Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hiding a Rootkit In System Management Mode

Posted by kdawson on from the can-you-see-me-now dept.

Sniper223 notes a PC World article on a new kind of rootkit recently developed by researchers, which will be demoed at Black Hat in August. The rootkit runs in System Management Mode, a longtime feature of x86 architecture that allows for code to run in a locked part of memory. It is said to be harder to detect, potentially, than VM-based rootkits. The article notes that the technique is unlikely to lead to widespread expoitation: "Being divorced from the operating system makes the SMM rootkit stealthy, but it also means that hackers have to write this driver code expressly for the system they are attacking."

14 of 119 comments (clear)

  1. Re:My BIOS has a toggle for virtualization feature by Anonymous Coward · · Score: 5, Informative

    Nope! This isn't using Virtualization mode.

  2. hmm by extirpater · · Score: 5, Funny

    i have norton, problem solved.

    1. Re:hmm by v1 · · Score: 5, Funny


      Isn't that like using a gun to prevent a cold? Yes I suppose it's effective, but still...

      --
      I work for the Department of Redundancy Department.
    2. Re:hmm by extirpater · · Score: 5, Funny

      Isn't that like using a gun to prevent a cold? Yes I suppose it's effective, but still... soldering gun is exactly for this
    3. Re:hmm by jotok · · Score: 4, Funny

      Yes, but running Norton, he won't have any free RAM for the rootkit to be loaded into.

  3. oooooh scary by ILuvRamen · · Score: 4, Insightful

    Oh boy, I love ridiculously overly dramatic BS! Yes it's very easy for it to hide there and for there to be basically no signs that it's there. OMG everyone run for the hills! Oh wait, malware doesn't just sit there, it does stuff. It runs threads, it reads from and writes files on the hard drive, and it has to at some point send some sort of data over the internet or local network. So yeah, no virus can hide and still cause damage and spread while remaining undetected.

    --
    Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
    1. Re:oooooh scary by Anonymous Coward · · Score: 5, Informative

      Depending on the BIOS, the chipset itself can be configured to explicitly make it impossible for the OS's kernel to even read or write the specific memory range that it being used for SMM.

      The attack vector is made a lot easier because most BIOS vendors don't blockhole the address range as they need to support USB devices DMAing into the Aseg and Tseg segments (the memory ranges utilized by SMM). This is what you pay for to be able to use a USB keyboard in DOS. Legacy emulation so that all those ancient BIOS interrupt calls continue to work with your latest input devices..

      If there is a modern operating system running, there is a handoff between the OHCI driver and the SMM using a mailbox register on the usb controller so that the BIOS stops using the USB controller. What this means that modulo BIOS services that do things like control fans (and aren't implemented in ACPI), something could slip into SMM quite easily and flip the bit that makes it impossible for your antivirus to find it.

    2. Re:oooooh scary by Anonymous Coward · · Score: 4, Interesting

      FWIW, an even easier vector for stuffing data into the SMM, and not as a BIOS payload (which will be very motherboard specific) is to chain it into the VGA BIOS (which most PCs have..). The VGA bios is nice because it's a very clean interface (as far as option roms go) for getting called and you can chain in the real VGA bios after doing whatever you see fit.

      You can even have it trigger on the first BIOS calls of the windows bootloader so that you can easily overwrite the SMM memory regions in a nice and portable way.

  4. Difficult in practice by Anonymous Coward · · Score: 5, Interesting

    In theory, SMM is the ultimate rootkit hiding place. In practice, it's difficult to exploit on a wide scale. Getting the system to execute rootkit code in SMM isn't easy. You're going to need an exploitable BIOS bug, or the ability to reflash the ROM. Either is going to be very system-specific.

    1. Re:Difficult in practice by moteyalpha · · Score: 4, Interesting

      This is one area where I have worked a bit and there is tremendous potential for abuse of VMM and SMM when you combine it with users that trust a company to deliver binaries. I will not use a binary program, unless I have the source and can verify it is legitimate. A bit of social engineering and the right picture and an uninformed user will be flashing their BIOS while they wait for the security update they think they are getting. If it is done right, this type of program can remain dormant and use no CPU time to give itself away, until it is keyed to act in something like a bot net or some other purpose.

  5. Re:LiveCD by Anonymous Coward · · Score: 5, Informative

    If the code runs in SMM and is launched from the BIOS a live CD doesn't avoid the problem.

  6. IPMI Card Vulnerabilities by landonf · · Score: 4, Interesting

    What about vulnerabilities in onboard IPMI cards? Our new servers have ARM-based cards running Linux. The built-in HTTP server is vulnerable to a widely-known buffer overflow:

    landonf@ahost:~> telnet XXX.XXX.XXX.XXX 80
    Trying XXX.XXX.XXX.XXX...
    Connected to XXX.XXX.XXX.XXX.
    Escape character is '^]'.
    GET /x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/x/ HTTP/1.0
    Connection closed by foreign host.
    landonf@timor:~> telnet XXX.XXX.XXX.XXX 80
    Trying XXX.XXX.XXX.XXX...
    telnet: connect to address XXX.XXX.XXX.XXX: Connection refused

    Seems like a recipe for compromised data centers, to me. Re-imaging a machine won't touch the IPMI card.

    --
    http://plausible.coop
  7. Not really an issue on recent hardware by mjg59 · · Score: 4, Informative

    In system management mode, the processor runs code from memory (SMRAM) that can't be seen by the operating system. The usual way of handling this is to map the SMM memory into the address space at 0xa0000 - that is, where the legacy graphics framebuffer is. Normal accesses to this address space are redirected to the graphics card by the northbridge. In SMM, accesses to this address space are diverted to real memory and the magic code is run.

    Obviously, it has to be possible for the BIOS to put code their in the first place. There's a configuration flag in the northbridge (on recent Intel chipsets, it's byte 0x9d of the PCI configuration space on the host bridge) that controls whether accesses are directed to the graphics hardware or physical memory. The BIOS can set that to do the initial setup. Once it's done that, the bit is flipped and normal code can no longer see the SMM code. The vulnerability lies in the fact that OS code could reset that bit, gain access to the SMRAM and modify it. Any BIOS I've seen from the past couple of years has gone a step further and set an additional bit that prevents this from occuring. Once that bit is set, the only way for normal code to gain access to the SMRAM region is for the machine to be reset. This happens before any OS code gets run, so there's no opportunity to install hostile SMM handlers.

    Is it still possible to exploit? Yes. If the attacker can modify your BIOS they can modify the code that it copies into SMRAM. However, if the attacker can modify your BIOS then they've already won even without using SMM. The initial bootloader uses BIOS calls to read data off disk, so a sufficiently intelligent attack could rewrite that in order to boot a modified kernel. In versions of Windows before Vista, most graphics drivers still made BIOS calls. A modified BIOS could do anything it wanted to with those without looking suspicious in the slightest. Like the article says, it's unlikely that this'll be common. But to be honest, I don't see it happening in the real world at all.

    (Today I have been trying to work out just WTF a Dell laptop does when it enters system management mode in response to a brightness hotkey press. The locking down of SMRAM makes this effectively impossible)

  8. How specific of a target? by rocketPack · · Score: 4, Interesting

    TFS says the code must be specifically targeted to a particular machine which, on a PC, means a very big challenge.

    On a Mac, however, you could easily target a very large number of people using only a very small number of hardware variations. Could this exploit be better suited to Macs than PCs? On the other hand, it also seems like it would be equally easier to detect the problem, since your algorithm can be fairly specific (both in terms of Macs and PCs), since the code needed to exploit would be rather specific.