Uncategorized

US Treasury Sanctions Russian Federal Security Service Enablers

“Embedi was designated pursuant to E.O. 13694, as amended. As of May 2017, Embedi was owned or controlled by Digital Security.”

https://home.treasury.gov/news/press-releases/sm0410

Embedi does firmware security research.

 

Standard
Uncategorized

INTEL-SA-00110: BIOS SW SMI Call-Out EoP

Intel® NUC BIOS SW SMI Call-Out

Intel ID: INTEL-SA-00110
Product family: Intel® NUC Kits
Impact of vulnerability: Elevation of Privilege
Severity rating: Important
Original release: Apr 17, 2018
Last revised: Apr 17, 2018
Summary:

This update will improve the security of system firmware for the below listed Intel NUC models. Intel has identified a potential vulnerability in Intel NUC kits with insufficient input validation in system firmware that potentially allows a local attacker to elevate privileges to System Management Mode (SMM). Intel highly recommends that users update to the latest firmware version (see table above).

Intel would like to thank Embedi for reporting this issue and working with us on coordinated disclosure.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00110&languageid=en-fr

 

Standard
Uncategorized

Embedi SMM_USBRT_POC: CVE-2017-5721 UsbRt SMM EoP

CVE-2017-5721 Proof-of-Concept

UsbRt SMM Privilege Elevation

This is a Proof-of-Concept code that demonstrates the exploitation of the CVE-2017-5721 vulnerability. This PoC causes a system to be completely stuck because of Machine Check Exception occurred.

All you need is CHIPSEC Framework installed. And don’t forget to put GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash acpi=off” in /etc/default/grub if you have Intel device.

https://github.com/embedi/smm_usbrt_poc

Standard
Uncategorized

Embedi: UEFI BIOS holes. So much magic. Don’t come inside.

24 October, 2017
UEFI BIOS holes. So Much Magic. Don’t Come Inside.
In recent years, embedded software security has become a red-hot topic, attracting the attention of high profile security researchers from all around the globe. However, the quality of code is still far from perfect as long as its security is considered. For instance, the CVE-2017-5721 SMM Privilege Elevation vulnerability in the firmware could affect such scope of vendors like Acer, ASRock, ASUS, Dell, HP, GIGABYTE, Lenovo, MSI, Intel, and Fujitsu. This white paper is intended to describe how to detect a vulnerability in a motherboard firmware with the help of the following tools: Intel DAL, UEFITool, CHIPSEC, RWEverything, and how to bypass the patch that fixes this vulnerability.[…]

https://embedi.com/blog/uefi-bios-holes-so-much-magic-dont-come-inside

Standard
Uncategorized

Security updates for Intel NUC firmware (INTEL-SA-00084)

Intel ID: INTEL-SA-00084
Product family: Intel® NUC Kits
Impact of vulnerability: Elevation of Privilege
Severity rating: Critical
Original release: Oct 06, 2017

This update improves protection against mitigates multiple vulnerabilities related to security features in Intel® NUC system firmware (BIOS). BIOS Administrator and User password bypass: Insufficient protection of password storage in system firmware for NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attacker to bypass Administrator and User passwords via access to password storage. SPI Write Protection Bypass: Insecure platform configuration in system firmare for NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery. SMM Privilege Elevation: Insufficient input validation in system firmware for Intel® NUC systems allows local attacker to execute arbitrary code via manipulation of memory. Boot Guard Bypass: Incorrect policy enforcement in system firmware for Intel® NUC systems allows attacker with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. Dangerous SPI Opcode Protections: Insufficient policy enforcement in system firmware for Intel® NUC systems allows attacker with local or physical access to violate integrity or availability of nonvolatile storage for firmware via specially crafted accesses to nonvolatile storage. Intel highly recommends that users update to the latest version. Intel would like to thank Nikolaj Schlaj for reporting CVE-2017-5700 and CVE-2017-5701 and working with us on coordinated disclosure. Intel would like to thank Embedi for reporting CVE-2017-5721 and CVE-2017-5722 and working with us on coordinated disclosure.[…]

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr

 

 

Standard
Uncategorized

Embedi: Bypassing Intel Boot Guard

In recent years, there is an increasing attention to the UEFI BIOS security. As a result, there are more advanced technologies created to protect UEFI BIOS from illegal modifications. One of such technologies is Intel Boot Guard (BG) – a hardware-assisted BIOS integrity verification mechanism available since Haswell microarchitecture (2013). So-called «UEFI rootkits killer» this technology is designed to create a trusted boot chain (where a current boot component cryptographically measures/verifies the integrity of the next one) with Root-of-Trust locked into hardware.[…]

https://embedi.com/blog/bypassing-intel-boot-guard

Standard