Hacker News new | past | comments | ask | show | jobs | submit login

Even with hardware write-enable, they could just ship the firmware with the backdoor code by default, and sign it too. This somewhat reminds me of Computrace in the BIOS - it's advertised as a "theft recovery" solution, but could also be used as a firmware-level backdoor, and many laptops are sold with this preinstalled in the BIOS without the user's knowledge. (It's easy enough to remove for those who are into hacking BIOSes, but anyone asking how gets accused of stealing hardware...)

The ultimate solution would be to make HDD firmware open-source, just like Coreboot for BIOSes, so the truly paranoid could download, verify, compile, and flash their drives themselves. Unfortunately, I don't see this happening due to all the trade secrets (including some existing backdoors into passworded drives that you can find on data recovery forums, but obviously manufacturers don't want you to know about...) that are likely involved.




RE: passworded drives.

To access a BIOS passworded drive all you had to do was swap it for another for which you knew the password, boot into the BIOS and change the HDD password. It will ask you for your old password, you enter it and you go to the new password input screen. Now you take out the HDD and put the locked one in its place. You press enter twice, setting the password as blank, and voilá, you have your locked drive unlocked. Just boot the computer and no more HDD password. Have fun.


I agree with the open source point (but not that it would solve everything - see "Trusting trust"), but shipping with the backdoor by default is is problematic for the attackers, because it makes it public.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: