD production
Over the past five years, the number of HDD manufacturing countries fell from five to three, as Seagate and Western Digital assimilated most of them, with Toshiba being the only one left besides them.
While before there were brands and factories in South Korea (Samsung), Japan (Hitachi, Toshiba) and the USA, only the last few remain.
Thus, with Western Digital and Seagate both operating on US soil, the NSA was apparently able to get certain backdoors included in the firmware of the devices.
That means they have a ready and waiting channel to remotely access everything stored on your computer.
According to Kaspersky, the NSA is using the HDD backdoors to spy on foreign military organizations, telecom companies, banks, the media, Islamic activities, nuclear researchers and governments as a whole.
The company that designed the malware capable of tapping into the backdoors has ties to the development of the cyber-weapon used by NSA to destabilize Iran's uranium-enrichment facilities, called Stuxnet. They refused to name it though.
How the backdoor works
The backdoor is activated every time you turn on your computer, the moment the BIOS loads the firmware of all hardware components onto the system memory. This happens before the OS is booted.
The malware has access to critical OS components because of that, file system access and network access being the main ones.
As you might expect, WD and Seagate have both denied sharing the source code of their HDD firmware with government agencies, and that it is designed to prevent reverse-engineering or tampering.
This is at odds with statements from former NSA operatives who said obtaining source code is as easy as posing as software developers or just telling a manufacturer that the code needs to be inspected to make sure it's clean, before buying PCs running their HDDs.
Two possibilities exist
Since Seagate and WD both have facilities in Thailand and China, and other countries with high-security zones, both companies must have collaborated with the NSA on this, otherwise the firmware would not have reached all HDDs.
Or perhaps not all HDDs have the firmware vulnerability, however unlikely that is. All we can say is that this, unfortunately, does not take us by surprise. Not after hearing about that secret 3G radio that may or may not be located inside CPUs.
We've taken a closer look at this issue, including specific HDDs that were affected. This being a relatively recent development, it's not as bad as it sounds. Yet.