Category: Uncategorized

UEFI Forum recommends FWTS for it’s ACPI tests

~ hucktech ~ Leave a comment

FWTS has had ACPI tests for a while, and it’s basically the best public set of ACPI tests available. Better than anything the UEFI Forum has, like the SCTs. They’ve been using FWTS in the UEFI plugfests for a while, for ACPI purposes. Now the UEFI Forum is more formally recommending FWTS. Alex Hung of Canonical announces a new milestone for FWTS, the FirmWare Test Suite:

FWTS 17.03.00 is recommended as the ACPI 6.1 SCT

We have achieved another important milestone! The UEFI Board of Directors recommends Firmware Test Suite (FWTS) release 17.03.00 as the ACPI v6.1 Self-Certification Test (SCT), More information is available at:
http://www.uefi.org/testtools
Thank you all for who contributed patches, reported bugs, provided feedbacks and used FWTS in your work.

Thanks, FWTS, for having the best ACPI tests available!

 

Full announcement:
https://lists.ubuntu.com/mailman/listinfo/fwts-announce

 

Intel AMT and JavaScript

~ hucktech ~ Leave a comment

Now that Intel® AMT 11.6 is released, it’s finally time to circle back and highlight a big new feature of 11.6 that has been in the works for a long time: Web Storage and the ability for the default Intel® AMT web UI to be replaced. Ever since the start, Intel® AMT has always had a basic web page you could access with any browser. Because it’s all out-of-band, you could access the web page from a browser even if the target computer was soft-off, sleeping or had a non-functioning operating system. Over the last 10 years, the web has come a long way. The built-in Intel® AMT web page offers basic capabilities, but we can do a lot better now with HTML5 and WebSockets.[…]

https://software.intel.com/en-us/blogs/2017/02/13/meshcommander-v044-released

https://software.intel.com/en-us/search/site/language/en?query=AMT

Pinczakko’s AMIBIOS Utils moves to Github

~ hucktech ~ Leave a comment

There’s a blog post about this, as well:

http://bioshacking.blogspot.sg/2017/07/migrating-amibios-1b-module-utilities.html

The utilities produced by the source code ONLY work with AMIBIOS8 (legacy BIOS) 1B module. You can obtain the 1B module from AMIBIOS8 BIOS binary by using AMI Module Management Tool (MMTool) utility (https://ami.com/en/products/bios-uefi-tools-and-utilities/bios-uefi-utilities/).

https://github.com/pinczakko/AMIBIOS8_1B_Utils

Alex at Black Hat: Where the Guardians of the BIOS Are Failing

~ hucktech ~ Leave a comment

Black Hat Vegas: Where the Guardians of the BIOS Are Failing
By Alex Matrosov
In our upcoming Black Hat Vegas talk, we will summarize our research about the UEFI firmware protections and our newly-discovered security problems. This talk raises awareness of these security challenges for hardware vendors, BIOS-level security researchers and defenders, and sophisticated stakeholders who want to know the current state of UEFI exposure and threats. The situation is serious but, with the right tools and knowledge, we can prevail.[…]

https://www.blackhat.com/us-17/briefings.html#betraying-the-bios-where-the-guardians-of-the-bios-are-failing

https://www.cylance.com/en_us/blog/black-hat-vegas-where-the-guardians-of-the-bios-are-failing.html

Alpine Linux Persistence and Storage Summit

~ hucktech ~ Leave a comment

Christoph Hellwig announced this event on the Linux-NVME mailing list.

We proudly announce the Alpine Linux Persistence and Storage Summit (ALPSS), which will be held from September 27-29 at the Lizumerhuette in Austria. The goal of this conference is to discuss the hot topics in Linux storage and file systems, such as persistent memory, NVMe, multi-pathing, raw or open channel flash and I/O scheduling in a cool and relaxed setting with spectacular views in the Austrian alps. We plan to have a small selection of short and to the point talks, and lots of room for discussion in small groups, as well as ample downtime to enjoy the surrounding. Attendance is free except for the accommodation and food at the lodge, but the number of seats is strictly limited. […] Note: The Lizumerhuette is an Alpine Society lodge in a high alpine environment. A hike of approximately 2 hours is required to the lodge, and no other accommodations are available within walking distance.

Full announcement:

http://lists.infradead.org/mailman/listinfo/linux-nvme
http://lists.infradead.org/pipermail/linux-nvme/2017-July/thread.html

 

 

Setting up Mac for EFI development

~ hucktech ~ Leave a comment

Setup EFI Development environment on Mac OSX Sierra (10.12.X)

Mikal Villa Mikal Villa • 07/10/2017

Oh no! a lot of text. Well, luckly half of the post is troubleshooting. EFI development setup is easy 🙂

Okay, before starting this guide you should have some tools installed already.[…]

https://0xcc.re/setup-efi-development-environment-on-mac-osx-sierra-10-12-x/

A Study of Overflow Vulnerabilities on GPUs

~ hucktech ~ Leave a comment

https://twitter.com/subTee/status/884025712029687808

A Study of Overflow Vulnerabilities on GPUs
Bang Di, Jianhua Sun, Hao Chen

GPU-accelerated computing gains rapidly-growing popularity in many areas such as scientific computing, database systems, and cloud environments. However, there are less investigations on the security implications of concurrently running GPU applications. In this paper, we explore security vulnerabilities of CUDA from multiple dimensions. In particular, we first present a study on GPU stack, and reveal that stack overflow of CUDA can affect the execution of other threads by manipulating different memory spaces. Then, we show that the heap of CUDA is organized in a way that allows threads from the same warp or different blocks or even kernels to overwrite each other’s content, which indicates a high risk of corrupting data or steering the execution flow by overwriting function pointers. Furthermore, we verify that integer overflow and function pointer overflow in struct also can be exploited on GPUs. But other attacks against format string and exception handler seems not feasible due to the design choices of CUDA runtime and programming language features. Finally, we propose potential solutions of preventing the presented vulnerabilities for CUDA.

Click to access npc16-overflow.pdf

USB Crosstalk Leakage Attacks on USB Hubs

~ hucktech ~ Leave a comment

USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs
Yang Su, Damith Ranasinghe, Daniel Genkin, Yuval Yarom

The Universal Serial Bus (USB) is the most prominent interface for connecting peripheral devices to computers. USB-connected input devices, such as keyboards, card-swipers and fingerprint readers, often send sensitive information to the computer. As such information is only sent along the communication path from the device to the computer, it was hitherto thought to be protected from potentially compromised devices outside this path. We have tested over 50 different computers and external hubs and found that over 90% of them suffer from a crosstalk leakage effect that allows malicious peripheral devices located off the communication path to capture and observe sensitive USB traffic. We also show that in many cases this crosstalk leakage can be observed on the USB power lines, thus defeating a common USB isolation countermeasure of using a charge-only USB cable which physically disconnects the USB data lines. Demonstrating the attack’s low costs and ease of concealment, we modify a novelty USB lamp to implement an off-path attack which captures and exfiltrates USB traffic when connected to a vulnerable internal or a external USB hub.

Click to access camera.pdf

ARM buys IoT security firm Simulity for £12m

~ hucktech ~ Leave a comment

By Josh Brooks 4th July 2017
ARM has bought IoT security tech business Simulity Labs in a £12m purchase from its private equity owner Foresight. Simulity provides embedded operating system software and related server systems for SIM cards and embedded SIMs (‘eSIMs’), allowing Internet of Things (IoT) devices to securely connect to networks. Foresight bought the business only last October for around £4m – meaning a massive return on its investment in percentage terms.[…]

ARM buys IoT security firm Simulity for £12m

https://www.simulity.com/

https://www.arm.com/products/iot-solutions

 

Linux OEMs/VARs: use FwUpd

~ hucktech ~ Leave a comment

If you build a Linux-based system, you should be putting your firmware updates on fwupd. Dell is the only vendor currently doing this.

What about: System76, ThinkPenguin, Purism, HP, etc??

Hmm, it looks like System76 might be working on it!

 

Petya Ransomware’s bootloader

~ hucktech ~ Leave a comment

I’ve not been paying attention to Petya, because I didn’t notice it had a bootloader impact. Whoops.

https://securingtomorrow.mcafee.com/business/petya-effective-destruction-ransomware/

[…]How do we explain Petya’s attacks against the master boot record and master file table? These render the entire system unusable. In this case why does encrypting files matter? The attack on the boot record and file table are similar to the behavior of the previous version of Petya, but there is one important difference. In research reported by Hasherezade, the new Petya destroys the Salsa20 cipher key by erasing it from the disk. In previous versions of Petya, the key is backed up in the victim’s ID before being erased—allowing for the recovery of the disk. Hasherezade also shows that the victim’s ID is generated before the random Salsa20 key is made, proving there is no relationship between the Salsa20 key and the victim’s ID. A reboot is required for this overwrite to take effect and supports the priorities we have mentioned. This difference in priorities implies the attackers are looking for pure destruction—closer in behavior to campaigns like Shamoon rather than ransomware such as Cerber, Locky, and WannaCry.[…]

https://www.us-cert.gov/ncas/current-activity/2017/06/27/Multiple-Petya-Ransomware-Infections-Reported

https://www.us-cert.gov/ncas/alerts/TA17-181A

https://github.com/hasherezade/petya_green/blob/master/petya.cpp#L8