Slashdot Mirror
How To Head Off ATA HDD Password Abuse
An anonymous reader submits "German c't magazine has a story about abusing the security features of ATA hard disks. The bottom line is that almost all ATA hard disks in desktop PCs can be password-protected. However, on most desktop PCs, the BIOS does not support locking this option -- so viruses or malware could set a random password, making any data unreadable unless recovered by professionals."
Why on earth would you want to password "protect" a hard drive? How would that be any better than properly encrypting your files?
Apple also sees no need for action - to load a kernel extension it is necessary to enter the administrator's password, the company noted. We have come to an agreement with Apple to the effect that we will program a demonstration of the damaging action and make it available to Apple. Perhaps someone in the United States will change his or her mind once he or she can only access their hard disk after entering correctly "c't Magazin für Computertechnik" (including the umlaut!).
Here is a website that shows how to unlock it, and you don't even have to be a professional!
http://www.rockbox.org/lock.html
but when was the last highly destructive virus you saw ?
virus writers/skripterz have long since learnt, if you kill the host it is of no use to you, you achieve nothing
99% of viruses today are trojans because you can use your fancy stealth infection/propogation routines AND make a profit if you keep the host alive, locking a HD would be pointless and contrary to opinion most Virus writers are not stupid, misguided perhaps but not stupid
The problem is that if BIOS doesn't disable the function, a "well"-(i.e. viciously)-positioned malware (early in the boot process) could lock the hard drive on first reboot even before any protective software can kick in.
Only tenth?
Where where you yesterday!
It was a laugh a minute here. Really. Honest.
How is this any worse than if a virus were to erase the hard drive?
OK im not Device programmer , but is it technicaly possible to create a virus that on certain brands of BIOSs using the hardware interface(i know MSI boards support software overclocking and many Graphics cards) could overclock the computer in some way and cause perminant dammage to the system as i am fairly certain you could and if so why is this not a more major worry as this could cause real damage
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Duke Nukem Forever running on Debian Sarge HURD?
KFG
What if someone encrypts all your data one night? You show up for work one morning only to find the latest worm has encrypted all your data and it forces you to recite the lyrics to ELOs Another Heart Breaks ("one, two, three," etc..) before you can get at your data again. Look, if it has enough access to reset the password on your ATA drive, you probably have bigger issues to worry about, like the gaping hole in your OS that allows user code direct access to your hardware.
I think you underestimate just how much I just dont care.
[Fuck Beta]
o0t!
This story was yesterday published on heise online...
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
If this was meant to be an April Fool's joke, they could have at least made up a _new_ technology. As it is, ATA passwords are as old as ATA hard drives (which is to say, ancient). Thus, it is just another /. useless article day.
If it's in a known and common chip on the control board couldn't someone just replace the chip?
I regularly work with surface mount ICs and there are solutions to remove and replace virtually any device.
Stop the world; I need to get off.
If the BIOS doesn't do it, the OS, upon boot could simply instruct the drive not to accept password change commands. Which wouldn't stop a sufficient virus from sabatoging the next boot and setting it, but still it increases security.
Its called the HDD passwd in a xbox.. Its how all xbox's are password protected against their own motherboard.. to prevent duplication and crap.. too bad its been broken more times than this entire post :)
Viva la xbox revolucion!
There's no Freedom like UFP-dom
A SRST initiated over the device control register would be interpreted as a COMRESET. Since the disk isn't able to distinguish a software-reset from a hardware-reset, it would open the freeze lock - outside the BIOS obviously, what would lead the ATA-security open for changing the password.
Erasing it or even recording some random porn images before password protecting, almost every user would just discard it, but there would be some of them who pay lot of money to discover one hundred copies of goatse .... really funny!
"A DOS from a diskette boots suspiciously slowly"
When does a diskette ever boot not "suspiciously slowly"?
Digital Sailor
You can restore an erased drive from backups.
A locked drive can't be restored when you don't know the password.
It's the difference between deleting the data, and deleting the drive. Drives are cheap now, but not to the point where throwing away drives can be ignored.
From my understanding as long as the Locked HD is on the MoBo where it was locked it still works fine, it only when it attached to another MoBo its unreadble (My experience if from the Xbox)
And then if you can tell us how you put these backups back onto thousands of locked hard drives that you don't even have write access to anymore (otherwise all you'd need are spare hard drives for every machine), you'd only need the staff to service all of these computers before a few days of lost business have bankrupted your company.
Or wait a minute, sounds like a plan:
In general, these features don't seem coded to well. Here's a post I made to Bugtraq back in December of 2003.
The Dell BIOS allows users to set several different passwords to protect
their machines from unauthorised access. There is 1) a Setup Password,
which is required to enter the BIOS setup, as well as 2) a Hard Drive
Password, as per the ATA Security Feature Set Specification.
Unfortunately, once a Hard Drive Password is set which contains one or
more of the following characters,
, . ; : ' [ ] { }
it can not be later entered to access the machine. It appears as though
a bug in the BIOS code prevents those characters from being taken as
input when the user is asked for the password - however, the BIOS
incorrectly allows users to set passwords containing those characters.
This is not an incredibly serious problem as such, since a user can go
back into the BIOS setup and change the password there, provided the
BIOS Setup is not protected with an unknown password. Or, as a last
resort, Dell can be phoned to provide a master backdoor password, as
long as the user can prove herself the legal owner of the computer. Of
course, the prerequisite of physical access to the machine highly
mitigates this vulnerability.
It is however an interesting bug from the point of view of Dell's
practices. I have contacted them over two weeks ago, but their
'technical support' is unable to understand or resolve the problem. Two
of their representatives told me to reinstall Windows XP Chipset
drivers, even when I asked to be forwarded to people higher in the
technical support chain. Perhaps this post will encourage Dell to pay
more attention in the future.
Affected Systems: Dell Inspiron 2650 System BIOS, A11
(A11 is the current BIOS as of writing, and was released in late
September of this year)
Other BIOS/Dell models are perhaps vulnerable but have not been tested.
What's a more successful species? Smallpox or bubonic plague, or the bacteria that live in your gut that help digest your food and make you fart?
This comparison doesn't make any sense. Smallpox and plague are viruses, which are parasites. A parasite is a lifeform that lives by feeding off a host, and not helping the host in any way (usually harming it).
The bacteria in your gut aren't parasites; they're symbiotes. (Yes, just like the creatures in Stargate.) We rely on them to survive, just as they rely on us. Without those bacteria, we wouldn't survive.
If you manage to backup every system in and out of your offices every few hours... congratulations, please let us know your storage solution...
Two words: Thin Clients
Smallpox and plague are viruses
Nope. Smallpox is, but plague is a bacillus, Yersinia pestis (formerly Pasteurella pestis).
-- Alastair
Whoops, you're correct about this.
Regardless, the bacteria that cause plague are parasitic in nature, whereas the gut bacteria are symbiotic.
I've been doing more work with FPGA's recently:
:)
If this is the case, there are some IDE controller projects available on opencores. It shouldn't be a serious problem for someone to build a board that would allow you to mount the drive so you can copy data off of it - there are also open, well tested, PCI bridge modules freely available now.
http://www.opencores.org/browse.cgi/by_category
If it is indeed the serious concern that people indicate, and it can be broken by the means you suggest - I challenge someone with a few dollars to donate it to opencores with the objective of getting this done.
Indeed, the "sticking it to the man" factor is high enough that I am intrigued enough to have a more in depth look.
..don't panic
Viruses and spyware can simply erase your disk, in addition to changing the password. The solution? The same solution as for hardware failures, cats walking across the keyboard, or babies drooling on the disk: restore from a recent backup. If you don't have a recent backup, a virus that sets the ATA HDD password is the least of your problems.
but when was the last highly destructive virus you saw ?
What about the witty worm?
It spread in less than an hour and the proceded to destroy data on the hosts hard disks.
the way i understood it, there are two passwords: user password and administrator password.
Access to the harddrive will only be prevented if the user password is set, but the user password can only be set when the administrator password is known.
So if I only set the administrator password, then the drive can be accessed as usual, but the user password cannot be set by some software.
Correct? or did I misunderstand that?
There is no "administrator password". The "master password" is like a janitor's master key. It's a failsafe to let you unlock the drive if the user password was set.
The incredibly stupid thing is there doesn't seem to be a way to say "disable the password mechanism completely". IMHO, this should be the default state, and it should require physical access to the drive (say, with a jumper) as well as (of course, any passwords) to switch it from one state to another. A laptop could connect that jumper to an external "security" button that you hold down while the BIOS does its thing.
I tried hdparm -I on my IBM ThinkPad T41p and IBM NetVista.
Both systems have two harddisks, and it is reporting for both the primary and secondary harddisks that the security feature is 'frozen'.
Also my dual CPU Opteron system with Phoenix bios reports both the primary and secondary harddisks as having the security feature 'frozen'.
So all my systems appear to be fine
Hard drive password locking today, full system locking tomorrow. Once DRM supporting BIOSes ("trusted computing") hit a critical mass, we will surely see viruses that use that DRM itself to disable the entire hardware, not just one drive or two.
In a way, these "trusted computing" solutions will be more risky than the open systems we have today. A virus on such a system could disallow your hardware to boot from any device and run any software, so even removing an affected drive would not be enough. Users would have to kiss the motherboard goodbye or seek profe$$ional help.
Don't expect to hear anything about this from M$ or any other proponents of trusted computing.
Yahoo.
--- -- - -
Give me LIBERTY, or give me a check.
And just how does the BIOS prevent locking your harddrive. Yes it might not have the API call if you use the BIOS, but can't you call the drive outside of the BIOS code?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Why is it that the word-wrapping of your post seems a bit weird? I am seeing line breaks in the middle of sentences.
The RIAA
As things which require encryption become more commonplace, hardware aimed at the optomizing the encryption process is becoming more common and well. remember, some software encryption may be hard on your standard CPU because the PC by nature is - while optomized in certain areas - aimed at being more versatile than specific.
There are boards that have chipsets aiming at supporting hardware-based encryption though (I know VIA has a few). Just like a sub-1Ghz GPU will kick your 3.2Mhz CPU's ass for 3d rendering, a lower-speed but optomized EPU (Encryption Processing Unit?) could manage to do the process without overhead on the rest of your system, and without a largely noticable bottleneck.
Storing data without encryption still involves very specific hardware that does processing on the drive itself, data doesn't just magically jump onto the platters without the driving knowing how to put it there.
Throwing an encryption chip on motherboards (or perhaps even better on the drives themselves) would allow for all this to happen without speed issues... it's all about optimization.
And as for the security issues with the motherboards... why not restrict setting sucks things to doing so within the BIOS menus themselves... if you're playing with drive encryption options you should know what you're doing anyhow, though having an option to *lock* the encryption/passwords is definately a smart idea (perhaps even in the form of a hardware setting via jumper/toggles).
How much good does a back-up do, when you can't access your hard-drive. Or hard-drives. Or your back-up servers hard-drives. You'll have to buy a new hard-drive to back-down your stuff.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
Data is information, especially that stored in a single row along the length of each chromosome. A chromosome is a mixture of chalk and clay used for filtering urine from the heart. I am certainly not a computer program that translates high level language code into machine language code.
Haven't seen any conspiracy theorists so far pick up on the "32 bit password" bit. Assuming the drive doesn't delay or stop responding to access attempts after a number of tries, this could be cracked in a matter of hours.
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net