Slashdot Mirror


How To Head Off ATA HDD Password Abuse

An anonymous reader submits "German c't magazine has a story about abusing the security features of ATA hard disks. The bottom line is that almost all ATA hard disks in desktop PCs can be password-protected. However, on most desktop PCs, the BIOS does not support locking this option -- so viruses or malware could set a random password, making any data unreadable unless recovered by professionals."

4 of 215 comments (clear)

  1. the word being "could" by Anonymous Coward · · Score: 5, Insightful


    but when was the last highly destructive virus you saw ?

    virus writers/skripterz have long since learnt, if you kill the host it is of no use to you, you achieve nothing

    99% of viruses today are trojans because you can use your fancy stealth infection/propogation routines AND make a profit if you keep the host alive, locking a HD would be pointless and contrary to opinion most Virus writers are not stupid, misguided perhaps but not stupid

  2. Disk-Jacking to put hard drives At Your Disservice by D4C5CE · · Score: 4, Insightful
    There's a larger risk looming in this unwelcome feature... From an earlier submission:
    Heise has just released a dire warning (and temporary treatment) from c't regarding ATA hard disk security passwords: There may be a gaping security hole in millions of computers that allows malware to lock the hard drives from their legitimate users. Some will remember what this means from extortionate trojan horses as early as 1989 (search for "Panama" - judicial outcome in 1995). Now factor in how some similar disaster, "supported" by firmware, could spread over the Internet rather than by postal mail today...
    It seems crucial to protect one's system ASAP against what could become a boon for blackmailers.
    The problem is that if BIOS doesn't disable the function, a "well"-(i.e. viciously)-positioned malware (early in the boot process) could lock the hard drive on first reboot even before any protective software can kick in.
  3. Re:why would you do this? by darkwhite · · Score: 5, Insightful

    Why on earth would you want to password "protect" a hard drive? How would that be any better than properly encrypting your files?

    Speed.

    Only very sophisticated organizations have the means to lift data off a password-protected hard drive. Encryption, while more durable in that regard, sacrifices speed with every access to the files in question.

    --

    [an error occurred while processing this directive]
  4. Re:professional? by mkldev · · Score: 4, Insightful
    I'm willing to bet drive manufacturers -do- have custom firmwares that do that. Why? Because otherwise they would end up generating a lot of bricks while testing bug fixes to those parts of the firmware....

    Further, it shouldn't be that hard to solve this problem. The drive reads the data off the disk. There's a ribbon cable between the controller board and the disk. Tap the data stream. Feed it into a logic analyzer that has a digital data ouptut (e.g. a USB logic analyzer). Take the data captured, find the sync bytes, then shove the remainder into an RLL decoder.

    Now figure out the ECC format used (it will typically be four bytes at the end of each sector, but this may vary). Strip the ECC bytes. You now have a track image of the track in question, probably with some extra sync bytes between sectors, but I'm not sure. If you want, you could simply single-step the drive motor repeatedly and copy the entire disk this way, but it is probably more effective to write a program that scans for things that right be an ATA password and tries them sequentially.

    To make this easier, every 4 passwords or so, the tool should ask you to power-cycle the drive. To facilitate this, take a power extender cable and cut the 5v line. Put a momentary off pushbutton inline. Press for a second and then release. In all likelihood, you should only need to power cycle the drive electronics, not the drive motor (12v).

    I've never tried this, of course, but in principle, it shouldn't be that bad....

    --
    120 character sigs suck. Make it 250.