By now I hope everyone is aware of this fact that no hard drive is safe and formatting will not wipe this extremely complex firmware malware. If you aren’t aware - please read up on it.
So when can I expect a firmware update for all of my hard drives?
The reason I’m asking is because this is a huge violation of privacy and according to researchers the source code for the hard drive firmware came directly from company’s like Western Digital. Articles explain that hard drives can only be destroyed if you are infected or targeted.
“Drives made by Seagate Technology, Western Digital Technologies, Hitachi, Samsung Electronics and Toshiba can be modified by two of Equation’s hard disk drive malware”
On Monday, February 16, Kaspersky Labs published a research report about an advanced cyber-espionage program, whereby a threat actor has created malware that, according to Kaspersky Labs, enables reprogramming of hard drive firmware and control of that hard drive. Western Digital had no prior knowledge of the described cyber-espionage program and is reviewing the report. We take such threats very seriously. The integrity of our products and the security of our customers’ data are of paramount importance to us.
I can understand how the NSA could coerce WD and Seagate into surrendering their source code, but how would they go with Samsung, Hitachi or Toshiba?
In fact WD’s firmware doesn’t appear difficult to hack, even without proprietary tools, datasheets or documentation. The first hit with Google turns up the following article:
The author was able to modify the “ROM” code on the drive’s PCB and then take control of the drive. He presented his technique at the OHM2013 convention (Observe, Hack, Make, 31st July 2013).
It would be interesting to see how the HDD manufacturers respond. One would hope that they would provide tools for dumping the drive’s firmware and verifying its integrity, either by local analysis, or by uploading to a remote site, but I’m not expecting anything.
In the meantime Russian tool suppliers are your best hope. Ironically, while the NSA is busy stealing your data, America’s cold war enemy provides the tools that American companies use for data recovery. These companies include WD’s own data recovery “partners”.
I would use SeDiv (demo version) or a similar tool to dump your drive’s firmware resources, and then store this copy in a safe place.
