Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Hardware Involved Software Attacks Jeff Forristal CanSecWest 2012 Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks “Once you have root/admin, what’s left to do?” Question Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Rootkits VM escapes App hacking/ priv escalation BIOS hacking Jail breaking Relevance Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Attack surfaces Attack patterns Themes Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks X86-centric Other architectures may do it differently Not about hardware attacks* The final vulnerability lives in software Caveats Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Follow the RASQ’ally rabbit… ATTACK SURFACES Privilege Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks App App OS Hardware The Stack Privilege Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks App App OS Hardware OS The Stack Privilege Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks App App OS Hardware OS ???????????????????????? The Stack Driver Driver Driver Driver OS Driver Driver Driver Driver Privilege Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks App App OS Hardware The Stack Driver Driver Driver Driver OS Driver Driver Driver Driver Privilege Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks App App OS Hardware The Stack App App App OS App OS VMM/Hypervisor Privilege Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks VM VM SMM/BIOS CPU Memory Peripherals Firmware Hardware Platform The Stack App App App OS App OS VMM/Hypervisor Privilege Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks VM VM BIOS & OS/VMM share access, but not trust SMM/BIOS CPU Memory Peripherals Firmware Hardware Platform The Stack App App App OS App OS VMM/Hypervisor Privilege Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks VM VM Hypervisor can grant VM direct HW access SMM/BIOS CPU Memory Peripherals Firmware Hardware Platform The Stack App App App OS App OS VMM/Hypervisor Privilege Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks VM VM SMM/BIOS CPU Memory Peripherals Firmware DMA Hardware Platform The Stack Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Besides the obvious… Direct capabilities to affect a critical system resource (e.g. DMA to system/software memory) Indirect sideband access to a resource (e.g. PCI/e & ExpressCard access to SMBus) Store executable code that is automatically invoked (e.g. HDD or USB drive; PCI/e device option ROM) Proxy data from an untrusted external source* (e.g. NICs, Wifi radios) Hardware’s Involvement Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks IO MMIO MSRs PCI/e MMCFG • Traditional/legacy IO via in/out instructions • A.k.a. DIO, PIO • Memory-mapped IO via memory access instructions • CPU config registers via rdmsr/wrmsr instructions • PCI configuration space access • Arguably a flavor of MMIO X86 HW Access Methods Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Mistakenly passed through by a higher privilege software layer Explicitly passed through by a higher privilege software layer Explicitly provided by hardware architectural intent The attacker is already deemed to have access The attacker is physically proximate to the system* Surface Transitions Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Buckets to describe stuff…because people like to categorize things ATTACK PATTERNS Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Originate in a lower-privileged software/layer or be remote/physically proximate Leverage or depend upon an operation of hardware* Achieve a vulnerability in a higher-privileged software/layer or a peer in current software/layer Commonality Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks This is a conversation about forests Let’s not get pedantic about the individual trees Only these slides are black & white… Ambiguity Image: http://lyricsdog.eu/ Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Categorization criteria isn’t always crisp (it’s like porn…) Challenges on separating HW operation, TLP, and data Bug DBs lack of consistent characterization of the problem, mention of hardware Challenges Pattern #1 Driver Driver Driver OS Driver Driver Driver Driver Straight-forward driver failure (Semi) arbitrary access to general purpose HW access (e.g. IO, MMIO, PCI config, MSRs) Debug purposes, laziness, bad foresight, simplicity Driver Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Inappropriate General Access to Hardware Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks CVE-2005-0204 Linux kernel on x64/em64t allows writing to IO ports via outs instruction CVE-2007-5633 Speedfan (Windows) allows MSR reading/writing via IOCTLs CVE-2007-5761 Nantsys (Windows) allows MSR reading/writing Pattern #1 Examples Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Unexpected Consequences of Specific Hardware Function Given access because functionality seems safe Extra/hidden/unexpected/bug functionality leads to a problem Pattern #2 Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks CVE-2011-1898 DMA used to generate MSI interrupts, compromise of Xen hypervisor CVE-2011-1016 Radeon Linux Gfx driver gives access to AA resolve registers, allows memory manipulation CVE-2011-2367 WebGL in Firefox allows GPU memory reading, or crash Pattern #2 Examples Image: http://invisiblethingslab.com/ Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Hardware Reflected Injection Variants: 2nd order injection through HW Security-sensitive logic operation on HW value Stored executable code blobs Pattern #3 Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Hardware Reflected Injection - 2nd order injection Trigger a traditional vuln via malicious data value inserted/stored in hardware Integer issues, buffer overflows, etc. Pattern #3 – Variant #1 Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Alexandre Gazet – Recon 2011 Update KBC FW, feed malicious value to SMM and cause a buffer overflow App App OS SMM/BIOS CPU Memory KBC Firmware Pattern #3 – Variant #1 Example Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Hardware Reflected Injection - Security-sensitive logic operation on HW value One-off logic operation, not a general purpose weakness Thus very contextual, particularly to securityspecific software Pattern #3 – Variant #2 Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks CVE-2009-4419 Malicious MCHBAR register value prevents proper VT-d policy application during TXT SENTER Hardware VT-d 00000001 FEC10000 SINIT ACM Memory Pattern #3 – Variant #2 Example Image: http://invisiblethingslab.com/ Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Hardware Reflected Injection - Stored executable code blobs BIOS flash Option ROMs Boot device MBRs* Pattern #3 – Variant #3 Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Mebromi virus Updated BIOS ISA ROM, which is executed upon system reboot Update CPU Reset BIOS OpROM MBR Flash PCIe Card Boot Dev OS + Apps Reboot Pattern #3 – Variant #3 Example Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Mebromi virus Updated BIOS ISA ROM, which is executed upon system reboot CPU Reset BIOS Flash OpROM PCIe Card MBR Boot Dev VMM IOMMU Update VM Pattern #3 – Variant #3 Example Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Interference with Hardware Privilege Access Enforcement Relevant to hypervisor & emulation Hypervisor/emulator does operation with their (elevated) privilege, not requestors lower privilege “Confused deputy” Pattern #4 Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks CVE-2009-1542 MS Virtual PC/Server instruction decoding doesn’t enforce CPU privilege level requirements CVE-2010-0298 KVM x86 emulator doesn’t consider CPL & IOPL in guest hardware accesses Pattern #4 Examples Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Access by a Parallel Executing Entity Things running at the same time One good, one bad Sensitive use of shared resources Programmable peripherals CPU Memory Peripherals Firmware Hardware Pattern #5 Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks CVE-2010-0306 SMP guest uses one thread to change instructions of another thread while being interpreted by hypervisor, allowing for arbitrary instruction execution CVE-2005-0109 Malicious CPU thread monitors cache misses of another thread, recovery of cryptographic keys, etc. Pattern #5 Examples Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Incorrect Hardware Use Someone didn’t RTFM In all fairness: The manuals can be vague/cryptic They tell you to do things without a reason for why They say “should” instead of “must” Pattern #6 Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks CVE-2006-1056 Linux didn’t notice AMD FXSAVE/FXRSTOR different than Intel, lead to leaking of floating point data between processes (cryptographic secrets, etc.) CVE-2006-0744 Linux improper handling of uncanonical return address on EM64T, allowing exception handler to run on user stack with wrong GS CVE-2010-2938 Xen/RedHat/Linux accesses VMCS fields without first seeing if hardware supports those fields, leading to crash/DoS Pattern #6 Examples Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks External Control of a Hardware Device The device (not the data it processes) is under malicious control Variants: Physically present/proximate Reprogrammed Pattern #7 Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks CVE-2011-3215 Firewire port allows DMA, access to host memory SMM/BIOS CPU Memory 1394/FW Firmware CVE-2009-2834 Reprogramming keyboard firmware Pattern #7 Examples Image: http://www.karbosguide.com/ Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks And it’s not a good offense… DEFENSE Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Watch your “under surface” Developers Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Unused Devices Image: http://www.tomshardware.com/ Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks You, too, can crash your system without trying EXPERIMENTING WITH HARDWARE Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks R/W Everything http://rweverything.myweb.hinet.net/ Windows Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Open Hardware Monitor C# .NET http://openhardwaremonitor.org/ Windows + Linux Image: http://openhardwaremonitor.org/ Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks LoLA – Low Level Access Linux kernel module that provides IO, MSR, memory, & CPUID access Programming API for access http://code.google.com/p/lola-linux/ Linux Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks LoLA – Low Level Access Linux kernel module that provides IO, MSR, memory, & CPUID access Programming API for access http://code.google.com/p/lola-linux/ Linux Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Vendor’s website, Internet datasheet archives Datasheets Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Google is your friend, as usual HW Schematics Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Free download for Cansecwest attendees*! http://bioshacking.blogspot.com/ Background Infoz *Cansecwest attendance not required, it’s free to everyone Jeff Forristal / CanSecWest 2012 / Hardware Involved Software Attacks Thanks!