4.Make your hard drive permanently infected
Here, I’m not talking about malware that corrupts some files you store on your hard drive, and that will go away as soon as you format it.
I’m talking about malware that stays forever in computer hardware, that doesn’t go away, not even after you’ve installed a new, clean OS version.
More details on whether a factory reset removes malware, you’ll find
here.
For now, I’m going to detail the “achievements” of Equation Group, a sophisticated cyber-espionage team that the security researchers from Kaspersky Lab identified back in 2015. As it turns out, those hackers have tapped into hard drive firmware reprogramming.
How is hard drive firmware reprogramming possible?
Whether it’s a traditional HDD or the newer SSD, any hard disk has several components. The most notable ones are the storage medium (magnetic disks for HDDs, flash memory chips for SSDs) and a microchip.
The microchip is this hardware part where software is embedded to include controls for reading and writing to the disk, along with multiple service procedures that help the hard drive detect and fix bugs.
You could call the hard drive’s microchip a small computer in itself because that’s what it is. It comes with its firmware, and this is the part that the hackers from Equation Group have managed to exploit.
By corrupting the firmware of the hard drive’s chip, they allow malware to read and write data on a particular subsection that can’t be touched even during disk formatting!
How does this make your hard drive useless?
With the new firmware version, the hard drive’s malware can reinfect the HDD/SSD’s boot area. Consequently, the moment you have finished reinstalling the operating system, the malware is back up.
The remarkable thing about firmware is that the firmware itself is in charge of checking its status (the integrity of its code) and running the available updates. As you can imagine, once the firmware was compromised at this level, it can no longer be trusted to eliminate its infection.
This is why infected firmware is indestructible and why most specialists agree that it’s easier and cheaper to throw away a compromised hard drive than to try and get rid of infected firmware.
Before you freak out, you should note, though, that the process itself of corrupting the hard drive firmware is exceptionally complicated. Because each hard drive model is unique and developing alternative firmware for it is time, resource, and money consuming, hackers have a tough time pulling this off. And they’re not interested in doing it to the regular user, either.
The ones at Chorley and Manchester were certainly not working this morning.
