Reuters is reporting that Kaspersky has discovered spy code in hard drive firmware and that the code has similarities to that of Stuxnet, the malware which infected the Siemens electronics controlling the Iranian uranium enrichment centrifuges.
Reuters:
According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.
Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.
“The hardware will be able to infect the computer over and over,” lead Kaspersky researcher Costin Raiu said in an interview.
I can see a time when we will be carrying cards – like credit cards – which will be clean and contain what we need to boot our tablets and laptops, but also carry the solid state storage. The problem then is what happens when we plug them into a malicious computer?
You have to wonder that if the NSA (the suspected culprits) have all this capability, then why do terrorist appear to be winning the asymetric war? I know that we need to be lucky all the time but they only need to be luck once.