Hardware-involved software attacks & defenses - Jeff

Report
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Hardware Involved
Software Attacks
Jeff Forristal
CanSecWest 2012
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
“Once you have root/admin,
what’s left to do?”
Question
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Rootkits
VM escapes
App hacking/
priv escalation
BIOS hacking
Jail breaking
Relevance
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Attack surfaces
Attack patterns
Themes
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
X86-centric
Other architectures may do it differently
Not about hardware attacks*
The final vulnerability lives in software
Caveats
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Follow the RASQ’ally rabbit…
ATTACK SURFACES
Privilege
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
App
App
OS
Hardware
The Stack
Privilege
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
App
App
OS
Hardware
OS
The Stack
Privilege
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
App
App
OS
Hardware
OS
????????????????????????
The Stack
Driver
Driver
Driver
Driver
OS
Driver
Driver
Driver
Driver
Privilege
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
App
App
OS
Hardware
The Stack
Driver
Driver
Driver
Driver
OS
Driver
Driver
Driver
Driver
Privilege
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
App
App
OS
Hardware
The Stack
App
App
App
OS
App
OS
VMM/Hypervisor
Privilege
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
VM
VM
SMM/BIOS
CPU
Memory
Peripherals
Firmware
Hardware
Platform
The Stack
App
App
App
OS
App
OS
VMM/Hypervisor
Privilege
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
VM
VM
BIOS &
OS/VMM share
access, but not
trust
SMM/BIOS
CPU
Memory
Peripherals
Firmware
Hardware
Platform
The Stack
App
App
App
OS
App
OS
VMM/Hypervisor
Privilege
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
VM
VM
Hypervisor can
grant VM direct
HW access
SMM/BIOS
CPU
Memory
Peripherals
Firmware
Hardware
Platform
The Stack
App
App
App
OS
App
OS
VMM/Hypervisor
Privilege
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
VM
VM
SMM/BIOS
CPU
Memory
Peripherals
Firmware
DMA
Hardware
Platform
The Stack
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Besides the obvious…
 Direct capabilities to affect a critical system resource
(e.g. DMA to system/software memory)
 Indirect sideband access to a resource
(e.g. PCI/e & ExpressCard access to SMBus)
 Store executable code that is automatically invoked
(e.g. HDD or USB drive; PCI/e device option ROM)
 Proxy data from an untrusted external source*
(e.g. NICs, Wifi radios)
Hardware’s Involvement
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
IO
MMIO
MSRs
PCI/e MMCFG
• Traditional/legacy IO via in/out instructions
• A.k.a. DIO, PIO
• Memory-mapped IO via memory access
instructions
• CPU config registers via rdmsr/wrmsr
instructions
• PCI configuration space access
• Arguably a flavor of MMIO
X86 HW Access Methods
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
 Mistakenly passed through by a higher privilege software
layer
 Explicitly passed through by a higher privilege software layer
 Explicitly provided by hardware architectural intent
 The attacker is already deemed to have access
 The attacker is physically proximate to the system*
Surface Transitions
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Buckets to describe stuff…because people like to categorize things
ATTACK PATTERNS
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Originate in a lower-privileged software/layer
or be remote/physically proximate
Leverage or depend upon an
operation of hardware*
Achieve a vulnerability in a higher-privileged
software/layer or a peer in current
software/layer
Commonality
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
This is a conversation about
forests
Let’s not get pedantic about
the individual trees
Only these slides are black
& white…
Ambiguity
Image: http://lyricsdog.eu/
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
 Categorization criteria isn’t always crisp (it’s like
porn…)
 Challenges on separating HW operation, TLP, and
data
 Bug DBs lack of consistent characterization of the
problem, mention of hardware
Challenges
Pattern #1
Driver
Driver
Driver
OS
Driver
Driver
Driver
Driver
 Straight-forward driver failure
 (Semi) arbitrary access to general purpose HW
access (e.g. IO, MMIO, PCI config, MSRs)
 Debug purposes, laziness, bad foresight, simplicity
Driver
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Inappropriate General Access to Hardware
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
CVE-2005-0204
Linux kernel on x64/em64t allows writing to IO ports via outs instruction
CVE-2007-5633
Speedfan (Windows) allows MSR reading/writing via IOCTLs
CVE-2007-5761
Nantsys (Windows) allows MSR reading/writing
Pattern #1 Examples
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Unexpected Consequences of Specific Hardware
Function
 Given access because functionality seems safe
 Extra/hidden/unexpected/bug functionality leads
to a problem
Pattern #2
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
CVE-2011-1898
DMA used to generate MSI interrupts,
compromise of Xen hypervisor
CVE-2011-1016
Radeon Linux Gfx driver gives access to AA resolve registers, allows memory
manipulation
CVE-2011-2367
WebGL in Firefox allows GPU memory reading, or crash
Pattern #2 Examples
Image: http://invisiblethingslab.com/
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Hardware Reflected Injection
Variants:
 2nd order injection through HW
 Security-sensitive logic operation on HW value
 Stored executable code blobs
Pattern #3
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Hardware Reflected Injection
- 2nd order injection
 Trigger a traditional vuln via malicious data value
inserted/stored in hardware
 Integer issues, buffer overflows, etc.
Pattern #3 – Variant #1
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Alexandre Gazet – Recon 2011
Update KBC FW, feed malicious value to SMM and cause a buffer overflow
App
App
OS
SMM/BIOS
CPU
Memory
KBC
Firmware
Pattern #3 – Variant #1 Example
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Hardware Reflected Injection
- Security-sensitive logic operation on HW value
 One-off logic operation, not a general purpose
weakness
 Thus very contextual, particularly to securityspecific software
Pattern #3 – Variant #2
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
CVE-2009-4419
Malicious MCHBAR register value prevents proper VT-d policy application during
TXT SENTER
Hardware
VT-d
00000001 FEC10000
SINIT ACM
Memory
Pattern #3 – Variant #2 Example
Image: http://invisiblethingslab.com/
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Hardware Reflected Injection
- Stored executable code blobs
 BIOS flash
 Option ROMs
 Boot device MBRs*
Pattern #3 – Variant #3
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Mebromi virus
Updated BIOS ISA ROM, which is executed upon system reboot
Update
CPU Reset
BIOS
OpROM
MBR
Flash
PCIe Card
Boot Dev
OS +
Apps
Reboot
Pattern #3 – Variant #3 Example
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Mebromi virus
Updated BIOS ISA ROM, which is executed upon system reboot
CPU Reset
BIOS
Flash
OpROM
PCIe Card
MBR
Boot Dev
VMM
IOMMU
Update
VM
Pattern #3 – Variant #3 Example
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Interference with Hardware Privilege Access
Enforcement
 Relevant to hypervisor & emulation
 Hypervisor/emulator does operation with their
(elevated) privilege, not requestors lower privilege
 “Confused deputy”
Pattern #4
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
CVE-2009-1542
MS Virtual PC/Server instruction decoding doesn’t enforce CPU privilege level
requirements
CVE-2010-0298
KVM x86 emulator doesn’t consider CPL & IOPL in guest hardware accesses
Pattern #4 Examples
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Access by a Parallel Executing Entity




Things running at the same time
One good, one bad
Sensitive use of shared resources
Programmable peripherals
CPU
Memory
Peripherals
Firmware
Hardware
Pattern #5
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
CVE-2010-0306
SMP guest uses one thread to change instructions of another thread while being
interpreted by hypervisor, allowing for arbitrary instruction execution
CVE-2005-0109
Malicious CPU thread monitors cache misses of another thread, recovery of
cryptographic keys, etc.
Pattern #5 Examples
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Incorrect Hardware Use
 Someone didn’t RTFM
 In all fairness:
 The manuals can be vague/cryptic
 They tell you to do things without a reason for why
 They say “should” instead of “must”
Pattern #6
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
CVE-2006-1056
Linux didn’t notice AMD FXSAVE/FXRSTOR different than Intel, lead to leaking of
floating point data between processes (cryptographic secrets, etc.)
CVE-2006-0744
Linux improper handling of uncanonical return address on EM64T, allowing
exception handler to run on user stack with wrong GS
CVE-2010-2938
Xen/RedHat/Linux accesses VMCS fields without first seeing if hardware supports
those fields, leading to crash/DoS
Pattern #6 Examples
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
External Control of a Hardware Device
 The device (not the data it processes) is under
malicious control
 Variants:
 Physically present/proximate
 Reprogrammed
Pattern #7
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
CVE-2011-3215
Firewire port allows DMA, access to host memory
SMM/BIOS
CPU
Memory
1394/FW
Firmware
CVE-2009-2834
Reprogramming keyboard firmware
Pattern #7 Examples
Image: http://www.karbosguide.com/
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
And it’s not a good offense…
DEFENSE
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Watch your
“under surface”
Developers
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Unused Devices
Image: http://www.tomshardware.com/
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
You, too, can crash your system without trying
EXPERIMENTING WITH HARDWARE
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
R/W Everything
http://rweverything.myweb.hinet.net/
Windows
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Open Hardware
Monitor
C# .NET
http://openhardwaremonitor.org/
Windows + Linux
Image: http://openhardwaremonitor.org/
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
LoLA – Low Level Access
 Linux kernel module that provides IO, MSR,
memory, & CPUID access
 Programming API for access
http://code.google.com/p/lola-linux/
Linux
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
LoLA – Low Level Access
 Linux kernel module that provides IO, MSR,
memory, & CPUID access
 Programming API for access
http://code.google.com/p/lola-linux/
Linux
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Vendor’s website,
Internet datasheet
archives
Datasheets
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Google is your
friend, as usual
HW Schematics
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Free
download for
Cansecwest
attendees*!

http://bioshacking.blogspot.com/
Background Infoz
*Cansecwest attendance not required, it’s free to everyone
Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks
Thanks!

similar documents