[funsec] Infecting OEM Images
toddtowles at brookshires.com
Thu Jan 19 16:23:01 CST 2006
> A reader who just bought a new Dell system noted to me that
> they don't send Windows disks anymore; instead they store
> images of the OOBE disk on a hidden partition. There's a
> procedure for reloading this image onto the active partition
> in cases where the system is hopeless or the tech doesn't
> feel like really trying to solve the problem. The reader
> suggested that if an attacker could modify the image files
> they could make the system unrecoverable through normal
> support channels.
OS disks are supplied with the buiness line of Dells. Only the home
models come with that weird active partition and no CDs. Latitudes and
Optiplexs come with the CDs...I am pretty sure.
> I suspect there are things like CRCs and such in place in the
> files to make it difficult to accomplish such an attack. In a
> sense, it would be easier just to trash the hidden partition;
> you'd accomplish the same thing posts.
Well trashing wouldn't be any fun. You would want to trojan the image
files. I think it is worth a look, just to see if they do protect those
files from mis-use.
More information about the funsec