Intel debugging interface vulnerable to USB attacks

January 17, 2017 ~ hucktech ~ Leave a comment

Intel debugger interface open to hacking via USBhttps://t.co/2st54apjbm

— Maxim Goryachy (@h0t_max) January 17, 2017

New Intel processors contain a debugging interface accessible via USB 3.0 ports that can be used to obtain full control over a system and perform attacks that are undetectable by current security tools. A talk on the mechanisms needed for such attacks and ways to protect against them was given by Positive Technologies experts Maxim Goryachy and Mark Ermolov at the 33rd Chaos Communication Congress (33C3) in Hamburg, Germany. […]

http://blog.ptsecurity.com/2017/01/intel-debugger-interface-open-to.html

Some background on these interfaces:

http://blog.asset-intertech.com/test_data_out/2016/07/the-three-types-of-jtag-access-on-intel-based-designs.html

Brian speaking at Bsides Huntsville

January 12, 2017 ~ hucktech ~ Leave a comment

I'll be presenting at @BSidesHSV – "How to Build Products Using Open Platform Firmware" 11:00am on Feb 4. More info: https://t.co/geWrqjbrwZ

— Brian Richardson (on LinkedIn) (@BrianOnChips) January 11, 2017

Brian Richardson of Intel will be speaking about firmware at a security conference, BSides Huntsville.

https://software.intel.com/en-us/meet-the-developers/evangelists/team/Brian-Richardson

https://www.bsideshuntsville.org/

Debian packaging for CHIPSEC

January 12, 2017 ~ hucktech ~ Leave a comment

Added Debian packaging support thanks to @ABazhaniuk https://t.co/ro1wDAoQdK

— CHIPSEC (@CHIPSEC) January 10, 2017

https://github.com/chipsec/chipsec/tree/master/debian

Wow, so now PIP has some competition. 🙂

more on ME Cleaner

January 12, 2017 ~ hucktech ~ Leave a comment

I did a brief post on ME Cleaner, found on an article pointed out to me by a reader (i.e., I missed it). Phoronix has a story on ME Cleaner, including a pointer to it’s hardware/firmware-compatibility page, which I also missed:

https://github.com/corna/me_cleaner/wiki/me_cleaner-status

It's Now Possible To Disable & Strip Down Intel's #ME #Blob https://t.co/q5NJyTgppo

— Phoronix (@phoronix) January 12, 2017

http://www.phoronix.com/scan.php?page=news_item&px=Intel-ME-Cleaning

https://github.com/corna/me_cleaner

ME Cleaner

Intel Fortville vulnerability

January 12, 2017 ~ hucktech ~ Leave a comment

Intel ID:     INTEL-SA-00063
Product family:     Intel® Ethernet Controller X710 family and Intel® Ethernet Controller XL710 family
Impact of vulnerability:     Denial of Service
Severity rating:     Important
Original release:     Jan 09, 2017

A security vulnerability in the Intel® Ethernet Controller X710 and Intel® Ethernet Controller XL710 family of products (Fortville) has been found in the Non-Volatile Flash Memory (NVM) image. A security vulnerability in the Intel® Ethernet Controller X710 and Intel® Ethernet Controller XL710 family of products (Fortville) has been found in the Non-Volatile Flash Memory (NVM) image. Under certain use conditions the Ethernet controller will stop sending and receiving data until the controller is reset. All NVM versions 5.04 and earlier contain this vulnerability which is fully mitigated in NVM version 5.05. […]

Full announcement:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr

SMM training at WhiskeyCon

January 9, 2017 ~ hucktech ~ Leave a comment

WhiskeyCon Training – SMM Rootkit by Alex Tereshkin

— thomas (@LimThomas168) January 9, 2017

"SMM Rootkits" training by Alex Tereshkin at #WiskeyCon https://t.co/e5TxqcLPhf

— Yuriy Bulygin (@c7zero) January 9, 2017

Cool, very glad to hear that Tereshkin is back after the years of silence https://t.co/JaFlF3V5JX

— Dmytro Oleksiuk 💥 d_olex@mastodon.social (@d_olex) January 9, 2017

“This course is for people who want to find out more information about the most privileged and mysterious operating mode of x86 processors: System Management Mode. You will learn what it actually is, how to get there and what can be done by an attacker once his code is executed in SMM. Are there SMM rootkits in the wild? How feasible it is to create such rootkit? Can a kernel mode antivirus or a hypervisor protect against attacks from SMM? Can SMM rootkit be detected using memory forensics? Can you put an ultimate antivirus in SMM to fight SMM and kernel mode rootkits? We will cover these topics in much detail. There will be many lab exercises which will help you to better understand the ideas and techniques. By the end of the course you will have a good understanding of SMM security principles. You will also have a hands-on experience with implementing and detecting SMM rootkits.”

Look at the site for more about the author and the daily schedule.

Longkit: a UEFI/BIOS/SMM rootkit (at ICISSP’17)

January 8, 2017 ~ hucktech ~ Leave a comment

ICISSP 2017, in Portugal, has an upcoming UEFI/BIOS/SMM rootkit presentation that sounds interesting:

Longkit: A UEFI/BIOS Rootkit in the System Management Mode. ICISSP 2017
Julian Rauchberger, Robert Luh, Sebastian Schrittwieser.

The theoretical threat of malware inside the BIOS or UEFI of a computer has been known for almost a decade. It has been demonstrated multiple times that exploiting the System Management Mode (SMM), an operating mode implemented in the x86 architecture and executed with high privileges, is an extremely powerful method for implanting persistent malware on computer systems. However, previous BIOS/UEFI malware concepts described in the literature often focused on proof-of-concept implementations and did not have the goal of demonstrating the full range of threats stemming from SMM malware. In this paper, we present Longkit, a novel framework for BIOS/UEFI malware in the SMM. Longkit is universal in nature, meaning it is fully written in position-independent assembly and thus also runs on other BIOS/UEFI implementations with minimal modifications. The framework fully supports the 64-bit Intel architecture and is memory-layout aware, enabling targeted interaction with the operating system’s kernel. With Longkit we are able to demonstrate the full potential of malicious code in the SMM and provide researchers of novel SMM malware detection strategies with an easily adaptable rootkit to help evaluate their methods.

http://www.icissp.org/

https://www.jrz-target.at/2016/12/22/paper-accepted-at-icissp-2017/

Secure Linux containers with Intel SGX

January 7, 2017 ~ hucktech ~ Leave a comment

Diogo Mónica, Security Lead at Docker, posts this:

https://twitter.com/diogomonica/status/817454942369812482
We looked at Haven earlier this year, which demonstrated how Intel’s SGX could be used to shield an application from an untrusted cloud provider. Today’s paper choice, SCONE, looks at how to employ similar ideas in the context of containers.[…] What’s the best way to adapt a container to run within an enclave, accommodating all of the restrictions that come with that? Can it be done in a way that doesn’t break compatibility with existing container platforms (e.g., Docker)? Will the end result pay too high a performance overhead to be usable in practice? […]

SCONE: Secure Linux containers with Intel SGX

Warthog9 leaves Intel

January 7, 2017 ~ hucktech ~ Leave a comment

If you have been following the Intel MinnowBoard in particular, or open source hardware/hardware and Intel in general, and you probably know of John ‘Warthog9’ Hawley. He’s leaving Intel! I wonder if someone will fill his role? Below is John’s verbatim posting to the MinnowBoard mailing list:

Taking a step back
Just wanted to let folks know that today was my last day at Intel. It’s been a blast, but it’s time to move on to new things. I’ll still be hanging around here in the community, but I will no longer be directly speaking for MinnowBoard as a whole: I’ll just be another community member. To say the least, this community has been amazing – and the things people are doing, and creating here have continually astonished me, and I look forward to seeing what else people have in store.

More info:
http://lists.elinux.org/mailman/listinfo/elinux-minnowboard

Intel CPU Security Features list by Borja Merino

January 5, 2017 ~ hucktech ~ Leave a comment

Intel CPU security featureshttps://t.co/8kJZo0rjxy

— Borja Merino (@BorjaMerino) December 26, 2016

Borja has an interesting web site with a variety of Intel securty-centric information.

https://github.com/huku-/research/wiki/Intel-CPU-security-features

Yuriy to speak at REcon Brussels

January 5, 2017 ~ hucktech ~ Leave a comment

We'll talk about a class of new vulnerabilities affecting systems with both (U)EFI & Coreboot based firmware @reconbrx

— Yuriy Bulygin (@c7zero) January 4, 2017

If you follow system firmware security, you may like our "Baring the system" talk at RECon Brussels @reconbrx

— Yuriy Bulygin (@c7zero) January 4, 2017

Recon Brussels 2017 talks list has been released https://t.co/5n6vgC4PA7

— REcon Brussels (@reconbrx) December 27, 2016

https://recon.cx/2017/brussels/

new editions of Beyond BIOS and Harnessing the UEFI Shell

January 2, 2017 ~ hucktech ~ Leave a comment

Intel Press published the first and second editions of these two books a few years ago, but it appears Degruyter is publishing revised third editions!

Harnessing the UEFI Shell: Moving the Platform Beyond DOS, Third Edition
Rothman, Michael / Zimmer, Vincent / Lewis, Tim
https://www.degruyter.com/view/product/484477

Beyond BIOS: Developing with the Unified Extensible Firmware Interface, Third Edition
Zimmer, Vincent / Marisetty, Suresh / Rothman, Michael
https://www.degruyter.com/view/product/484468

Mark Doran on device IDs

December 25, 2016 ~ hucktech ~ Leave a comment

Mark Doran of Intel is interviewed for an article in EECatalog on device IDs, a useful read for those that care about device IDs (and ACPI).

http://eecatalog.com/intel/2016/12/07/a-singular-perspective-on-unique-ids-qa-with-uefi-forum-president-mark-doran/

Parsing Intel microcode

December 25, 2016 ~ hucktech ~ 1 Comment

Finbarr P. Murphy has a new blog post which includes some new Linux-centric Python-based code that parses Intel microcode, to detect updates.

http://blog.fpmurphy.com/2016/12/python-3-utilities-for-parsing-intel-microcode.html

UEFI presentation from Linux Plumbers Conference available

December 21, 2016 ~ hucktech ~ Leave a comment

EFI and Linux Interoperability – Harry Hsiung of Intel gave a presentation at the November 2016 Linux Plumbers Conference on UEFI and Linux. The PDF of the presentation is now available on UEFI.org:

Click to access UEFI%20and%20Linux%20Interoperability.pdf

http://www.uefi.org/learning_center/presentationsandvideos

Tianocore TLS library updated

December 21, 2016 ~ hucktech ~ Leave a comment

Jiaxin Wu of Intel submitted a v2 update to the TLS library of Tianocore:

CryptoPkg: Add new TlsLib library

v2:
* Code refine and Typo fix:
TlsHandeAlert -> TlsHandleAlert

This patch is used to add new TlsLib library, which is wrapped over OpenSSL. The implementation provides TLS library functions for EFI TLS protocol and EFI TLS Configuration Protocol.

More info:
https://lists.01.org/mailman/listinfo/edk2-devel

Intel open sources XED

December 17, 2016 ~ hucktech ~ Leave a comment

Intel XED open sourced https://t.co/ermwEHlvXr h/t @DmitryBabokin @twoscomplement
Encoding/decoding one x86(-64) insn from/to data structure

— Solar Designer (@solardiz) December 17, 2016

Intel published an open-source machine-readable (non-PDF) description of the x86 instruction set. https://t.co/S0FyBUzamM

— Russ Cox (@_rsc) December 17, 2016

https://intelxed.github.io/

https://github.com/intelxed/xed/tree/master/datafiles

STM added to Tianocore

December 16, 2016 ~ hucktech ~ Leave a comment

Intel has submitted a patch to Tianocore to add STM support!

[edk2] [patch 0/4] Add STM (Smi Tranfer Monitor) support

This patch series is used to add STM support to UefiCpuPkg. More details about STM are described in:
http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf
https://firmware.intel.com/sites/default/files/STM_User_Guide-001.pdf
https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Launching_STM_to_Monitor_SMM_in_EFI_Developer_Kit_II.pdf

28 files changed, 6036 insertions(+), 65 deletions(-)

More info:
https://lists.01.org/mailman/listinfo/edk2-devel
https://firmwaresecurity.com/tag/stm/

Intel updates NUC for SMM vulnerability

December 1, 2016 ~ hucktech ~ Leave a comment

An update to this:

Intel NUC’s Vulnerable to SMM Exploit

Intel has updated bits for NUC users:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00057&languageid=en-fr

Tag: Intel

Intel debugging interface vulnerable to USB attacks

Brian speaking at Bsides Huntsville

Debian packaging for CHIPSEC

more on ME Cleaner

Intel Fortville vulnerability

SMM training at WhiskeyCon

Longkit: a UEFI/BIOS/SMM rootkit (at ICISSP’17)

Secure Linux containers with Intel SGX

Warthog9 leaves Intel

Intel CPU Security Features list by Borja Merino

Yuriy to speak at REcon Brussels

new editions of Beyond BIOS and Harnessing the UEFI Shell

Mark Doran on device IDs

Parsing Intel microcode

UEFI presentation from Linux Plumbers Conference available

Tianocore TLS library updated

Intel open sources XED

STM added to Tianocore

more content available for Rootkits and Bootkits book

Intel updates NUC for SMM vulnerability