are belong to us
play

ARE BELONG TO US MITRE Corp Corey Kallenberg Xeno Kovah John - PowerPoint PPT Presentation

Feb 09, 2023 •227 likes •609 views

CanSecWest 2014 ALL YOUR BOOT ARE BELONG TO US MITRE Corp Corey Kallenberg Xeno Kovah John Butterworth Sam Cornwell History and UEFI Bootkits OS Secure Boot Attacking Securely Booted OS From User Land Introducing CHIPSEC

  1. CanSecWest 2014 ALL YOUR BOOT ARE BELONG TO US MITRE Corp Corey Kallenberg Xeno Kovah John Butterworth Sam Cornwell

  2. • History and UEFI Bootkits • OS Secure Boot • Attacking Securely Booted OS From User Land • Introducing CHIPSEC Agenda

  3. Intel Security and MITRE have been working on Platform Firmware security for some time now The intersection of our research was inevitable

  4. • Rootkits that execute earlier on the platform are in a position to compromise code that executes later on the platform, making earliest execution desirable The Malware Food Chain

  5. • It’s advantageous for malware to claw its way up the food-chain and down towards hardware • Previously, malware running with sufficient privileges on the operating system could make malicious writes to both the Master Boot Record and the BIOS Blood in the Water

  6. • Many modern platforms implement the requirement that updates to the firmware must be signed. This makes compromising the BIOS with a rootkit harder.

  7. • Signed BIOS recommendations have been around for a while now and preceded widespread adoption of UEFI • Not perfect, but significantly raises the barrier of entry into the platform firmware • “Attacking Intel BIOS” by Rafal Wojtczuk and Alexander Tereshkin. • “Defeating Signed BIOS Enforcement” by Kallenberg, Butterworth, Kovah and Cornwell More on Signed BIOS Requirement

  8. • MITRE has 3 more talks we are currently working on which show new attacks that defeat the signed firmware update requirement… even on the latest UEFI systems • "Just when you thought it was safe to go back in the water…" • Duh dun…duh dun… More on Signed BIOS Requirement

  9. • Signed BIOS requirement did not address malicious boot loaders, leaving the door open for Bootkits /Evil Maid attacks

  10. UEFI Secure Boot

  11. switch Intel presents secure boot

  12. Attacking Secure Boot Part 2

  13. Defining Secure Boot Image Verification Policies a.k.a. “Violating the Policy”

  14. Secure Boot will attempt to verify any EFI executable that it attempts to transfer control to. Sort of.. Secure Boot Verifies More Than Bootloader

  15. • The signature check on target EFI executables doesn’t always occur • Depending on the origin of the target executable, the target may be allowed to execute automatically • In the EDK2, these policy values are hard coded Code from EDK2 open source reference implementation available at: https://svn.code.sf.net/p/edk2/code/trunk/edk2 Image Verification Policies

  16. For instance, an unsigned option ROM may be allowed to run if the OEM is concerned about breaking after market graphics cards that the user adds in later

  17. If a Secure Boot policy was configured to allow unsigned EFI executables to run on any mediums that an attacker may arbitrarily write to (boot loader, option rom, others…) then other legitimate EFI executables can be compromised later. Attack Proposal

  18. Malicious OROM will run before the legitimate boot loader

  19. Think old school BIOS rootkit IVT hooking * The actual flash chip contents aren’t modified here, only in-memory copies of relevant FW code/structures Malicious OROM hooks some code that legitimate boot loader will call later

  20. Boot loader is compromised by BIOS code. OS is then later compromised

  21. • What does the secure boot policy look like on real systems? • How can you detect the secure boot policy of the system without manually testing?

  22. Determining the Secure Boot policy of a “real” system. Real Policies

  23. • The firmware attempts to read the EFI non- volatile “Setup” variable • Setup variable size is 0xC5E

  24. • The Secure Boot policy can be either hardcoded, or derived from the Setup variable

  25. • Setup variable data is read in at 0x18014E0C0. (Size of variable was 0xC5E) • The gSetupValid byte at 0x18014ED16 determines whether to use the hardcoded secure boot policy, or if the policy embedded in the Setup variable should be used instead • Secure Boot policy data located at 0x18014EC09

  26. • Policy valid byte located at offset gSetupValid – gSetupVariableData = 0xC56 in Setup variable data • Secure Boot policy data located at offset gImageFromFvPolicy – gSetupVariableData = 0xB49 in Setup variable data

  27. • The system I looked at did not have relaxed option rom policies as I had previously hypothesized • The EFI “Setup” variable became my next target of attention Cross Roads

  28. • Setup variable is marked as Non-Volatile (Stored to flash chip), and as accessible to both Boot services and Runtime Services • We should be able to modify it from the operating system • It’s also quite large… lots of stuff in here!

  29. • Not all variables are arbitrarily modifiable from the operating system, such as authenticated variables • Luckily for us, the Setup variable has no protections on this platform

  30. • Offset B48 is the secure boot on/off byte (currently on). • Offset B49 is the policy byte for “IMAGE_FROM_FV” which is set to ALWAYS_EXECUTE (0x00). • B4A-B4C are the policy bytes for removable media, fixed media and option rom. All are set to “DENY_EXECUTE_ON_SECURITY_VIOLATION.” • Let’s use Win8 API to set all of these policies to ALWAYS_EXECUTE.

  31. Attack 1 Execution

  32. • All executables, no matter their origin or whether or not they are signed are now allowed to execute • Secure boot is still “enabled” though it is now effectively disabled Attack 1 Result

  33. • Deleting the Setup variable reverts the system to a legacy boot mode with secure boot disabled • This is also effectively a secure boot bypass, as it will force the firmware to transfer control to an untrusted MBR upon next reboot Attack 2

  34. • Attack 1 – Malicious Windows 8 process can force unsigned executables to be allowed by Secure Boot – Bootkits will now function unimpeded – Secure Boot will still report itself as enabled although it is no longer “functioning” • Attack 2 – Malicious Windows 8 process can truly disable Secure Boot by deleting “Setup” variable – Legacy MBR bootkits will now be executed by platform firmware – Secure Boot would report itself as “disabled” in this case Summary of Attacks

  35. • Actually, when the firmware detects the “Setup” variable has been deleted, it attempts to restore it’s contents from the “ StdDefaults ” variable • This variable is also modifiable from the operating system, thanks to its non-authenticated and runtime permissions • An attacker could modify the StdDefaults variable such that even if an administrator restored the BIOS settings to default, the insecure “allow everything” secure boot policy would remain StdDefaults Variable

  36. • Malicious Windows 8 process can change the “system defaults” for important BIOS configuration data • Firmware would restore vulnerable Secure Boot policy whenever firmware configuration reverted to defaults • This could make life difficult for Administrators Attacks Corollary

  37. Protect Image Verification Policies – Don’t store them in places writeable by malware (like RUNTIME_ACCESS UEFI Variables) – Use Pcd (Platform Configuration Database) for the platform specific policies rather than UEFI variables Set Image Verification Policies to Secure Values – Using ALWAYS_EXECUTE,ALLOW_EXECUTE_ON_SECURITY_VIOLATION in Pcd[OptionRom|RemovableMedia|FixedMedia]ImageVerificationPolicy is a bad idea – Especially check PcdOptionRomImageVerificationPolicy – Default should be NEVER_EXECUTE or DENY_EXECUTE .. Recommendations

  38. Intel Related Issues/Guidance

Recommend

Polygon Filling Goal intensify the pixels that belong to the polygon Issues which pixels belong

Polygon Filling Goal intensify the pixels that belong to the polygon Issues which pixels belong

Polygon Filling Goal intensify the pixels that belong to the polygon Issues which pixels belong to the polygon Approach use a (horizontal) scan line that traverses the polygon intensify the pixels along the spans (the segments of

895 views • 50 slides
Three peaks, but which 2) Measure FT-IR > peaks belong to which molecule? Crosspeaks between

Three peaks, but which 2) Measure FT-IR > peaks belong to which molecule? Crosspeaks between

2D IR EXAMPLE COMPARISON WITH FT-IR 1) Take a mixture 1 IR mode + 2 IR modes of two compounds Three peaks, but which 2) Measure FT-IR > peaks belong to which molecule? Crosspeaks between vibrations mean they belong 3) Measure 2D

179 views • 7 slides
Be.Belong.Give. Parish Town Halls October 9, 2016 Theme Be. Be whoever you are and whatever

Be.Belong.Give. Parish Town Halls October 9, 2016 Theme Be. Be whoever you are and whatever

St. Marks Episcopal Church Capitol Hill 2017 Canvass: Be.Belong.Give. Parish Town Halls October 9, 2016 Theme Be. Be whoever you are and whatever you believe. Belong. Joi us. We aet lookig to chage ou, 2017

532 views • 17 slides
BELONG A family support programme promoting a sense of belonging for black & minority ethnic

BELONG A family support programme promoting a sense of belonging for black & minority ethnic

BELONG A family support programme promoting a sense of belonging for black & minority ethnic children through: Cultural Confidence & Competence Anti-Bullying & Anti-Racial Bullying Education BELONG Beginnings

301 views • 18 slides
All Your Rule Base Are Belong to Me Jewel H. Ward

All Your Rule Base Are Belong to Me Jewel H. Ward

All Your Rule Base Are Belong to Me Jewel H. Ward Doctoral Student, UNC-CH SILS & DICE iRODS User Mee,ng February 17-18, 2011

406 views • 15 slides
All Your IFCException Are Belong To Us C t lin Hri cu (joint work with Michael Greenberg,

All Your IFCException Are Belong To Us C t lin Hri cu (joint work with Michael Greenberg,

All Your IFCException Are Belong To Us C t lin Hri cu (joint work with Michael Greenberg, Ben Karel, Benjamin Pierce, Greg Morrisett, and more) 2012-11-05 -- WG 2.8 meeting in Annapolis Information Flow Control [Fenton, 1974] Static

326 views • 18 slides
Why Are We Here? Access/ metro and backbone networks may belong to different carriers or

Why Are We Here? Access/ metro and backbone networks may belong to different carriers or

GIBSON: Global IP-Based Service-Oriented Network Ping Pan, Tom Nolle August 2006, IMS Workshop Why Are We Here? Access/ metro and backbone networks may belong to different carriers or business entities: Different technologies among

439 views • 12 slides
Diversity and National Identity Sampoorna Biswas What does it mean to belong to your

Diversity and National Identity Sampoorna Biswas What does it mean to belong to your

Diversity and National Identity Sampoorna Biswas What does it mean to belong to your country? (And important to Pakistan too) Grown Born up/lived According to Google Autocomplete Culturally/ linguistically from here 29

519 views • 27 slides
A Community Where You Belong Laying The Foundation For The Next 100 Years Our First 100 Years

A Community Where You Belong Laying The Foundation For The Next 100 Years Our First 100 Years

A Community Where You Belong Laying The Foundation For The Next 100 Years Our First 100 Years The Indiana Masonic Home was established to care for widows and orphaned children of Masons in 1915. Through the years, the community grew and demand

402 views • 25 slides
1 Wendell Crenshaw Technologies presents 1 2 Tumbleweed 2 All Your Baseband Are Belong To

1 Wendell Crenshaw Technologies presents 1 2 Tumbleweed 2 All Your Baseband Are Belong To

1 Wendell Crenshaw Technologies presents 1 2 Tumbleweed 2 All Your Baseband Are Belong To Us over-the-air exploitation of memory corruptions in GSM software stacks Ralf-Philipp Weinmann Laboratory for Algorithmics, Cryptology &

737 views • 45 slides
Chapter 3 Business Organizations Economics and You Do you work at a business? Belong to a

Chapter 3 Business Organizations Economics and You Do you work at a business? Belong to a

Chapter 3 Business Organizations Economics and You Do you work at a business? Belong to a church? Participate in a club? Chances are these institutions play a significant role in your life. Click the Speaker button to listen to Economics

532 views • 30 slides
All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring Systems Andrei Costin EURECOM, France 1 st Workshop on Security & Privacy in the Cloud (SPC) 30 Sep 2015, Florence Italy Agenda

640 views • 63 slides
NETWORKS Maria Agroti EPL682 1 1: All Your r Conta tacts ts Are Belong ng to Us: Aut

NETWORKS Maria Agroti EPL682 1 1: All Your r Conta tacts ts Are Belong ng to Us: Aut

SOCIAL NETWORKS Maria Agroti EPL682 1 1: All Your r Conta tacts ts Are Belong ng to Us: Aut utomated ted Identi tity The heft t At Attac acks on Social al Networ orks by: Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin

702 views • 47 slides
Authorship identification in large email collections: Experiments using features that belong to

Authorship identification in large email collections: Experiments using features that belong to

Authorship identification in large email collections: Experiments using features that belong to different linguistic levels George K. Mikros & Kostas Perifanos National and Kapodistrian University of Athens 2 PAN 2011 Lab, 19-22

259 views • 13 slides
and useful for people Krastsvetmet refines all 100% of Krastsvetmet shares belong to the

and useful for people Krastsvetmet refines all 100% of Krastsvetmet shares belong to the

We make precious metals available and useful for people Krastsvetmet refines all 100% of Krastsvetmet shares belong to the Krasnoyarsk precious metals on an Region, a constituent entity industrial scale, processes of the Russian Federation

533 views • 25 slides
I ndigo Partners Branding www.IndigoHQ.com Why branding? Strong brands do not belong to

I ndigo Partners Branding www.IndigoHQ.com Why branding? Strong brands do not belong to

I ndigo Partners Branding www.IndigoHQ.com Why branding? Strong brands do not belong to corporations, but to people Mark Gobe, Author of Emotional Branding They: Create a sense of ownership for those who use and love

692 views • 8 slides
Coming to England Floella Benjamin (1949 - present) laden belong occasion

Coming to England Floella Benjamin (1949 - present) laden belong occasion

Coming to England Floella Benjamin (1949 - present) laden belong occasion lavish wharf eerie landscape various food (pulses, pawpaw, pomsitia, plantain, callaloo, cassavas, gungo peas) Quiz 1. What

329 views • 18 slides
It is a fine thing to belong to a private club based on rejec6on and difference. Ill go a step

It is a fine thing to belong to a private club based on rejec6on and difference. Ill go a step

It is a fine thing to belong to a private club based on rejec6on and difference. Ill go a step further. Excoria6on is the true measure of our merit. James Lee Burke, 2012 PI License 26869 Successfully defended 52 civilians and military

725 views • 43 slides
ALL YOUR API ARE BELONG TO US Paul Hill Everything as a service QCon New York 2014 Paul Hill

ALL YOUR API ARE BELONG TO US Paul Hill Everything as a service QCon New York 2014 Paul Hill

ALL YOUR API ARE BELONG TO US Paul Hill Everything as a service QCon New York 2014 Paul Hill Architect @ KIXEYE Platform Team APIs to power Social Gaming @paulwilliamhill Building a respectable API under fire An Adventure! starring The

370 views • 9 slides
All your packets are belong to us Attacking backbone technologies Daniel Mende & Enno Rey

All your packets are belong to us Attacking backbone technologies Daniel Mende & Enno Rey

All your packets are belong to us Attacking backbone technologies Daniel Mende & Enno Rey {dmende, erey}@ernw.de Who we are Old-school network geeks. Working as security researchers for Germany based ERNW GmbH. Fiddling

630 views • 38 slides
My name is Steve and I go by Dirtpro in the Milsim world. I belong to the Oklahoma Badland

My name is Steve and I go by Dirtpro in the Milsim world. I belong to the Oklahoma Badland

My name is Steve and I go by Dirtpro in the Milsim world. I belong to the Oklahoma Badland Regulators Milsim team, which was formed at Oklahoma Invasion 5 in 2010. From the beginning we have strived to push the authenticity of the Milsim label and

207 views • 5 slides
All Your URI are Belong to Us Geoffrey Young geoff@modperlcookbook.org 1

All Your URI are Belong to Us Geoffrey Young geoff@modperlcookbook.org 1

All Your URI are Belong to Us Geoffrey Young geoff@modperlcookbook.org 1 http://www.modperlcookbook.org/~geoff/ Apache Request Cycle Client Request Logging URI-based Init Content URI Translation Fixups File-Based Init Resource Control

529 views • 27 slides
Where you can belong #belongatbu International student life - Bournemouth Location, location,

Where you can belong #belongatbu International student life - Bournemouth Location, location,

Where you can belong #belongatbu International student life - Bournemouth Location, location, location Bournemouth University is located in a beautiful part of the UK Set in the south of England, right next to 7 miles of sandy beach

308 views • 20 slides
20 20-21 Return to Schools Guid idin ing Prin incip iples Belong.Serve.Succeed

20 20-21 Return to Schools Guid idin ing Prin incip iples Belong.Serve.Succeed

School Dis istrict of Holmen: 20 20-21 Return to Schools Guid idin ing Prin incip iples Belong.Serve.Succeed Preparing students for tomorrow through an engaging and inclusive educational community today. Empowerment Equity

674 views • 26 slides

More recommend