Millions of PCs could easily be infected by malware with highly privileged access to system memory, said researchers in Vancouver. The new attack targets the BIOS – a computing component that is rarely ever patched for security flaws, they said.
Xeno Kovah and Corey Kallenberg chose the CanSecWest conference to unveil LightEater, an attack that they said can even compromise operating systems that run from USB keys and aren’t stored on a computer’s main drive.
The attack implants malware into the BIOS, which is the firmware used during a computer’s boot process. It tells the computer what to do when it is first turned on. As such, it represents the ‘keys to the kingdom’ for an attacker, because it loads before any anti-malware software has a chance to protect the system. The attack specifically targets UEFI, a new kind of BIOS built on modular code and designed to be highly reused among all computer vendors.
The researchers targeted ‘incursion vulnerabilities’, which are flaws in the computer’s software enabling them to compromise the computer’s Systems Management Mode (SMM). SMM is a highly privileged operating mode used in Intel processors that can be used to carry out functions including reflashing firmware. By hijacking SMM, they can implant malicious functions in the BIOS.
“SMM is an OS-independent execution mode in the processor, where the BIOS chooses the code that will run in this mode, and then locks it down so that no one can thereafter read or write SMM’s RAM,” Kovah told IT World Canada. “But when SMM runs, it can read and write all physical memory on the system (meaning all applications that are currently in memory, all OS memory, and all hypervisor/VMM [virtual machine memory].”
This means that the BIOS malware is even more privileged than the hypervisors that control virtualized machines, Kovah added, meaning that an attacker that compromised the BIOS could compromise a cloud infrastructure.
Incursion vulnerabilities can be found programmatically, simply by running a computer script, and the pair found dozens of them in minutes.
Once a BIOs is compromised, it will run an attacker’s instructions every time it is switched on, allowing it to use the SMM to read everything in a computer’s memory. This has severe ramifications, even for supposedly secure operating systems, like TAILS, which runs from a USB key and doesn’t install itself on a computer at all.
The LightEater attack could be implemented remotely by anyone with a command line and administrative access. This means that conventional malware could be delivered via a drive-by download that would infect the system and then install the attack.
It could also be delivered via physical access to a computer. Someone who was able to gain direct access to the BIOS by opening a computer could install the attack in two minutes, said the pair. That obviously has ramifications for both law enforcement, and customs officials.
The Trusted Computing Group TCG architecture, released several years ago, was supposed to protect computers by using an untamperable Trusted Platform Module (TPM) to check the state of a machine when it boots. Unfortunately, Kovah said, the TCG architecture relies on the BIOS to store the data that would be used to verify the state of a system. That renders the architecture vulnerable to an attack like LightEater, he added.
Since then, Intel has created Boot Guard, a system that stores the verification data in a separate authenticated code mode (ACM). “Given that the ACM is digitally signed by Intel, and the CPU
hardware verifies the signature before it is executed, this becomes a much harder target to attack,” Kovah added. However, this was only implemented in Intel’s fourth generation Haswell architecture [PDF] , meaning that it was only available to vendors in the last couple of years.
“There was only very limited deployment of this technology by BIOS vendors in fourth generation systems, but it seems like they are talking about using it more seriously in more fifth generation systems (which were only released in late 2014,),” he said.
The attack is particularly worrying because few vendors patch their BIOSes, said the researchers, adding that they often adopt an ‘out of sight, out of mind’ approach. When they contacted vendors about the issue, some of them refused to believe that they were infected, while others stopped returning their mails.
“The top three PC vendors, Lenovo, HP, and Dell respectively, have done a reasonable job of handling our vulnerability disclosures over the past couple years, so they know what they need to do,” Kovah said.
“Other vendors have done an extremely poor job, both in communicating their acknowledgement/response, and in most cases never patching old machines, only sometimes fixing problems for new systems they release.”
The researchers said that they would make a name-and-shame list of vendors who were leaving their customers open to BIOS attacks.
CIOs should start checking the security of their computer firmware, and demanding BIOS patch capability from their patch management software vendors, the pair said. Kovah also pointed to the Copernicus project, a free tool for machines running Windows 7 and later. This tool, which must be obtained from MITRE through a direct request, checks to see if BIOSes in an organization are vulnerable, and if so whether they are infected, he said.
The duo did offer a little hope. They are working with Intel to create a commercial-grade SMM isolation that would protect systems from infected versions of the code, they said. They will then work with BIOS vendors to incorporate the technology into their systems, so that even if attackers break into the SMM, they couldn’t read or write memory arbitrarily. Machines could also then be used to detect attackers by measuring their activities, they concluded.