Firmware security
Computing devices and busses are far less secure than they could be, with many non-obvious exploits that take advantage of trust the device drivers place in the devices with which they are communicating. Reverse engineering these devices to find exploits does not require nation-state level resources. Once installed, this sort of malware is very difficult to detect and may not be possible to remove. Additionally, the Internet of Things brings the risk of devices that are never updated and will have security vulnerabilities for their entire lives.
Summary
- Nation States are actively building firmware malware.
- Every device has a full featured CPU these days, which can lie to the rest of the system.
- Exposing buses to the outside world can lead to exploits.Thunderstrike (Hudson, 31C3 2014)
- Embedded systems are never upgraded, leading to "forever-day" bugs
Actions
- Have an "expiration date" on embedded devices to prevent forever-day bugs.Security of Things - Dan Greer
- Fill with epoxy every USB, Thunderbolt, VGA, DVI and power port.Hardening hardware and choosing a #goodBIOS (Stuge, 30C3 2013)
Hope that our physical security is good enough and go hide in the corner.Betting BIOS bugs won't bite your butt? (Xeno Kaveh, Corey Kallenberg. Schmoocon 2015)- Cryptographic signatures are important on updates and at runtime, although this may come at a loss of user freedom.Intel Boot Guard, Coreboot and user freedom (Garrett, 2015)
Details
-
Nation states are getting involved
-
Border crossings allow for easy attacks on portable devices Traveling Light in a Time of Digital Thievery, (Nicole Perlroth, New York Times 2012)
-
NSA TAO is actively attempting to install firmware malware.IRONCHEF: NSA Exploit of the Day (Schneier, 2014)
- But attacks are not complicated!
-
- Devices that used to not have any CPUs now have commodity processors.
- Hard drive controllers have ARM cores running RTOS to schedule head movements and act as the cache.Hard drive controller firmware: Writeup, Presentation (Sprite_tm, OHM2013)
- "BadUSB" devices can actively attempt to exploit device driver flaws.BadUSB - On accessories that turn evil (SR Labs)
- Display Port cables have ARM M0 or LPC devices to negotiate with the host.
- Lightening VGA output cables have full featured ARM doing MPEG decompression.
- Laptop batteries have EEPROMs and sometimes charge mangement CPUs.
- Charging cables can carry infection risks.MacTans: Injecting malware into iOS devices via malicious chargers (BH 2013)
- IP phones and printers have full Linux kernels running inside. Cisco phone backdoors: Presentation (29C3) Print Me If you Dare (BlackHat 2012)Attacking Networked Embedded Systems (HP Printers) (BlackHat Asia 2002)Cisco + HP combo failures: Stepping p3wns (2013)
-
Hardware buses tend to be trusted by the kernel.
- Fuzzing reveals many errors and can crash the kernel, but directed attacks can turn up more interested exploits. Fuzzing (BH 2011)
- Many devices have debug ports built into common ports.Multiplexed wire attacks (BH2013)
- Many of these devices store code in re-writable flash memories that can be overwritten by outside code.
- PCI/PCIe/Thunderbolt read Option ROMs at bootup that run in ring 0.Mac EFI Rootkits (Snare, BlackHat 2012)
- Some buses have no protection or require major code changes to enable (i.e., IOMMU over Thunderbolt). Thunderbolt DMA (BH 2013)I/O Attacks in Intel-PC Architectures and Countermeasures (Sang, 2011)DMA Malware (Patrick Stewin, DIMVA 2012)
- Legacy features are frequently used by exploits.Hacking Intel CPU legacy modes (BH 2012)
- Multi-core systems can introduce new race conditions into previously secure systems.Attacks on UEFI Security (Wojtczuk and Kallenberg, 31C3 2014)
-
Embedded device vendors have no clue about security.
- Windows has had decades of attacks to deal with and has entire teams to track bugs, and Windows and OSX roll out updates every week.
- Device vendors just want to get the hardware out the door.
- IoT devices need update routines, but security is important. i.e. how secure is Tesla's over-the-air software update for their cars?
- Embedded Linux systems in routers, fileservers, cameras, etc are being targeted with "forever-day" attacks since the devices are never updated.
- Default password are used everywhere.
- Intel is getting better about boot time security: Boot Guard moves the root of trust into hardware inside the CPU.
Quotes
One of the Equation Group's malware platforms, for instance, rewrote the hard-drive firmware of infected computers—a never-before-seen engineering marvel that worked on 12 drive categories from manufacturers including Western Digital, Maxtor, Samsung, IBM, Micron, Toshiba, and Seagate.How Omnipotent hackers tied to the NSA hid for 14 years (Ars Technica, 2015-02)
2 guys + 4 weeks + $2k = Multiple vendors' BIOSes inflected. It's time to start checking your firmware.CanSecWest presentation (Xeno Koveh, 2015)
The (in)security of a given piece of software is mainly a function of how many smart people have uninterrupted time to exploit it.Matthew Green (2015)
Macbook batteries ship with a default unseal password (0x36720414). This was found by reverse engineering a Macbook battery update. On Macbook batteries, the full access mode password is also hardcoded and default (0xffffffff). Apple laptop batteries Writeup, Presentation (Miller, BlackHat 2011)
Symantec has discovered a new Linux worm that appears to be engineered to target the “Internet of things”. The worm is capable of attacking a range of small, Internet-enabled devices in addition to traditional computers. ... many users may not realize they are at risk since they are unaware they own devices that run Linux. Linux worm targeting hidden devices (Symantec, 2013)
References
External Links
- LegbaCore - research into firmware security
- Workshop on Embedded Devices Security and Firmware Reverse Engineering (Zaddach. BlackHat 2013)