Page 1 of 2
More virus woes
Posted:
17 Feb 2015, 07:48
by Suff
It seems that a "government" has been
infecting the firmware on hard drives with viruses.
This kind of attack is extremely potent as it can reinfect the machine every time it is turned on.
My main problem with this is that every time some government has created some super clever piece of software like this, it has soon fallen into the hands of the very unscrupulous. Especially where they can take the firmware, replace the spying program and then use normal vulnerabilities to apply that firmware to your hard drive. In effect creating a perpetual virus you can't get out even with a clean and re-format. You could only either apply the clean firmware (if you know how), or buy a new hard drive.
Whilst I applaud the ingenuity of the security services, I do wish they wouldn't impact us in this way. It's been a long time since viruses attacked the PC motherboard BIOS itself and manufacturers had to create a lot more protection there. It now looks like they're going to have to create much more protection on the hard drives themselves.
Another one to add to my list of "fixes" to apply...
Re: More virus woes
Posted:
17 Feb 2015, 18:41
by Suff
Worse.
It appears, as the information comes out, that they have the source code of the hard drives. Well the hard drives of at least 12 main manufacturers. Apparently they can infect the areas of the hard drive internal controllers which are not updated with a firmware update.
Meaning that the only way to get this out is to either get the manufacturer to reinitialise it, or ask the "government" which infected our drives if they would "please" take it out again.
Apparently machines are being infected whilst in transit to their destination. Meaning that you could, if you are extremely unlucky, buy an infected machine.
Right now they are only targeting the very highest sources of information. Think senior governments and nuclear facilities. But, what probably cost millions of $ and years of effort, can be duplicated by criminals with moderate equipment. Which is something that is much more worrying.
Kaspersky will be updating their detection software in the coming weeks, I expect the others to do the same within 2 months. But, detection is one thing. Having to detect and remove it every time the PC starts is another thing altogether.....
Re: More virus woes
Posted:
17 Feb 2015, 19:12
by Suff
For those who are interested,
this makes fascinating reading.
One part I was extremely interested in as I'm an IE user and have to suffer all the "that's full of holes comments".
The attack was unsuccessful as it was caught by our product and the user was
protected. The attack was targeting Firefox 17 (TOR Browser), using an unknown
exploit that we have not recovered.
Re: More virus woes
Posted:
17 Feb 2015, 19:18
by TheOstrich
Yes, I agree with you that the most worrying thing is that what Governments can do today, criminals will copy or piggyback tomorrow.
It doesn't do anything to allay my fears that, taking a long view, this last three decades' of mass internet experience will all end in tears in the forseeable future, and we had all better get prepared to living life "apres-net" .......
Re: More virus woes
Posted:
18 Feb 2015, 02:55
by Suff
Certainly if you consider that Samsung has already been censured for not allowing it's voice command software to be switched off when the TV is on, capturing conversations which people thought were private and then passing on that information to product owners who then target advertising at the TV owners.
In fact, I wonder how many people have switched off the voice command modules on their smart phones? I have as I never intend to use it. But many people will use Siri and the Samsung offering and Microsoft has Cortana (which is whinging at me because I won't "fully enable" it).
If they can infest your firmware in your hard drive, then surely they can take over the voice recording module on your phone.
Perhaps there will come a time when we see physical switches on our hardware to switch the microphones and cameras off....
Or perhaps not. After all, "If you have nothing to hide".....
I did wonder how the authorities knew about things like all these impending attacks. Now we have an idea. Did you notice the icons on the UK entry in the world picture? Monitoring Finance, Islamic clerics and "unspecified people". What was more interesting is that it uninstalls itself if it doesn't find an interesting enough person, thus avoiding detection for much longer.
I'm betting that certain western authorities are somewhat miffed with Kaspersky right now. I'm also wondering how many Western Anti Virus companies already knew about this and were "hushed up".
When you look into the document and see the extreme levels of work and effort required to carry out this kind of work, it demonstrates why you have to pay for your AV cover. Free companies simply can't put this level of effort in.
Re: More virus woes
Posted:
18 Feb 2015, 11:44
by Workingman
The timing of the announcement and the company making it is interesting, but maybe that's my 'conspiracy theory' devil making his presence known.
The thing is that I fully expect governments to spy on the activities of other governments, and this is just another example of them doing just that. The apparent fact that all hard drives could be compromised is a bit 'out there' from my POV.
There are billions of them throughout the globe and 99.99999% of them have nothing of interest whatsoever to governments on them. That gives the danger that if every single one was being monitored 24/7 (an impossibility) something(s) really important will be missed in all the background chatter.
However, the possibility of criminals getting hold of the code and using it to their own ends is a worry.
Re: More virus woes
Posted:
18 Feb 2015, 13:04
by Suff
Yep that is my worry. Now they know it is there, they will go looking for it. The hard work is already done .
Re: More virus woes
Posted:
18 Feb 2015, 13:30
by Workingman
If the article is correct all they will have to do is go out and buy a Western Digital hard drive and do some forensic work on it.
If Kaspersky found it the crims almost certainly will.
Re: More virus woes
Posted:
18 Feb 2015, 17:17
by Aggers
I don't know whether this is relevant to the subject under discussion, but the other day
some of the locals here were advising people not to have their smartphones switched on
when travelling on a train. Apparently some people have had information on their phones
accessed by some passenger using sophisticated equipment, and have consequently had
money stolen from their on-line bank accounts.
Re: More virus woes
Posted:
18 Feb 2015, 18:15
by Workingman
I suppose anything is possible. If you can send things out from your phone (calls, texts) then the malcontents can send stuff in, but why pick on trains? Why not say bus stops, or supermarkets, or the M&S café or your living room, after all you use your phone in these places?
If malicious hackers can hack your phone, they will. If they can get you to download a dodgy app, they will. Turning off Wi-Fi and Bluetooth when they are not being used will help, but the only way to stop a phone being hacked is to keep it turned off or left in its packaging on the shelf in the phone shop. It is all a matter of being careful, the same as it is with computers and everything else in life.