Hardware Involved Software Attacks

Size: px

Start display at page:

Download "Hardware Involved Software Attacks"

Dwain Merritt
5 years ago
Views:

1 Hardware Involved Software Attacks Jeff Forristal CanSecWest 2012

2 Once you have root/admin, what s left to do? Question

3 Rootkits VM escapes hacking/ priv escalation BIOS hacking Jail breaking Relevance

4 Attack surfaces Attack patterns Themes

5 X86-centric Other architectures may do it differently Not about hardware attacks* The final vulnerability lives in software Caveats

6 Follow the RASQ ally rabbit ATTACK SURFACES

7 Privilege OS Hardware The Stack

8 Privilege OS Hardware OS The Stack

9 Privilege OS Hardware OS???????????????????????? The Stack

10 Driver Driver Driver Driver Driver Driver Driver Driver Privilege OS Hardware OS The Stack

11 Driver Driver Driver Driver Driver Driver Driver Driver Privilege OS Hardware OS The Stack

12 Privilege VM VM OS OS VMM/Hypervisor SMM/BIOS CPU Memory Peripherals Firmware Hardware Platform The Stack

13 Privilege VM VM OS OS VMM/Hypervisor SMM/BIOS CPU BIOS & OS/VMM share access, but not trust Memory Peripherals Firmware Hardware Platform The Stack

14 Privilege VM VM OS OS VMM/Hypervisor SMM/BIOS CPU Hypervisor can grant VM direct HW access Memory Peripherals Firmware Hardware Platform The Stack

15 Privilege VM VM OS OS VMM/Hypervisor SMM/BIOS CPU Memory DMA Peripherals Firmware Hardware Platform The Stack

16 Besides the obvious Direct capabilities to affect a critical system resource (e.g. DMA to system/software memory) Indirect sideband access to a resource (e.g. PCI/e & ExpressCard access to SMBus) Store executable code that is automatically invoked (e.g. HDD or USB drive; PCI/e device option ROM) Proxy data from an untrusted external source* (e.g. NICs, Wifi radios) Hardware s Involvement

17 IO Traditional/legacy IO via in/out instructions A.k.a. DIO, PIO MMIO Memory-mapped IO via memory access instructions MSRs CPU config registers via rdmsr/wrmsr instructions PCI/e MMCFG PCI configuration space access Arguably a flavor of MMIO X86 HW Access Methods

18 Mistakenly passed through by a higher privilege software layer Explicitly passed through by a higher privilege software layer Explicitly provided by hardware architectural intent The attacker is already deemed to have access The attacker is physically proximate to the system* Surface Transitions

19 Buckets to describe stuff because people like to categorize things ATTACK PATTERNS

20 Originate in a lower-privileged software/layer or be remote/physically proximate Leverage or depend upon an operation of hardware* Achieve a vulnerability in a higher-privileged software/layer or a peer in current software/layer Commonality

21 This is a conversation about forests Let s not get pedantic about the individual trees Only these slides are black & white Image: Ambiguity

22 Categorization criteria isn t always crisp (it s like porn ) Challenges on separating HW operation, TLP, and data Bug DBs lack of consistent characterization of the problem, mention of hardware Challenges

23 Driver Driver Driver Driver Driver Driver Driver Driver Inappropriate General Access to Hardware Straight-forward driver failure (Semi) arbitrary access to general purpose HW access (e.g. IO, MMIO, PCI config, MSRs) Debug purposes, laziness, bad foresight, simplicity OS Pattern #1

24 CVE Linux kernel on x64/em64t allows writing to IO ports via outs instruction CVE Speedfan (Windows) allows MSR reading/writing via IOCTLs CVE Nantsys (Windows) allows MSR reading/writing Pattern #1 Examples

25 Unexpected Consequences of Specific Hardware Function Given access because functionality seems safe Extra/hidden/unexpected/bug functionality leads to a problem Pattern #2

CVE-2011-1898 DMA used to generate MSI interrupts, compromise of Xen hypervisor CVE-2011-1016 Radeon Linux Gfx driver gives access to AA resolve

26 CVE DMA used to generate MSI interrupts, compromise of Xen hypervisor CVE Radeon Linux Gfx driver gives access to AA resolve registers, allows memory manipulation CVE WebGL in Firefox allows GPU memory reading, or crash Image: Pattern #2 Examples

27 Hardware Reflected Injection Variants: 2 nd order injection through HW Security-sensitive logic operation on HW value Stored executable code blobs Pattern #3

28 Hardware Reflected Injection - 2 nd order injection Trigger a traditional vuln via malicious data value inserted/stored in hardware Integer issues, buffer overflows, etc. Pattern #3 Variant #1

29 Alexandre Gazet Recon 2011 Update KBC FW, feed malicious value to SMM and cause a buffer overflow OS SMM/BIOS CPU Memory KBC Firmware Pattern #3 Variant #1 Example

30 Hardware Reflected Injection - Security-sensitive logic operation on HW value One-off logic operation, not a general purpose weakness Thus very contextual, particularly to securityspecific software Pattern #3 Variant #2

CVE-2009-4419 Malicious MCHBAR register value prevents proper VT-d policy application during TXT SENTER

31 CVE Malicious MCHBAR register value prevents proper VT-d policy application during TXT SENTER Hardware VT-d FEC10000 SINIT ACM Memory Image: Pattern #3 Variant #2 Example

32 Hardware Reflected Injection - Stored executable code blobs BIOS flash Option ROMs Boot device MBRs* Pattern #3 Variant #3

33 Mebromi virus Updated BIOS ISA ROM, which is executed upon system reboot CPU Reset Update BIOS Flash OpROM PCIe Card MBR Boot Dev OS + s Reboot Pattern #3 Variant #3 Example

34 Mebromi virus Updated BIOS ISA ROM, which is executed upon system reboot CPU Reset BIOS Flash OpROM PCIe Card MBR Boot Dev VMM IOMMU Update VM Pattern #3 Variant #3 Example

35 Interference with Hardware Privilege Access Enforcement Relevant to hypervisor & emulation Hypervisor/emulator does operation with their (elevated) privilege, not requestors lower privilege Confused deputy Pattern #4

36 CVE MS Virtual PC/Server instruction decoding doesn t enforce CPU privilege level requirements CVE KVM x86 emulator doesn t consider CPL & IOPL in guest hardware accesses Pattern #4 Examples

37 Access by a Parallel Executing Entity Things running at the same time One good, one bad Sensitive use of shared resources Programmable peripherals CPU Memory Peripherals Firmware Hardware Pattern #5

38 CVE SMP guest uses one thread to change instructions of another thread while being interpreted by hypervisor, allowing for arbitrary instruction execution CVE Malicious CPU thread monitors cache misses of another thread, recovery of cryptographic keys, etc. Pattern #5 Examples

39 Incorrect Hardware Use Someone didn t RTFM In all fairness: The manuals can be vague/cryptic They tell you to do things without a reason for why They say should instead of must Pattern #6

40 CVE Linux didn t notice AMD FXSAVE/FXRSTOR different than Intel, lead to leaking of floating point data between processes (cryptographic secrets, etc.) CVE Linux improper handling of uncanonical return address on EM64T, allowing exception handler to run on user stack with wrong GS CVE Xen/RedHat/Linux accesses VMCS fields without first seeing if hardware supports those fields, leading to crash/dos Pattern #6 Examples

41 External Control of a Hardware Device The device (not the data it processes) is under malicious control Variants: Physically present/proximate Reprogrammed Pattern #7

42 CVE Firewire port allows DMA, access to host memory SMM/BIOS CPU Memory 1394/FW Firmware CVE Reprogramming keyboard firmware Image: Pattern #7 Examples

43 And it s not a good offense DEFENSE

44 Watch your under surface Developers

45 Image: Unused Devices

46 You, too, can crash your system without trying EXPERIMENTING WITH HARDWARE

47 R/W Everything Windows

48 Open Hardware Monitor C#.NET Image: Windows + Linux

49 LoLA Low Level Access Linux kernel module that provides IO, MSR, memory, & CPUID access Programming API for access Linux

50 LoLA Low Level Access Linux kernel module that provides IO, MSR, memory, & CPUID access Programming API for access Linux

51 Vendor s website, Internet datasheet archives Datasheets

52 Google is your friend, as usual HW Schematics

Free download for Cansecwest attendees*! http://bioshacking.blogspot.

53 Free download for Cansecwest attendees*! *Cansecwest attendance not required, it s free to everyone Background Infoz

54 Thanks!

Virtually Impossible

Virtually Impossible The Reality of Virtualization Security Gal Diskin / Chief Research Officer / Cyvera LTD. /WhoAmI? Chief Research Officer @ Cvyera LTD Formerly Security Evaluation Architect of the