Hidden data trick could be malware writer's boon
Researchers demonstrate method for writing data to hard drive where it can't be found
Security researchers have revealed a new technique that could be used to secretly write data onto a hard drive, with no chance that it could be detected by computer forensic or antivirus tools. It could be the malware writers' next big trick.
The system devised by Ariel Berkman, a data specialist at Israeli recovery firm Recover, relies on writing data to a hard disk's service area – the portion of the disk typically reserved for the manufacturer's firmware.
The data in a hard disk's service area – sometimes termed the reserved area or system area – is typically used to store modules that are needed to operate the drives. It's one of the reasons why hard drives' usable space is lower than the theoretical capacity.
But instructions for writing data to these portions of the hard drive are closely guarded secrets – it requires so-called vendor specific commands (VSCs). “These commands are unique to the hard-drive vendor and are not publicly disclosed,” said Berkman.
Nonetheless, Berkman has devised a proof-of-concept program that manipulate these secret VSCs and write a file of up to 94MB on a Western Digital 250GB Hawk hard drive.
“One could use these 'inaccessible" areas to store data - e.g. secret documents - or possibly code such that they would be effectively hidden to current tools,” he told V3.
Other methods of hiding data on hard drives, such as steganography, typically involve trying to bury data deep within other files, making it hard to discover.
But most detection tools, such as those used by antivirus vendors of forensic examiners, do not typically bother to analyse the service area, Berkman said.
“Antivirus and forensics tools will not be able to access and analyse that data, and sanitation tools will not be able to purge it,” he added.
So far, the trick is purely at the proof-of-concept stage, and the software can in some instances result in data loss or hard drive failure, so it's not ready for prime time just yet.
Nonetheless, it might offer malware writers, or maybe just those with secrets they wish to pass on undetected, with a method of hiding data where it cannot easily be found.
Government partners with Israel's startup scene to boost cyber security
CES 2016: Intel shows off wearable 'X-ray vision specs' with augmented reality helmet
UK astronaut Tim Peake blasts into space on journey to ISS
NHS should offer free WiFi and embrace digital services
Facebook's Mark Zuckerberg to give away $45bn fortune for daughter Max
Ford presents a compelling case for 3D printing in business
V3 Latest
Snowden points finger at Russia over NSA hack
Tweets offer possible cause for major hack
IBM beats AWS and Azure in seven-year Workday cloud deal
Deal suggests still market left to play for
NSA hack sees information up for auction in major security incident
Shadow Brokers hacker group claims responsibility
Microsoft to issue Windows 7 and 8.1 updates together
Firm claims move will make life easier for admins
Most read
