Overclock.net › Forums › Industry News › Technology and Science News › [TT] HP caught red-handed installing secret backdoors into their enterprise storage products
New Posts  All Forums:Forum Nav:

[TT] HP caught red-handed installing secret backdoors into their enterprise storage products

post #1 of 7
Thread Starter 
Source: http://www.tweaktown.com/news/31683/hp-caught-red-handed-installing-secret-backdoors-into-their-enterprise-storage-products/index.html
Quote:
Well, it's now coming to the point where Hewlett-Packard have had to admit, for the second time in a month, that they've built secret backdoors into their enterprise storage products. Technion, a blogger, is the one who has blown the whistle on this one, who saw the security issue in one of HP's StoreOnce systems last month, but then found more backdoors in HP's storage and SAN products

This all began with Edward Snowden and him leaking details of "Prism" I wonder how many other backdoors companies are installing into their own products. How do companies using HP storage products feel about this?
Edited by Razor 116 - 7/14/13 at 7:11am
R116
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 5820k @ 4.6GHz / 4.3GHz Asus X99 Deluxe Nvidia GTX 980Ti 4 X 4GB G.Skill Ripjaws 4  
Hard DriveHard DriveCoolingCooling
Seagate Barracuda 2TB Samsung 850 Evo 250GB EK Supremacy Evo  EK Mosfet X99 
CoolingCoolingCoolingCooling
EK-FC Titan X Alphacool NexXxos XT45 360 Alphacool NexXxos UT60 240 Alphacool VPP655T + EK D5 X-RES 200 CSQ 
CoolingCoolingOSMonitor
Corsair SP120 x5 Corsair AF140 x1 Windows 10 Pro x64 Benq XL2730Z @ 144Hz 
KeyboardPowerCaseMouse
CM Storm Quickfire TK EVGA 850W Supernova G2 Corsair 750D Zowie EC2-A 
Mouse PadAudioOther
OCUK Mega Mat / Steelseries QCK+ CREATIVE Soundblaster Z mCubed T-Balancer 
  hide details  
Reply
R116
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 5820k @ 4.6GHz / 4.3GHz Asus X99 Deluxe Nvidia GTX 980Ti 4 X 4GB G.Skill Ripjaws 4  
Hard DriveHard DriveCoolingCooling
Seagate Barracuda 2TB Samsung 850 Evo 250GB EK Supremacy Evo  EK Mosfet X99 
CoolingCoolingCoolingCooling
EK-FC Titan X Alphacool NexXxos XT45 360 Alphacool NexXxos UT60 240 Alphacool VPP655T + EK D5 X-RES 200 CSQ 
CoolingCoolingOSMonitor
Corsair SP120 x5 Corsair AF140 x1 Windows 10 Pro x64 Benq XL2730Z @ 144Hz 
KeyboardPowerCaseMouse
CM Storm Quickfire TK EVGA 850W Supernova G2 Corsair 750D Zowie EC2-A 
Mouse PadAudioOther
OCUK Mega Mat / Steelseries QCK+ CREATIVE Soundblaster Z mCubed T-Balancer 
  hide details  
Reply
post #2 of 7
No details on this "mechanism". If it's software then no big deal, run DBAN. Firmware or separate hardware...
    
CPUMotherboardGraphicsGraphics
i7 2600k Asus ROG Maximus V Gene Reference EVGA GTX 680 (1306 / 7204) Reference EVGA GTX 680 SC (1280 / 7160) 
RAMHard DriveCoolingOS
16GB Samsung 'Green' 1600 DDR3 (MV-3V4G3D/US) Samsung 830 256GB Noctua U12P SE2 w/ AP14s P-P Windows 7 Pro 
MonitorKeyboardPowerCase
Hannspree 23" SL231 LED Logitech G710+ Seasonic SS-860XP2 Platinum Cardboard box & motherboard tray 
MouseMouse PadAudioAudio
Dying Razer Death Adder Desktop Schiit Magni + Optical Modi Swan M50W 
AudioAudio
Sennheiser HD 600 Samson Meteor Mic w/ pop filter 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
i7 2600k Asus ROG Maximus V Gene Reference EVGA GTX 680 (1306 / 7204) Reference EVGA GTX 680 SC (1280 / 7160) 
RAMHard DriveCoolingOS
16GB Samsung 'Green' 1600 DDR3 (MV-3V4G3D/US) Samsung 830 256GB Noctua U12P SE2 w/ AP14s P-P Windows 7 Pro 
MonitorKeyboardPowerCase
Hannspree 23" SL231 LED Logitech G710+ Seasonic SS-860XP2 Platinum Cardboard box & motherboard tray 
MouseMouse PadAudioAudio
Dying Razer Death Adder Desktop Schiit Magni + Optical Modi Swan M50W 
AudioAudio
Sennheiser HD 600 Samson Meteor Mic w/ pop filter 
  hide details  
Reply
post #3 of 7
Quote:
HP's statement, after Technion blew the whistle, admitted that "all HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer."
Read more at http://www.tweaktown.com/news/31683/hp-caught-red-handed-installing-secret-backdoors-into-their-enterprise-storage-products/index.html#801MwMULfiskeGes.99

I would like to see a company step forward that HP have used this feature to help. Given the username "HPSupport", and the weak password hash, it at least suggests this is genuinely just bad design and not intentional espionage.

It sounds to me like this may be genuine, and they may genuinely not have access to customer data. Still bad design, but not "NSA is watching you" type stuff.
Serigatum
(13 items)
 
  
CPUMotherboardGraphicsRAM
4770k @ 4.7Ghz Asus P87 Deluxe EVGA GTX 780 Corsair Vengeance 2400Mhz 
Hard DriveHard DriveCoolingOS
Raid0: 2x512GB Samsung 840 Pro 2GB WD Black NZXT Kraken x60 Windows 8 
MonitorKeyboardPowerCase
Dell U2412M Razer Blackwidow Ultimate Corsair AX850 NZXT Phantom 820 
Mouse
Razer Ouroboros 
  hide details  
Reply
Serigatum
(13 items)
 
  
CPUMotherboardGraphicsRAM
4770k @ 4.7Ghz Asus P87 Deluxe EVGA GTX 780 Corsair Vengeance 2400Mhz 
Hard DriveHard DriveCoolingOS
Raid0: 2x512GB Samsung 840 Pro 2GB WD Black NZXT Kraken x60 Windows 8 
MonitorKeyboardPowerCase
Dell U2412M Razer Blackwidow Ultimate Corsair AX850 NZXT Phantom 820 
Mouse
Razer Ouroboros 
  hide details  
Reply
post #4 of 7
Quote:
"all HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer."

It may be a security issue, but the article is a bit sensationalist. While I'm not familiar with the software, the "mechanism" seems to be more of a tech support feature HP cleary advertises, not some super secret backdoor. If you're not OK with a support backdoor, you shouldnt have had the software in the first place...
Bruce
(20 items)
 
  
CPUMotherboardGraphicsRAM
4670k Asus Z87 Pro HIS 7950 IceQ X2 2x2gb + 2x4gb DDR3 1333 
Hard DriveHard DriveHard DriveOptical Drive
Seagate 1TB 7200RPM OCZ Agility 4 128GB PNY 240GB LG Blu Ray Burner 
CoolingOSMonitorKeyboard
Hyper 212+ with extra fan Windows 10 Education x64 Shimian QH270 @110hz Medieval Dell OEM Keyboard 
PowerCaseMouseAudio
Corsair TX750 V1 Antec 300 Black Illusion  Logitech G400s Xonar ST 
AudioOtherOtherOther
Fostex T50rp with BMF mod Archer T9E Wifi adapter 2x Yate Loon D12SL-12D 120x38mm fans Thermalright TY-143 fan 
  hide details  
Reply
Bruce
(20 items)
 
  
CPUMotherboardGraphicsRAM
4670k Asus Z87 Pro HIS 7950 IceQ X2 2x2gb + 2x4gb DDR3 1333 
Hard DriveHard DriveHard DriveOptical Drive
Seagate 1TB 7200RPM OCZ Agility 4 128GB PNY 240GB LG Blu Ray Burner 
CoolingOSMonitorKeyboard
Hyper 212+ with extra fan Windows 10 Education x64 Shimian QH270 @110hz Medieval Dell OEM Keyboard 
PowerCaseMouseAudio
Corsair TX750 V1 Antec 300 Black Illusion  Logitech G400s Xonar ST 
AudioOtherOtherOther
Fostex T50rp with BMF mod Archer T9E Wifi adapter 2x Yate Loon D12SL-12D 120x38mm fans Thermalright TY-143 fan 
  hide details  
Reply
post #5 of 7
Thread Starter 
They've been caught multiple times doing this and it's not limited to storage products "In 2007 HP was found to have built backdoors into the BIOS in 23 models of laptop, as well". This is just what we know about and I suspect because it's not major as they cannot access users data although they can destroy it. There may be many of these "Maintenance/Tech-Support backdoors" that we do not know about (Not Paranoia but probability).
R116
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 5820k @ 4.6GHz / 4.3GHz Asus X99 Deluxe Nvidia GTX 980Ti 4 X 4GB G.Skill Ripjaws 4  
Hard DriveHard DriveCoolingCooling
Seagate Barracuda 2TB Samsung 850 Evo 250GB EK Supremacy Evo  EK Mosfet X99 
CoolingCoolingCoolingCooling
EK-FC Titan X Alphacool NexXxos XT45 360 Alphacool NexXxos UT60 240 Alphacool VPP655T + EK D5 X-RES 200 CSQ 
CoolingCoolingOSMonitor
Corsair SP120 x5 Corsair AF140 x1 Windows 10 Pro x64 Benq XL2730Z @ 144Hz 
KeyboardPowerCaseMouse
CM Storm Quickfire TK EVGA 850W Supernova G2 Corsair 750D Zowie EC2-A 
Mouse PadAudioOther
OCUK Mega Mat / Steelseries QCK+ CREATIVE Soundblaster Z mCubed T-Balancer 
  hide details  
Reply
R116
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 5820k @ 4.6GHz / 4.3GHz Asus X99 Deluxe Nvidia GTX 980Ti 4 X 4GB G.Skill Ripjaws 4  
Hard DriveHard DriveCoolingCooling
Seagate Barracuda 2TB Samsung 850 Evo 250GB EK Supremacy Evo  EK Mosfet X99 
CoolingCoolingCoolingCooling
EK-FC Titan X Alphacool NexXxos XT45 360 Alphacool NexXxos UT60 240 Alphacool VPP655T + EK D5 X-RES 200 CSQ 
CoolingCoolingOSMonitor
Corsair SP120 x5 Corsair AF140 x1 Windows 10 Pro x64 Benq XL2730Z @ 144Hz 
KeyboardPowerCaseMouse
CM Storm Quickfire TK EVGA 850W Supernova G2 Corsair 750D Zowie EC2-A 
Mouse PadAudioOther
OCUK Mega Mat / Steelseries QCK+ CREATIVE Soundblaster Z mCubed T-Balancer 
  hide details  
Reply
post #6 of 7
Lets face it right now. Given that the public are usually 10 -15 years behind the technology and information that gets released its safe to assume that every product on earth has back doors and we will keep hearing more about this. GPU, CPU, Bios, Firmware chips in HDD's, NIC's, Operating systems, Banking / EPOS systems, possibly even the TCP/IP stack ???

If you want data security you have few options

1. You need to take yourself off the grid (not even a bank account)
2. You need to peruse governmental change and improve policy by voting or becoming a politician and fighting the cause (potentially risking your life)
3. Make an operating system and pieces of hardware that have no back doors yourself, goto college work stuff out
4. Do the best you can from a disc / network encryption point of view and implement your own home security policy
5, Accept that you don't give a crap about an agency having access to your every move and hope that you and your children's / grand children's etc.. profile fits their grand Utopian design.
post #7 of 7
Quote:
Originally Posted by brucethemoose View Post

It may be a security issue, but the article is a bit sensationalist. While I'm not familiar with the software, the "mechanism" seems to be more of a tech support feature HP cleary advertises, not some super secret backdoor. If you're not OK with a support backdoor, you shouldnt have had the software in the first place...
This. You could 100% just as easily get into someones computer by using remote desktop connection or any other windows software. Acting like this is some sort of crime aginst virtual nature is just plain ridiculous.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [TT] HP caught red-handed installing secret backdoors into their enterprise storage products