Fruct20: UEFI BIOS and Intel ME attack vectors and vulnerabilities

May 4, 2018 ~ hucktech ~ Leave a comment

UEFI BIOS and Intel Management Engine Attack Vectors and Vulnerabilities
Alexander Ogolyuk, Andrey Sheglov, Konstantin Sheglov
Saint Petersburg National Research University of Information Technologies, Mechanics and Optics
St. Petersburg, Russia

We describe principles and implementation details of UEFI BIOS attacks and vulnerabilities, suggesting the possible security enhancement approaches. We describe the hidden Intel Management Engine implementation details and possible consequences of its security possible discredit. Described breaches in UEFI and Intel Management Engine could possibly lead to the invention of “invulnerable” malicious applications. We highlight the base principles and actual state of Management Engine (which is a part of UEFI BIOS firmware) and its attack vectors using reverse engineering techniques.

From conclusion:
* Disable all SMM code (if possible by patching or other methods)
* Disable any external firmware components (PCI boot)
* Disable S3 Bootscript (after sleep mode)
* SMI transaction Monitor extensive usage (to find malicious SMI calls)
* Enable Secure Boot mode
* Enable BIOS password
* Extensive reverse engineering of vendor’s firmware samples to find and report vulnerabilities
* Code reviews (of open sourced UEFI based systems like Tiano-Core)

Click to access Ogo.pdf

https://www.fruct.org/program20

Click to access FRUCT20_Program.pdf

NIST updates 193 to non-draft status

May 4, 2018 ~ hucktech ~ Leave a comment

https://csrc.nist.gov/News/2018/NIST-Releases-SP-80-193

https://csrc.nist.gov/publications/detail/sp/800-193/final

Click to access NIST.SP.800-193.pdf

GLitch: a remote Rowhammer exploit on ARM Android devices

May 4, 2018 ~ hucktech ~ Leave a comment

Disclosure process is over folks! Finally we can now share our work /cc @gober @c_giuffrida @herbertbos @vu5sec. Also big thanks to @brainsmoke for helping out with #GLitch https://t.co/vsMUbpJtcx

— Pietro Frigo (@pit_frg) May 3, 2018

What is GLitch?

GLitch is one part of our series of Rowhammer attacks. We started by breaking the EDGE browser and the cloud. Then we moved towards Android devices showing how to root them with bit flips. This time we wanted to show that also mobile phones can be attacked remotely via the browser.
Meet GLitch: the first instance of a remote Rowhammer exploit on ARM Android devices. This makes it possible for an attacker who controls a malicious website to get remote code execution on a smartphone without relying on any software bug.
You want to know what makes this attack even cooler? It is carried out by the GPU. This is the first GPU-accelerated Rowhammer attack.[…]

https://www.vusec.net/projects/glitch/

On the Path to a Secure Boot Solution for RISC-V

May 4, 2018 ~ hucktech ~ Leave a comment

On the Path to a Secure Boot Solution for RISC-V – SecureRF https://t.co/k3UnB2dl41

— Veridify Security (@Veridify) April 30, 2018

On the Path to a Secure Boot Solution for RISC-V
By SecureRF | April 26, 2018 | 0

As the RISC-V ISA gains in popularity and more industries proceed with plans to build and deploy systems based on RISC-V technologies, the security requirements of those systems will grow. One avenue that hackers have used to exploit systems has been to modify the firmware and cause it to misbehave. For example, one of the recent vehicle hacks involved corrupting firmware in order to jump from an infotainment center to the CAN-BUS. The solution to this style of attack is a secure boot, and with minimal additions to the ISA, RISC-V can provide secure boot hooks directly. Secure boot is a self-hosted root of trust that uses a digital signature and a known, trusted, public key to protect the firmware before it loads. The RISC-V system validates the signature over the firmware using the trusted public key and will run the code only if the signature verifies correctly. If the firmware has been modified in any way, the signature validation will fail. Once this initial trusted load completes, subsequent loads can use the same process to chain the trust to additional loads.[…]

https://www.securerf.com/path-secure-boot-solution-risc-v/

Alex Ionescu: Advancing the State of UEFi Bootkids, slides online

May 4, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/aionescu/status/992416476245123072

https://twitter.com/aionescu/status/992416475431358464

Publications

Rust-OSdev/ACPI: Library for parsing ACPI tables and AML

May 4, 2018 ~ hucktech ~ Leave a comment

A library to parse ACPI tables and AML, written in Rust. Designed to be easy to use from inside a kernel written in Rust, and fully tested. Acpi is currently very early in development, will be highly unstable and is next to useless for actually parsing ACPI or AML.

https://github.com/rust-osdev/acpi

AMI Adds TPM Support on Arm-based Systems Running Aptio® V UEFI Firmware

May 4, 2018 ~ hucktech ~ Leave a comment

PR Announcement: American Megatrends Adds TPM Support on Arm-based Systems https://t.co/o5Kaim4hDW pic.twitter.com/kgIMqeVmWc

— AMI (@AMI_PR) May 2, 2018

AMI has announced support for TPM on Arm®-based systems running AMI’s flagship Aptio® V UEFI Firmware. […] Previously, AMI only provided TPM support for x86 platforms. With the growing need to extend TPM support for additional platforms, AMI has added TPM support for Arm-based systems currently running AMI’s Aptio® V UEFI firmware. The added TPM support for Arm-based systems includes features specifically for the Arm architecture such as TPM driver support within Arm® TrustZone® technology and Linux OS support. The Arm TrustZone TPM Firmware can be accessed by the BIOS and OS via the Command Response Buffer interface using Secure Monitor calls. Other generic features supported by TPM include cryptographic algorithms and measurement of SecureBoot variables.[…]

https://ami.com/en/news/press-releases/american-megatrends-adds-tpm-support-on-armbased-systems-running-aptio-v-uefi-firmware/

Building UEFI Applications with Clang and LLD

May 3, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/04/20/efi-clang-build-uefi-apps-with-clang-and-lld/

There’s a blog post on this toolchain:

[…]Disillusioned (more like repulsed) with Tianocore’s offering, I decided to hold my nose and try the gnu-efi way of doing things. […]

http://yoppeh.com/2018/04/18/building-uefi-applications-with-clang-and-lld/

PS: see latest project by author, new set of EFI headers:

https://github.com/yoppeh/efi

Duo on Apple firmware security (and new EFIgy release)

May 3, 2018 ~ hucktech ~ 1 Comment

Nice article on latest Apple changes to firmware security, T2 processor, Secure Boot, etc, are discussed here. Maybe one day Apple will create a similar whitepaper.

Check out the latest @duo_labs security research from @bruienne where details on how Apple implement secure storage on the iMac Pro are shared. Lots more Apple RE work coming so stay tuned 🙂https://t.co/apefadKiYA

— Rich Smith (@iodboi) May 2, 2018

New version of EFIgy client available with iMac Pro support, grab it from https://t.co/Rc8qxIdUWv @duo_labs

— Rich Smith (@iodboi) May 1, 2018

https://duo.com/blog/apple-imac-pro-and-secure-storage

http://efigy.io/

more on Spectre/Meltdown

May 3, 2018 ~ hucktech ~ Leave a comment

A few new Spectre/Meltdown-related things in the news:

https://twitter.com/daniel_bilar/status/991962885969600513

https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html

Excellent work by one of our student teams:
Probably now the fastest microarchitectural covert channel (Flush+Reload): https://t.co/IFdNA6OW6h
3.56MByte/s and 0 errors over 160MB transmitted random data.

Imagine #Meltdown and #Spectre attacks using that implementation 😉#tugraz

— Daniel Gruss (@lavados) May 3, 2018

SpectreNG speculations¹ are rife.

The “VM escape” one is, arguably, the most fun to consider given the slight dependence on cloudy clouds.

__
¹ https://t.co/5kMqaBN3Oi [German]

— Arrigo Triulzi (@cynicalsecurity) May 3, 2018

“Incidentally, Intel's Software Guard Extensions (SGX), which aim to protect sensitive data on cloud servers, are also not Specter-Safe ¹.” ²

__
¹ https://t.co/OYeiaJaxKi [German]
² https://t.co/5kMqaBN3Oi

— Arrigo Triulzi (@cynicalsecurity) May 3, 2018

Really nice article from @a_greenberg covering our project @c_giuffrida @herbertbos @gober @vu5ec https://t.co/e8BfmRqfA5

— Pietro Frigo (@pit_frg) May 3, 2018

Dutch researchers have shown for the first time that Rowhammer, a technique that induces targeted electric charge leaks in computer memory, can be used to hack Android phones over the internet. https://t.co/BuYxGhGsFI

— Andy Greenberg (@agreenberg at the other places) (@a_greenberg) May 3, 2018

https://www.wired.com/story/rowhammer-remote-android-attack/

https://www.arm.com/products/security-on-arm/security-ip/side-channel-mitigation

Google Asylo: SDK for apps that run in TEEs

May 3, 2018 ~ hucktech ~ Leave a comment

Hello from Asylo! We've just announced an open source project with a grand vision to democratize confidential computing via portable and flexible tooling.https://t.co/U2iW2IW3rD

— Asylo Framework (@asylodev) May 3, 2018

Google Asylo is a framework for enclave applications: https://t.co/ILHVFRkFVP

It looks like it has SGX support.

— Steve Weis (@sweis) May 3, 2018

I am proud to announce today how the #gsecurity team is now unveiling @asylodev which is an open-source framework for confidential computinghttps://t.co/Ixf8siSKTa

— David B. Cross 🇺🇦 (@MrDBCross) May 3, 2018

Y'all, I can finally talk about what I've been working on in less cryptic terms. #asylo #gsecurity #opensource https://t.co/evVahf486j

— Abolish police and prisons (@DrDeeGlaze) May 3, 2018

https://twitter.com/qrs/status/992109956659863552

[…]Today we’re excited to announce Asylo (Greek for “safe place”), a new open-source framework that makes it easier to protect the confidentiality and integrity of applications and data in a confidential computing environment. Asylo is an open-source framework and SDK for developing applications that run in trusted execution environments (TEEs). TEEs help defend against attacks targeting underlying layers of the stack, including the operating system, hypervisor, drivers, and firmware, by providing specialized execution environments known as “enclaves”. TEEs can also help mitigate the risk of being compromised by a malicious insider or an unauthorized third-party. Asylo includes features and services for encrypting sensitive communications and verifying the integrity of code running in enclaves, which help protect data and applications.[…]

https://cloudplatform.googleblog.com/2018/05/Introducing-Asylo-an-open-source-framework-for-confidential-computing.html

https://github.com/google/asylo

https://asylo.dev/

Intel Platform Armoring and Resiliency group seeking senior security researcher

May 2, 2018May 2, 2018 ~ hucktech ~ Leave a comment

The Platform Armoring and Resiliency SSG/STO/PSI/PAR organization is looking for a senior security researcher. The ideal candidate will be responsible for secure design, development and operation of Intel’s hardware and software products and services. […]

https://jobs.intel.com/ShowJob/Id/1605323/Security%20Researcher

I wonder, is this to fill John’s recently-vacated position? 🙂

VMWare and Microsoft Virtualization Based Security (VBS)

May 2, 2018 ~ hucktech ~ Leave a comment

Introducing support for Virtualization Based Security and Credential Guard in vSphere 6.7
Mike Foley

Microsoft virtualization-based security, also known as “VBS”, is a feature of the Windows 10 and Windows Server 2016 operating systems. It uses hardware and software virtualization to enhance Windows system security by creating an isolated, hypervisor-restricted, specialized subsystem. Starting with vSphere 6.7, you can now enable Microsoft (VBS) on supported Windows guest operating systems. You may or may not be familiar with these new Windows features. Based on conversations I have with security teams, you might want to become familiar! What you will hear first and foremost is the requirement for “Credential Guard” which is why I added that to the title. In order to level set the conversation in this blog I will go over the features as they related to a bare metal installation of Windows and then a Windows VM on ESXi.[…]

https://blogs.vmware.com/vsphere/2018/05/introducing-support-virtualization-based-security-credential-guard-vsphere-6-7.html

Apple: set your firmware password

May 2, 2018 ~ hucktech ~ 2 Comments

Apple has recently updated this support article, covering firmware password information:

https://support.apple.com/en-us/HT204455

https://support.apple.com/en-us/HT201255

Microsoft: Update your security processor (TPM) firmware

May 2, 2018 ~ hucktech ~ 1 Comment

Microsoft has recently updated (or created?, as I’ve never read it before) this document, showing how to update your TPM firmware.

https://support.microsoft.com/en-us/help/4096377/windows-10-update-security-processor-tpm-firmware

GCC 8.1 Released

May 2, 2018 ~ hucktech ~ Leave a comment

GCC 8.1 is a major release containing substantial new functionality not available in GCC 7.x or previous GCC releases.

This releases features significant improvements in the emitted diagnostics, including improved locations, location ranges and fix-it hints (especially in the C++ front-end), and various new warnings have been added.

Profile driven optimizations have been significantly improved, on x86 functions are now split into hot and cold regions by default. The link time optimizations now have a new way of emitting the DWARF debug information, which makes LTO optimized code more debuggable. New loop optimizers have added and existing improved and some, like -ftree-loop-distribution, -floop-unroll-and-jam and -floop-interchange have been enabled by default at-O3.

The AArch64 target now supports the Scalable Vector Extension, whichfeatures vectors with runtime determined number of elements.

http://gcc.gnu.org/gcc-8/porting_to.html
https://gcc.gnu.org/gcc-8/changes.html
http://www.gnu.org/order/ftp.html

Lojack (formerly CompuTrace) Becomes a Double-Agent

May 2, 2018 ~ hucktech ~ Leave a comment

It does not appear LoJack itself was hacked, nor do researchers claim firmware was edited for persistence, it sounds like attackers with root access on target laptops used a hex editor on unsigned (?) EXE files to bypass path-based software whitelisting. https://t.co/ZpuPkMYrC4

— SwiftOnSecurity (@SwiftOnSecurity) May 2, 2018

Interesting findings by @arbornetworks about Computrace/LoJack (UEFI rootkit) malicious activity https://t.co/iuRHglaVCc We already discussed LoJack low-level details in #BHASIA talk last year https://t.co/WPLlgmlsO6 (from slide 33) @vxradius

— Alex Matrosov (@matrosov) May 2, 2018

ASERT recently discovered Lojack agents containing malicious C2s. These hijacked agents pointed to suspected Fancy Bear (a.k.a. APT28, Pawn Storm) domains. The InfoSec community and the U.S. government have both attributed Fancy Bear activity to Russian espionage activity. Fancy Bear actors typically choose geopolitical targets, such as governments and international organizations. They also target industries that do business with such organizations, such as defense contractors. Lojack, formally known as Computrace, is a legitimate laptop recovery solution used by a number of companies to protect their assets should they be stolen. Lojack makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution. Although the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads.

https://asert.arbornetworks.com/lojack-becomes-a-double-agent/

Wikipedia on LoJack: “Analysis of Computrace by Kaspersky Lab shows that in rare cases, the software was preactivated without user authorization. The software agent behaves like rootkit (bootkit), reinstalling a small installer agent into the Windows OS at boot time. This installer later downloads the full agent from Absolute’s servers via the internet. This installer (small agent) is vulnerable to certain local attacks[8][9] and attacks from hackers who can control network communications of the victim.”

https://en.wikipedia.org/wiki/LoJack_for_Laptops

https://www.absolutelojack.com/features/

AMI statement for Meltdown/Spectre for MegaRAC BMC

May 2, 2018 ~ hucktech ~ Leave a comment

American Megatrends Statement in Response to "Meltdown" and "Spectre" Security Vulnerabilities for MegaRAC BMC Firmware on ASPEED Arm-based Platformshttps://t.co/HPm0SV7so6

— NikKTech (@NikKTech) May 2, 2018

https://ami.com/en/tech-blog/ami-statement-in-response-to-meltdown-and-spectre-security-vulnerabilities-for-megarac-bmc-firmware-on-aspeed-armbased-platforms/

https://www.nikktech.com/main/news/8940-american-megatrends-statement-in-response-to-meltdown-and-spectre-security-vulnerabilities-for-megarac-bmc-firmware-on-aspeed-arm-based-platforms

Bypassing code protection on an Intel 8752

May 2, 2018 ~ hucktech ~ Leave a comment

Bypassing code protection on an Intel 8752 :
https://t.co/0psWIJAkKF pic.twitter.com/2ZT2ZPGxBJ

— Binni Shah (@binitamshah) May 2, 2018

Bypassing code protection on an Intel 8752
Kibo Schaffer

The security bits that enforce code protection on the Intel 8752 can be cleared with UV, while keeping the main program memory mostly intact by applying a UV mask (nail polish) to the EPROM regions of the die.[…]

https://blog.inach.is/8752/

Ceramic chip decapping rig

Arm announces security features in Cortex-M35P

May 2, 2018 ~ hucktech ~ Leave a comment

On Wednesday, 2nd May we announced a range of IP to protect silicon from physical attacks, extending our portfolio of Arm security IP to bring physical security within reach of any IoT product. Our new IP, all marked with a “P” tag for physical security, includes: the Cortex-M35P processor, as well as a new suite of security IP with added side-channel attack protection (CryptoIsland-300P and CryptoCell-312P). This post describes how the benefits and features of the Cortex-M35P bring anti-tampering protection to the widely-supported, user-friendly Cortex-M processor to guard against physical attacks, providing access to new markets for your product.[…]

https://www.arm.com/products/processors/securcore

https://community.arm.com/processors/b/blog/posts/arm-cortex-m35p-multilayered-security-at-heart-of-your-device