Seems like just a few weeks ago, we were talking here about a Chinese bid to buy a disk drive company. One of the concerns voiced by naysayers was that this would enable the Chinese to put trojan programs onto the media that would send all of our data back to the PRC where it would be used to dream up nafarious attacks against the U S of A.
Low and behold, on November 15, an article appears in Computerworld that Maxtor drives of Taiwanese manufacture have trojan programs embedded that send data back to websites operated by the PRC. Finger pointing abounds. The Taiwanese say it was evil mainlanders who inserted the code. At least one commenter on Computerworld says it is a psyop campaign by the US government to further muddy relations with China.
Hmmm.
A couple of thoughts.
1. Why would the Chinese or anyone else put a trojan on a consumer drive? Do you really want a copy of my kids’ digital art or their math homework. Maybe they were after their bit torrent downloads or MP3 repositories?
2. Who would ever use a drive without formatting it first? Wouldn’t a decent format do an effective job of removing virus code from the disk? Of course, the code could be placed into firmware with a bit more work, or the code of the trojan could load itself into memory when the drive is accessed, on boot for example. But a decent anti-virus, anti-malware, anti-spyware product would likely pick up anything that isn’t completely original…
3. Why would the Chinese want to tap our disk drives when we are all dying from licking our lead painted Barbie merchandise or eating our tainted seafood? I would think that there are better ways to attack us than via our low end Maxtor drives.
Another day in the wacky world of politics, I guess.
{ 2 comments… read them below or add one }
An external firewire peripheral can initiate DMA transfers anywhere in a laptops memory space. (Entirely bypassing the OS or virus $oftware.)
All my (external) low end Maxtor drives have at least FW400 interfaces, and each drive has a processor running code.
A format wouldn’t make any difference, but a firmware upgrade might. Maybe this scare is designed to motivate us to go to signed (DRM friendly) drive firmware?
Interesting take, Robert. DRM is widely viewed as a bane, something to be avoided. But, I never thought of it as the lesser of two evils and a potential hedge for trojans on drives or in drive firmware.
Thanks for the insight.
You must log in to post a comment.