Hard Disks Can Be Turned Into Listening Devices

6 réponses [Dernière contribution]
zigote
Hors ligne
A rejoint: 03/04/2019

https://www.theregister.co.uk/2019/03/07/hard_drive_eavesdropping/

"To prevent HDDs from being turned into microphones, the trio suggest hard drive makers sign firmware cryptographically and use TLS when distributing updates to prevent MITM attacks."

Not a really FOSS approach?

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

With a free firmware and a local control of the keys, it is. Same difference as between "Secure Boot" and "Restricted Boot".

zigote
Hors ligne
A rejoint: 03/04/2019

Which disk drives have free firmware?

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

I do not say there are. I say the "approach" ("sign firmware cryptographically and use TLS when distributing updates to prevent MITM attacks") is not incompatible with free software. That was your question.

zigote
Hors ligne
A rejoint: 03/04/2019

What you say is so. I was rather thinking about the aspect of the approach in which the vendors open the software, so it can be scrutinized and improved by FOSS community before all these vulnerabilities take place, rather than fight them with more and more restrictions and hiding of stuff.

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

That is no solution to the risk the article refers to: third-party attacks to flash a malicious HDD firmware.

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

>Which disk drives have free firmware?

None, as far I know.