Firmware security

From Trammell Hudson's Projects

8-SOIC boot ROM

Computing devices and busses are far less secure than they could be, with many non-obvious exploits that take advantage of trust the device drivers place in the devices with which they are communicating. Reverse engineering these devices to find exploits does not require nation-state level resources. Once installed, this sort of malware is very difficult to detect and may not be possible to remove. Additionally, the Internet of Things brings the risk of devices that are never updated and will have security vulnerabilities for their entire lives.


Thunderstrike presentation at 31C3
  • Nation States are actively building firmware malware.<ref name=ars/>
  • Every device has a full featured CPU these days, which can lie to the rest of the system.<ref name=sprite/>
  • Exposing buses to the outside world can lead to exploits.<ref name=thunderstrike>Thunderstrike (Hudson, 31C3 2014)</ref>
  • Embedded systems are never upgraded, leading to "forever-day" bugs<ref name=forever/>


Thunderstrike presentation at 31C3


  • Nation states are getting involved
    • Border crossings allow for easy attacks on portable devices<ref name=traveling-light>

Traveling Light in a Time of Digital Thievery, (Nicole Perlroth, New York Times 2012)</ref>

    • NSA TAO is actively attempting to install firmware malware.<ref name=ironchef>IRONCHEF: NSA Exploit of the Day (Schneier, 2014)</ref>
    • But attacks are not complicated!<ref name=sprite/><ref name=xeno-csw15/>
Thunderstrike presentation at 31C3
  • Devices that used to not have any CPUs now have commodity processors.
    • Hard drive controllers have ARM cores running RTOS to schedule head movements and act as the cache.<ref name=sprite>Hard drive controller firmware: Writeup, Presentation (Sprite_tm, OHM2013)</ref><ref name=ars/>
    • "BadUSB" devices can actively attempt to exploit device driver flaws.<ref name=badusb>BadUSB - On accessories that turn evil (SR Labs)</ref>
    • Display Port cables have ARM M0 or LPC devices to negotiate with the host.
    • Lightening VGA output cables have full featured ARM doing MPEG decompression.
    • Laptop batteries have EEPROMs and sometimes charge mangement CPUs.<ref name=batteries/>
    • Charging cables can carry infection risks.<ref name=mactans>MacTans: Injecting malware into iOS devices via malicious chargers (BH 2013)</ref>
    • IP phones and printers have full Linux kernels running inside.<ref name=cisco> Cisco phone backdoors: Presentation (29C3)</ref><ref name=hp-2012>

Print Me If you Dare (BlackHat 2012)</ref><ref name=hp-2002>Attacking Networked Embedded Systems (HP Printers) (BlackHat Asia 2002)</ref><ref name=stepping>Cisco + HP combo failures: Stepping p3wns (2013)</ref>

Thunderstrike presentation at 31C3
  • Hardware buses tend to be trusted by the kernel.
    • Fuzzing reveals many errors and can crash the kernel, but directed attacks can turn up more interested exploits. <ref name=fuzzing>Fuzzing (BH 2011)</ref>
    • Many devices have debug ports built into common ports.<ref name=multiplexed>Multiplexed wire attacks (BH2013)</ref>
    • Many of these devices store code in re-writable flash memories that can be overwritten by outside code.
    • PCI/PCIe/Thunderbolt read Option ROMs at bootup that run in ring 0.<ref name=thunderstrike/><ref name=snare>Mac EFI Rootkits (Snare, BlackHat 2012)</ref>
    • Some buses have no protection or require major code changes to enable (i.e., IOMMU over Thunderbolt).<ref name=funderbolt> Thunderbolt DMA (BH 2013)</ref><ref name=io>I/O Attacks in Intel-PC Architectures and Countermeasures (Sang, 2011)</ref><ref>DMA Malware (Patrick Stewin, DIMVA 2012)</ref>
    • Legacy features are frequently used by exploits.<ref name=legacy>Hacking Intel CPU legacy modes (BH 2012)</ref><ref name=speedracer/>
    • Multi-core systems can introduce new race conditions into previously secure systems.<ref name=speedracer>Attacks on UEFI Security (Wojtczuk and Kallenberg, 31C3 2014)</ref>
  • Embedded device vendors have no clue about security.
    • Windows has had decades of attacks to deal with and has entire teams to track bugs, and Windows and OSX roll out updates every week.
    • Device vendors just want to get the hardware out the door.
    • IoT devices need update routines, but security is important. i.e. how secure is Tesla's over-the-air software update for their cars?
    • Embedded Linux systems in routers, fileservers, cameras, etc are being targeted with "forever-day" attacks since the devices are never updated.<ref name=forever/>
    • Default password are used everywhere.<ref name=batteries/>
    • Intel is getting better about boot time security: Boot Guard moves the root of trust into hardware inside the CPU.<ref name=bootguard/>


One of the Equation Group's malware platforms, for instance, rewrote the hard-drive firmware of infected computers—a never-before-seen engineering marvel that worked on 12 drive categories from manufacturers including Western Digital, Maxtor, Samsung, IBM, Micron, Toshiba, and Seagate.<ref name=ars>How Omnipotent hackers tied to the NSA hid for 14 years (Ars Technica, 2015-02)</ref>

2 guys + 4 weeks + $2k = Multiple vendors' BIOSes inflected. It's time to start checking your firmware.<ref name=xeno-csw15>CanSecWest presentation (Xeno Koveh, 2015)</ref>

The (in)security of a given piece of software is mainly a function of how many smart people have uninterrupted time to exploit it.<ref>Matthew Green (2015)</ref>

Macbook batteries ship with a default unseal password (0x36720414). This was found by reverse engineering a Macbook battery update. On Macbook batteries, the full access mode password is also hardcoded and default (0xffffffff).<ref name=batteries> Apple laptop batteries Writeup, Presentation (Miller, BlackHat 2011) </ref>

Symantec has discovered a new Linux worm that appears to be engineered to target the “Internet of things”. The worm is capable of attacking a range of small, Internet-enabled devices in addition to traditional computers. [...] many users may not realize they are at risk since they are unaware they own devices that run Linux.<ref name=forever> Linux worm targeting hidden devices (Symantec, 2013)</ref>


Thunderstrike presentation at 31C3


External Links