Your CPU chipset is also standalone webserver. Most vPro chipsets (MCHs) have:
- An Independent CPU (not IA32!)
- Access to dedicated DRAM memory
- Special interface to the Network Card (NIC)
- Execution environment called Management Engine (ME)
Your chipset is a little computer. It can execute programs in parallel and independently from the main CPU!
How might we design some malware that embeds itself into the chipset? Such malware would be able to survive reboots, brick the hardware on demand, reboot on demand, act as a MITM for all network traffic, inject vulnerabilities into the host OS during bootup, etc.
Step 1: Search for an attack vector in any version of the Intel BIOS. If you can find any attack vector in any version of the BIOS, you've won. For example, if the latest Intel BIOS is v3.9.2, but you found an exploit in BIOS v2.3.1, you've still won. Because...
Step 2: ... as the attacker, you can downgrade the victim's BIOS to any previous version without any user consent! Any old version of the BIOS is of course signed by Intel; all versions are. The chipset firmware allows any valid signed BIOS to replace the current BIOS regardless of whether it's older or newer than the current.
It was pretty shocking that the BIOS can be downgraded without any user consent. Downgrading requires a reboot, but that's probably not a huge problem in practice.
This article is from 2009, so at this point it's just an interesting piece of history. But I wonder whether any of these issues still persist today, such as the ability for userspace programs to downgrade/upgrade the BIOS at will?
Once you find a bug in certain critical paths, you can write to flash at will, no signatures required. AFAICS some Samsung and Lenovo users ran into one of those when installing Linux.
As for the management engine (the CPU that drives the vPro stuff), it exists in _all_ Intel chipsets since Series 5, vPro is just a certain configuration of its firmware. It also has full access to RAM, some access to USB, network and graphics.
> such as the ability for userspace programs to downgrade/upgrade the BIOS at will?
I assume some amount of privileges would be required to reflash. By "at will", do you mean that once those privileges are acquired, there is no notification or confirmation to the user? (Or perhaps it is easier than I think to reflash.)
Apparently they've added some downgrade protection[1]:
> The recent patch mentioned above solves this problem by displaying a prompt during reflash boot, if reflashing to an older version of BIOS. So now it requires user intervention (a physical presence). This "downgrade protection" works, however, only if we have administrator password enabled in BIOS.
So if I understand correctly this can be used to install a persistent hardware rootkit on the chipset that listens for a "secret" knock procedure with TCP (because it has access to the NIC) and then in response to the secret signal modify the host OS kernel through DMA-access to disable for example all access checks [1].
Imagine infecting a machine with this either before delivery (requires physical access, but should be doable for FBI/NSA/foreign-counterpart) or in a "rent a server" situation. Most providers will allow you to rent a full server with root-access for a month and then cancel the contract. I'm assuming those servers get re-used if they're not too old.
> In this work we present a stealthy malware that exploits dedicated hardware on the target system and remains persistant across boot cycles. The malware is capable of gathering valuable information such as passwords. Because the infected hardware can perform arbitrary main memory accesses, the malware can modify kernel data structures and escalate privileges of processes executed on the system.
> The malware itself is a DMA malware implementation referred to as DAGGER. DAGGER exploits Intel’s Manageability Engine (ME), that executes firmware code such as Intel’s Active Management Technology (iAMT), as well as its OOB network channel. We have recently improved DAGGER’s capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code.
edit: you still have to first get the malware in though
This is another excellent example of when security-through-obscurity fails; the vPro environment docs are presumably NDA-only (or never released outside Intel), but reverse-engineers will figure things out anyway, and they're not really willing to disclose how much they know...
None of my machines have vPro; I remember someone I know calling it "the ultimate pre-installed RAT" when it first came out.
Another interesting little fact: Intel's wireless cards, at least the 3945/4965 generation, also use an ARC core to run their firmware.
Many of these exploits "we're just learning about now", have been discussed at CCC, Defcon and Blackhat conferences in the past few years. It's just that most people weren't aware of them. NSA, on the other hand, has paid much attention to them.
Here's another one about hardware backdooring from 2012:
But when we discover a backdoor on Intel chips (not necessarily put there by Intel) in 5 years, everyone will probably act in shock and awe that it was possible.
Intel vPro technology protects against difficult-to-detect, penetrating rootkits and malware that threaten users working in cloud or virtual environments. It combines several hardware-based features, including Intel® Trusted Execution Technology (Intel® TXT)3 and Intel® Virtualization Technology (Intel® VT)4 for centralized image management and administration, secure network storage, and out-of-band protection—all beyond the firewall."
Irony? Or hopefully the current version of vPro as built-in to some Xeon processors is a bit more hardened...
Kind of like buying a gun for self protection and then having an intruder get hold of it and kill you with it. In a talk I gave to some Swiss banks about security a looooong time ago I talked briefly about security measures as vulnerabilities which are analogous to data protection bits being the source of data corruption errors. You have to evaluate whether the system as a whole with is more or less (or the same!) level of secure with the code you've added for security.
At least which schemes like Reed-Solomon, the "ECC bits" conceptually are not a separate piece of data that is computed and then added to the data to be protected, despite that being how it is usually implemented. The algorithm really "expands" the data, so the redundancy is spread out across all the bits. Thus any bit errors anywhere in the whole encoded "codeword" can be corrected, up to the limits of the code.
I believe they use Reed-Solomon encoding but as it is up to the memory controller to implement it can change. The memory just provides the extra bits for the software to use. In our fictional gun ownership example it would be like the owner hiding multiple guns around the house so that if one was compromised by an intruder they could still defend themselves. :-)
I don't buy it. We thought that vPro would be a home run technology for a few of our high security environments. As far as I can tell, nobody uses the capability. The Intel people didn't know about key, glaring bugs that affected mainstream HP devices. High-level support/consultant type people at the OEMs claimed to have never been asked about it.
I can only think of buying AMD Chips with CoreBios instead, which of I don't know, if they may have similar issues. Maybe buy Tilera, or other manycore chips instead?
AMD has a bunch of coprocessors in the chipset as well, but from the analysis that happened in our (coreboot) community, they're much less capable: fan control, one of them gets some firmware uploaded on boot to handle pcie hotplug (or something to that effect).
The system doesn't reserve memory for any of them, and they don't have official connections to the outside world (and are located in places that make such connections unlikely). Firmware is generally rather small, too.
None of them come with up to 5MB of firmware, tons of private RAM and official paths to network, graphics, system RAM and USB, like Intel chips.
He's done a few of these, so I might be getting them mixed up -- but the message is basically that x86 (and by extension amd64) is hopelessly broken due to legacy crap that sort of hides between the cpu, ram and devices (the software running on your cdrom drive, on the network or sound card...).
Also related:
4 2 1 Christopher Domas The future of RE Dynamic Binary Visualization
Your chipset is a little computer. It can execute programs in parallel and independently from the main CPU!
So, basically, the "trusting trust" extends to even your chipset. Basically, the majority of people are doomed to be the subjects of those controlling the means of production. Most of those few who have the wherewithal to peer past the curtain can easily be bribed and intimidated into cooperating.
Tinfoil hat on: I wonder if such vulnerabilities might have been concocted as a means of sneaking backdoors into the technical projects of non-US countries?
Your CPU chipset is also standalone webserver. Most vPro chipsets (MCHs) have:
- An Independent CPU (not IA32!)
- Access to dedicated DRAM memory
- Special interface to the Network Card (NIC)
- Execution environment called Management Engine (ME)
Your chipset is a little computer. It can execute programs in parallel and independently from the main CPU!
How might we design some malware that embeds itself into the chipset? Such malware would be able to survive reboots, brick the hardware on demand, reboot on demand, act as a MITM for all network traffic, inject vulnerabilities into the host OS during bootup, etc.
Step 1: Search for an attack vector in any version of the Intel BIOS. If you can find any attack vector in any version of the BIOS, you've won. For example, if the latest Intel BIOS is v3.9.2, but you found an exploit in BIOS v2.3.1, you've still won. Because...
Step 2: ... as the attacker, you can downgrade the victim's BIOS to any previous version without any user consent! Any old version of the BIOS is of course signed by Intel; all versions are. The chipset firmware allows any valid signed BIOS to replace the current BIOS regardless of whether it's older or newer than the current.
It was pretty shocking that the BIOS can be downgraded without any user consent. Downgrading requires a reboot, but that's probably not a huge problem in practice.
This article is from 2009, so at this point it's just an interesting piece of history. But I wonder whether any of these issues still persist today, such as the ability for userspace programs to downgrade/upgrade the BIOS at will?