Finally, I Can Sleep Tonight: Catching Sleep Mode Vulnerabilities of the TPM with the Napper
Seunghun Han | Senior Security Researcher, National Security Research Institute of South Korea
Jun-Hyeok Park | Senior Security Researcher, National Security Research Institute of South Korea
[…]In this talk, we present two vulnerabilities, CVE-2017-16837 and CVE-2018-6622. The vulnerabilities we found can subvert the TPM with Advanced Configuration and Power Interface (ACPI). ACPI in PCs, laptops, and servers provide six sleeping states (S0-S5) for reducing power consumption. When the system enters the sleeping state, CPU, device, and RAM are powered off. Since the system powers the components off including security devices, the system should reinitialize them while waking up and this could be the attack surface. We found vulnerabilities on this attack surface without physical access. To mitigate the vulnerabilities, we also present countermeasures and a new tool, “Napper,” to check the vulnerabilities of the TPM. Napper is a bootable USB device based-on Linux, and it has a custom kernel and a vulnerability checking software. When you boot a system with the Napper, it makes your system to take a nap to check the vulnerabilities and to report the result to you.