Slashdot Mirror
Persistent BIOS Rootkit Implant To Debut At CanSecWest
msm1267 writes Research on new BIOS vulnerabilities and a working rootkit implant will be presented on Friday at the annual CanSecWest security conference. An attacker with existing remote access on a compromised computer can use the implant to turn down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed. The devious part of the exploit is that the researchers have found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure and privacy focused operating systems such as Tails in the line of fire of the implant.
Their implant, the researchers said, is able to scrape the secret PGP key Tails uses for encrypted communication, for example. It can also steal passwords and encrypted communication. The implant survives OS re-installation and even Tails' built-in protections, including its capability of wiping RAM.
Their implant, the researchers said, is able to scrape the secret PGP key Tails uses for encrypted communication, for example. It can also steal passwords and encrypted communication. The implant survives OS re-installation and even Tails' built-in protections, including its capability of wiping RAM.
It's getting to where you don't trust ANYTHING.
Is that like 7 of 9's Borg implants?
I'm afraid of plugging my USB drives around, I'm using a fairly obscure UEFI/BIOS on my main computer in hopes that nobody has bothered to write an exploit for it yet.
But what I'd really like to see is a hardware protection against flashing. On USB, on hard drives, on the motherboard, on anything that could possibly be flashed. And no, cryptographically signed updates aren't going to cut it. It's more than feasibly to steal or crack weak keys.
This isn't anything new, Amiga in the 90's had a CMOS happy virus that used the battery power to stay in memory. It wasn't in the clock but rewrote that area of the working bios to stay resident. I remember having to take the battery out of my A500 to get rid of it, as it survived reboots and power offs.
UEFI bio is going to be a real hassle going forward, its going to be much easier to write something for this vs the older bios with all of its limitations. USB controller firmware, Bridge firmware, controller firmware, soon to be memory controller firmware like Power8, ethernet, ssd/hd firmware, and sound card firmware. There are a lot of places if you can inject your version during the download update to the customer where harm can be done.
"Oh nevermind.. false alarm.. all is well. go about your business" as your feeble AV tool is gagged and bound by the new BIOS.
no windows only locked down bios are comeing
This could easily be avoided if there was a secondary boot rom that was only accessible by flipping a hardware switch. This bios would only allow the reflashing of the primary bios, and possibly wiping the harddrive. Once those steps were completed, you flip the switch back and are up and running. I've seen some enthusianst boards that came with multiple roms for overclocking. Perhaps this would be a similar system.
I'd love to see some big corps (and government agency(ies)) responsible for removing this safety measure get screwed up big time because of it.
There would have to be a custom malware firmware written for each hardware brand and model though.
It would be nice if the standard was all systems came with a physical switch that allows firmware flashing or read-only mode.
Does this type of rootkit preventing re-flashing of the infected firmware to get rid of it?
The Unified Extensible Firmware Interface (UEFI) provides a new platform for malware to execute independently of the OS. There are now UEFI applications, UEFI variables that can store non-volatile data that can be shared between firmware and the OS, EFI system partition, etc. All of these things open gaping security holes into any UEFI system. Systems with the old BIOS and a write jumper on the motherboard were too secure. We don't have that problem any longer...
.. but you can't make it drink. I am doing IT security for almost 30 years. I've been an advisor to the highest government branches, I have lectured on countless occasions in front of hundreds if not thousands of people. I have developed security software and environments. And all I can say is: Most people simply don't give a damn. Sure - they listen to what one has to say. And they even promise to change or adapt the way they do things. But after just a few days they've forgotten all of it. Because being safe(r) is inconvenient.
People are just not getting it. They don't delete cookies or browser caches (I don't want to have login to facebook all the time) they send even the most personal or confidential data via unsecured email (why would somebody else read this email), they store their whole life or business data on dropbox, Google Drive or comparable services and they sync all of their cell phone content, phone numbers and contact data. It doesn't hurt if someone steals your data. You don't feel it, if a government monitors your every move. And the classic: I ain't got nothing to hide. CEOs told me: The government should be responsible to protect my data - why should I pay for it? Though they spent thousands of dollars on a state of the art security system for their offices - they don't feel it to be necessary to spend money to train their employees or to purchase technology to protect their data.
The Snowden leaks didn't help - quite the opposite happened: People are now saying: There's nothing one can do anyway. What the government wants, the government gets. Why bother to protect the data? Most people actually believe encryption to be worthless because the NSA can hack it anyway. In conclusion: I have stopped to try to convince the general population that they can have a safe(r) digital life. I am supporting those who really want to keep their data protected. So - before starting to worry about BIOS hacks - check the other 99.999% of vulnerabilities that are much easier to exploit. As usual: Just my two cents.
Typical ROM sizes for boards nowadays are in the MB. The typical ROM size is anywhere between 4Mb and 16Mb, and that's BYTES, not bits. There is PLENTY of free space to install option ROMS, and other nasty persistent stuff.
Even a lowly java programmer can cobble together some C code that can hide in the UEFI rom, now that we don't have to worry about every other byte.
With interrupt chaining, and other techniques, calls can be silently intercepted, and with the speed of today's CPUs, not even noticed.
With every piece of hardware containing its own ROM/firmware, there is plenty of space for nefarious code. Most ROMS are even either not protected/signed, or use simple checksums.
Maybe we can have a runtime AV in the ROM. Coded in java, your pc would only need to boot once a month, because it would take that long to boot.
One question I've had about Secure boot is how due you prevent this from happening if the bios can be replaced? Asus has a partial answer in flashback - replaces the Write Jumper for Bios Updates with a button that still requires physical access.
Include check sum validation during the flashback/upgrade process and keep the bios locked (can't replace/upgrade) without the flashback system being used. Solves most of the problems. Users can still change settings but the bios itself is check summed as part of the secure boot process. If it doesn't pass, the system complains about Secure Boot being compromised.
Hell if MS offered a Secure version of Windows, they could then boot the system into a restricted safe-mode to allow folks to determine the cause of the problem. I'd be willing to buy an OEM copy for just this reason as I could ensure the system wasn't compromised during the build process.
My current system using Win 8.1 is already complaining about secure boot being off (disabled because I'm testing various Linux/BSD installers for hardware compatibility
... and those responsible for it at Intel should have been brought to book about it. There is NO good technical reason for its existence and it introduces a multitude of issues and not only security ones. eg: timing issues for realtime OS's, buggy firmware causing sudden crashes. Sure, it makes some things such as emulating hardware simpler but that is hardly a compelling reason to have this barn door of a security hole in every Intel motherboard.
I'm pretty sure that the attitude of companies making these subsystems with the reflashable firmware is that "security has no ROI, why should we bother? No hacker will do this."
We have a perfect storm here:
1: There appears to be a complete disinterest in security by the chipmakers. In the past, there was a hardware read/write switch, the firmware was encrypted, only decrypted during the write to the flash, cryptographically signed, and was signed by multiple keys.
For example, LTO4 and newer tape drives have multiple mechanisms in place that disallow flashing, especially from remote.
This means that once malware is able to touch the hardware, it takes almost nothing to permanently compromise it.
2: Most devices have no "bad firmware recovery mode". Older motherboards that had flashable BIOSes used to have a jumper which when switched, would have the machine load enough code so it could boot from a MS-DOS floppy, grab an image from that, reflash that, then reboot into that image. This is not done anymore, so if a flash copy is bad, the only way to fix is a replacement of the device.
3: Even JTAG isn't on many devices these days, so this isn't a reliable method of fixing a device with malicious firmware.
4: Governments are more interested in spying on each other than trying to stomp this out. For example, if you ship your IC masks to one country, your chip with 10 solder pads comes back with additional "functionality" and 12 solder pads.
5: The number of subsystems that are insecure. For example, a few years back, there was proof of concept code that turned an Apple USB keyboard into a keylogger, and if used on a laptop, really couldn't be disconnected. On an average computer, one has the CPU, drive controllers, video card, NIC, Wi-Fi card, vPro frmware, iLO firmware, and many other items, where if just one gets compromised, it can sit on the bus and decode from RAM, or actively write.
6: Ad servers are still a source of malware, and with web pages winding up with more intrusive ad-slinging (for example, try to visit a website on an iPhone before the page kicks you to the App Store to a download page for a POS F2P/P2W app, or a generic fleshlight app that demands access to contacts, camera, camera roll, and everything else on the device before it runs.) The only thing that makes the Web bearable is a combination of SpywareBlaster (for executable blacklists), AdBlock, a hosts file, and "click to play" functionality.
7: The Windows ecosystem is rife with foistware. If I want to download a useful shareware utility, I have to extract it in a VM, and pull the MSI out for that program, and not for the oodles of foistware. Or, if it is a utility I use infrequently, I just run it in a VM because it will come with more PUPs than a stray pit bull a couple weeks after being in heat. The foistware downloads more foistware, and Bog knows what it gets because several programs create a local VPN and MITM all SSL calls by adding extensions to browsers, as well as the trusted root key stash. Linux and OS X don't have this issue, because repositories and the App Store don't permit that shit to happen.
Of course, foistware that gets other foistware (because someone paid them to have it sucked in) means somewhere in the chain, malicious software gets in.
8: Denial of control for the user. iOS takes control from the user completely. Android is still usable with root, but that is slipping away (took a five digit bounty to get root on Samsung devices last year). This allows malware to run without any worry about being interrupted, or even noticed, unless there is a packet sniffer... and even then, with malware that creates VPNs, even that may be useless.
9: No penalty to the bad guys. It is virtually impossible to catch malware writers, and at best, the ones that do get caught tend to be low hanging fruit or scapegoats.
10: No real method for reliable backups. There are no consumer level tape drives anymore, DVDs don't store that
I don't have a problem with EUFI or BIOS being flashable. But you need a non-changeable way of recovering your system to prevent "permanent" p0wnership or brickage.
A non-flashable "pre-EUFI" firmware that did nothing but check if a certain jumper pin was set and either proceed to boot to EUFI or boot to a non-flashable "EUFI re-flash loader" utility is a must for any computer that doesn't need to be "locked down" at the factory. This utility would look in a standard location - perhaps USB port 1 - for a signed executable that would be the real "re-flash" utility. Whether motherboard vendors chose to supply signed re-flash utilities that only re-flashed signed EUFI binaries or if they catered to hobbyists who might want to load arbitrary/unsigned EUFI binaries would be up to the motherboard manufacturer.
Bonus points if the immutable "EUFI re-flash loader" utility calculated and displayed a cryptographic hash of both the current EUFI and that of the real "re-flash" utility the user is trying to use PRIOR to executing it the so the user could verify that they are what he thinks they are.
For computers running in specific environments that need to be "locked down" at the factory, re-flashing the BIOS would probably not be allowed at all - EUFI changes would probably require chip- or motherboard-level surgery.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
There seems to be no mention of SecureBoot and if they can/can't bypass it (or if the concept doesn't relate). Can anyone with sufficient knowledge please clear this out?
Also, on some machines it is possible to lock bios flashing down with a password. It seems that the operation of such a re-flash exploit would result in a prompt for authorizing reflashing...
Firmware is software and computer users still need software freedom for all published software. This hasn't changed since Richard Stallman reached conclusions about the ethics of software over 30 years ago. Changing what device the software is loaded into or the form it takes when loaded doesn't change any of the underlying issues that all have to do with how people treat each other. This is also not an issue to be properly understood by "open source" focus on convenience, caving into business desires, or developmental methodology.
Digital Citizen
Qubes OS will detect this type of attack, and in most cases prevent it. It can also protect you against badUSB if you create a USBVM to handle the USB controllers.
Detection comes via the Anti-Evil Maid package, which uses a TPM to measure the system firmware, bootloader, kernel and hypervisor. It optionally can create a USB thumbdrive for booting Qubes in AEM mode. (AEM should *always* detect a compromised base system, but using a thumbdrive can help prevent an attack from succeeding in an 'Evil Maid' scenario.)
Qubes uses Xen, a type 1 bare-metal hypervisor with a miniscule attack surface, and uses that as a chokepoint to regulate ALL system activity (including network and graphics) in a way other OSes do not. Graphics is one of the weaknesses in VM host security that enables 'VM Breakout' escalation attacks. In using VMs for all sensitive functions, remote attacks are highly unlikely to escalate and take over the core system or firmware.
Just imaging when the next big botnet uses BIOS rootkits to live on past death, then, when it's owner is ready, secretly and subversively delivers subliminal messages to clueless end users, ultimately giving a botnet some power to influence world leaders.
Here is a USB Drive with a real hardware write protect switch.
http://kanguru.com/storage-accessories/kanguru-ss3.shtml
I have been using it for a few months and am somewhat happy with it for my application.
I agree with your statements.
Maybe now people can have *informed* opinions? Slides here: http://legbacore.com/Research....