2011
DOI: 10.1007/s11416-010-0149-x
|View full text |Cite
|
Sign up to set email alerts
|

Malware and steganography in hard disk firmware

Abstract: The hard disk drive remains the most commonly used form of storage media in both commercial and domestic computer systems. These drives can contain a vast range of data both of personal value and commercial significance. This paper focuses on two key areas; the potential for the drive operation to be impacted by malicious software and the possibility for the drive firmware to be manipulated to enable a form of steganography. Hard drive firmware is required for the correct operation of the disk drive in particu… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
4
0

Year Published

2011
2011
2022
2022

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 12 publications
(4 citation statements)
references
References 1 publication
0
4
0
Order By: Relevance
“…Prior works on typical digital steganography techniques either use unused metadata fields or exploit noise in the digital content where the hidden information is usually tied to the digital file itself or the file's content. In [17], firmware defines the hard disk drive's physical locations (sectors), which contains the hidden information, as unusable; hence, the operating system (OS) can not access those sectors, making the recovery process difficult and complicated. Moreover, the natural aging process introduces significant alterations in the analog domain that change the power-on state of the Static RAM (SRAM) cells, which can also be used for message hiding [18].…”
Section: Motivationmentioning
confidence: 99%
“…Prior works on typical digital steganography techniques either use unused metadata fields or exploit noise in the digital content where the hidden information is usually tied to the digital file itself or the file's content. In [17], firmware defines the hard disk drive's physical locations (sectors), which contains the hidden information, as unusable; hence, the operating system (OS) can not access those sectors, making the recovery process difficult and complicated. Moreover, the natural aging process introduces significant alterations in the analog domain that change the power-on state of the Static RAM (SRAM) cells, which can also be used for message hiding [18].…”
Section: Motivationmentioning
confidence: 99%
“…When the device is turned on the firmware will begin a self-check, this ensures correct device operation and will mark unreadable areas of the disk or hide any areas that are not used by the OS. Each device has specific firmware and unique checks (Sutherland, Davies and Blyth, 2011). However, each firmware has a similar layout.…”
Section: Firmware Overviewmentioning
confidence: 99%
“…However, hidden data is still innately tied to the existence of a digital file. Also, modifying hard drive firmware has been investigated as a potential way to hide information [14]. Data is hidden in sectors marked as unusable at the firmware level (instead of the OS or filesystem level), which renders the sectors inaccessible to most software and complicates recovery, as it is difficult to tell legitimately bad sectors from ones used for hiding.…”
Section: A Steganographymentioning
confidence: 99%