Hard Disks Can Be Turned Into Listening Devices
- Inicie sesión o regístrese para enviar comentarios
https://www.theregister.co.uk/2019/03/07/hard_drive_eavesdropping/
"To prevent HDDs from being turned into microphones, the trio suggest hard drive makers sign firmware cryptographically and use TLS when distributing updates to prevent MITM attacks."
Not a really FOSS approach?
With a free firmware and a local control of the keys, it is. Same difference as between "Secure Boot" and "Restricted Boot".
Which disk drives have free firmware?
I do not say there are. I say the "approach" ("sign firmware cryptographically and use TLS when distributing updates to prevent MITM attacks") is not incompatible with free software. That was your question.
What you say is so. I was rather thinking about the aspect of the approach in which the vendors open the software, so it can be scrutinized and improved by FOSS community before all these vulnerabilities take place, rather than fight them with more and more restrictions and hiding of stuff.
That is no solution to the risk the article refers to: third-party attacks to flash a malicious HDD firmware.
>Which disk drives have free firmware?
None, as far I know.
- Inicie sesión o regístrese para enviar comentarios