Monday, 3 June 2019

Your hard drives were riddled with NSA spyware for years

Just seen this story from February 2015.
The US National Security Agency (NSA) infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades – all according to an analysis by Kaspersky Labs.
The campaign infected possibly tens of thousands of Windows computers in telecommunications providers, governments, militaries, utilities, and mass media organisations among others in more than 30 countries.
I wrote a bit about this problem a few months prior to that. See Trustworthy Hardware
Of course this problem is not unique to USB; the PCI bus interface offers similar "opportunities," with the potential for re-programming the firmware on network adapters, disk drives, storage area networks etc. Such devices typically have more potential for autonomous data-processing than do USB devices.
And also this followup I posted a few weeks ago

No comments:

Post a Comment