Hard Disks Can Be Turned Into Listening Devices

6 replies [Last post]
zigote
Offline
Joined: 03/04/2019

https://www.theregister.co.uk/2019/03/07/hard_drive_eavesdropping/

"To prevent HDDs from being turned into microphones, the trio suggest hard drive makers sign firmware cryptographically and use TLS when distributing updates to prevent MITM attacks."

Not a really FOSS approach?

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

With a free firmware and a local control of the keys, it is. Same difference as between "Secure Boot" and "Restricted Boot".

zigote
Offline
Joined: 03/04/2019

Which disk drives have free firmware?

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

I do not say there are. I say the "approach" ("sign firmware cryptographically and use TLS when distributing updates to prevent MITM attacks") is not incompatible with free software. That was your question.

zigote
Offline
Joined: 03/04/2019

What you say is so. I was rather thinking about the aspect of the approach in which the vendors open the software, so it can be scrutinized and improved by FOSS community before all these vulnerabilities take place, rather than fight them with more and more restrictions and hiding of stuff.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

That is no solution to the risk the article refers to: third-party attacks to flash a malicious HDD firmware.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>Which disk drives have free firmware?

None, as far I know.