In early 2015 news broke that the NSA was installing firmware backdoors in many hard drives. I was wondering, if there was a BIOS and Hard Drive backdoor how well would full disk encryption protect you, if at all.
Asked
Active
Viewed 377 times
3
-
3It can't protect you against the BIOS. Nothing can protect you from the BIOS (except trusted hardware like TPMs and SGX maybe). FDE should protect you from your hard drive silently copying your data, as it is encrypted by the CPU (before the data reaches the drive). – SEJPM Jan 11 '16 at 20:56
-
Related: [How can the Equation Group HDD firmware malware help bypass FDE?](http://security.stackexchange.com/q/82356/2138) – user Apr 19 '16 at 19:19
-
Once your hardware is compromised, the attacker can do absolutely anything. For example a compromized wifi card could send a duplicate stream to the attacker. Or an "encrypted" drive could have a secondary key known to the attacker. Once someone modifies your hardware everything else is moot. – PushfPopf Oct 31 '18 at 15:18
1 Answers
0
This article describes how a certain hacking tool, which could be deployed by a hard-drive's firmware-based backdoor, can be used to grab crucial information from RAM and then store it on a small area on the firmware, to be retrieved later in order to aid in decrypting the drive.
For instance, if using bitlocker, such crucial information might be any file called "Bitlocker Recovery Key*" (the user is prompted to save such file(s) when enabling encryption). A more sophisticated technique would be to get the surrogate key from memory, in the same principle as a cold boot attack.
