Danger: Trojan horses and malware conceivable in all electronic devices

"Our data recovery engineers manipulate the firmware of dozens of hard drives every day," reports Nicolas Ehrschwendner, Managing Director of Attingo Data Recovery. Firmware refers to the operating programs of hardware components, including hard drives. Very often, causes of data loss are not only due to defective read/write heads or surface damage on the magnetic disks but also due to issues within the hard drive software.

Manipulation of firmware by Attingo data recovery experts for 18 years

"Attingo has developed its own tools and procedures to access this firmware, fix errors, and subsequently access the data on the hard drive," explains Nicolas Ehrschwendner. "We have been performing such manipulations on data carriers in our cleanrooms for 18 years, so this is not a new idea. The internal software of hard drives can today encompass several hundred MB of machine code. This provides ample space to also place and hide malicious software such as Trojan horses."

Attack scenarios for manipulating data carriers

Possible attack scenarios include covert manipulation of the data carriers directly from the factory, during transport by intercepting the goods, or using security vulnerabilities in the operating system. The hard drive only needs to be briefly connected to a PC to install malicious software. Once activated on the target device, the Trojan manipulates data during read operations and can install additional malware directly within the operating system.

Malware undetectable and no protection possible

Attingo knows the internal programs of hard drives very well; only then can targeted error correction for data recovery be achieved. The particularly dangerous aspect of new Trojans is that they are very difficult to detect and can survive formatting or reinstallation. Protection against this is hardly possible, as the manipulated software can hide very effectively from antivirus scanners.

All electronic devices at risk

"In general, all our hardware can be affected by such Trojans, from data carriers like hard drives, SSDs, and USB sticks to copiers, cars, televisions, or coffee machines," describes Nicolas Ehrschwendner. "Most hardware is operated by firmware stored on so-called ROM chips. Manipulation is always possible there. Scenarios range from eavesdropping on all conversations via the television to unintentional car accidents caused by software errors."

Failure by design

"The problem with PCs, laptops, servers, and electronic devices in general is that many different hardware components have full access to the main memory, enabling the installation of Trojans. It is generally assumed that, among other things, intelligence agencies do everything conceivable, and thus espionage or malware could be installed in many electronic devices—and probably are," explains Peter Franck, Technical Director of Attingo Data Recovery. "Only if the correct and expected functioning of all hardware components could be verified, for example through signatures, would such attacks be impossible. However, this would require a complete redesign of computers and hardware."

Attingo Data Recovery

Attingo Data Recovery is ISO 9001:2008 certified and operates state-of-the-art in-house cleanroom laboratories of ISO 5 class in Vienna, Hamburg, and Amsterdam. Founded 18 years ago, the company specializes in data recovery from servers, complex RAID systems, and individual hard drives, regardless of operating system or file system. Attingo has experts with decades of experience and an in-house research and development department.