RowHammer: A powerful new attack

In 2014, a group of researchers from Carnegie Mellon University and Intel published a new kind of disturbance attack on DRAM: rowHammer [1]. At the difference of SRAM (static), DRAM (dynamic) need regular refreshing to keep their memory. DRAM are organized by rows. Indeed, when reading or writing to an address, the circuit access the full row rather than only one specific cell. Cells are susceptible to inter-cell crosstalk (like any electronic elements). The researchers discovered the fast, repetitive reading of two rows they could generate a high rate of disturbances that produce errors in the memory. The actual code to produce errors is simple and short. It is a simple loop that reads two addresses, flushes the registers and the instruction cache. A typical 1 million iterations takes less than one second. The code does not need to be root. They tested 129 different DDR3 DRAM commercial modules. They induced errors in 110 modules.

Thus, they demonstrate that with simple software, it was possible to wreck DRAM memory.

This month, Google researchers went one step further. They used the rowHammer technique to create actual fault injection. On a standard x86-64 bit machine, they demonstrated two exploits [2].

  • Native Client (NACl) is a sandboxing system that allows only a limited subset of instructions. They were able to have ‘blacklisted’ instructions to execute in the NACl environment.
  • They succeeded to escalate the privilege to Kernel privilege on a standard Linux.

Of course, these exploits have some limitations. The escalation was done only on a Linux machine without some sandboxing mechanisms. Nevertheless, they highlight that rowHammer may become a powerful fault injection tool. The interesting part of rowHammer is that it is purely software.

Currently, they have only experimented rowHammer on standard DRAM commercial modules. This may be an interesting way to bypass some trusted execution environment that isolate the DRAM space.

DRAM for servers should be more resistant to rowHammer as Error Correction is embedded in the chip. Nevertheless, error correction can only correct a limited amount of simultaneous errors. It may be possible perhaps to also overflow the correction. If rowHammer would be possible on DRAM for servers, then it may be a potential interesting attack vector in the public cloud. The attacker may either bypass the sandbox or impair the memory of another user of the same server.

We may see in coming months more studies and exploits around rowHammer. Will it have the same impact than side channel attacks? To be surveyed…

The two papers are worthwhile to read. Read them in the chronological order.

[1]    Y. Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C. Wilkerson, K. Lai, and O. Mutlu, “Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors,” in Proceeding of the 41st annual international symposium on Computer architecture, 2014, pp. 361–372.

[2]    C. Evans, “Project Zero: Exploiting the DRAM rowhammer bug to gain kernel privileges,” Project Zero, 09-Mar-2015.

 

Lenovo, Superfish, Komodia: a Man In The Middle story

Lenovo has made this week the headlines with the alleged malware: superfish.   Lenovo delivered  some PCx loaded with “bloatware” Superfish.  Superfish provides solution that performs visual search.  Seemingly, Superfish designed a software that allowed to place contextual ads on the web browsing experience.   To perform this highjacking, superfish uses a software stack from Komodia:  SSL Digestor.  According to the site of Komodia:

Our advanced SSL hijacker SDK is a brand new technology that allows you to access data that was encrypted using SSL and perform on the fly SSL decryption. The hijacker uses Komodia’s Redirector platform to allow you easy access to the data and the ability to modify, redirect, block, and record the data without triggering the target browser’s certification warning.

How does Komodia do the decryption without triggering the certificate validation of the browser?   The CERT has disclosed on Thursday the trick with its vulnerability note VU#529496.

Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing

Komodia install stealthily its own root certificate within the browsers’ CA repository.   The stack holds its private key. This allows to ‘self-sign’ certificate to forge SSL connection.  The software then generates a typical Man In The Middle.   Despite the private key was encrypted, it was possible to extract some corresponding private keys (easy to guess the password; komodia).  This means that as long as the root key is not erased from browsers’ repository, an attacker may use the corresponding private key.  The attacker may sign malware that would be accepted by the machine, and generate phony certificates for phishing.   In other words, other principals than Superfish may use the hack for infecting Lenovo computers.

Lenovo provided a patch that removed the Superfish application.   Unfortunately, the patch does not erase the malicious certificate.  Microsoft provided such patch, and Mozilla should soon revoke it.

This is a perfect example of supply chain attack. The main difference is that the supplier voluntarily infected its product.    Do never forget law 4: Trust No One.

PS:  at the time of writing, the Komodia site was down, allegedly for a DOS.  It may also be because too many people try to visit the site.

Does your TV set watch you?

Benjamin Michele and Andrew Karpow presented a scary Proof of Concept  using two Samsung Smart TVs.  They used the integrated media player of these Smart TV set.  For the most recent one, they discovered that the TV set used a 2011 version of the open source FFMPEG’s libavformat library. This library identifies the type of content to be played and demux it before the content is transmitted to Samsung’s proprietary media player.  The libavformat library supports many containers.  It is a complex piece of software, and as such as many new discovered bugs. By scanning the bug-tracking database of this open source library, the researchers selected one vulnerability that was not patched in the version used by the TV set.  This vulnerability allowed them to execute arbitrary code when playing a forged content.  As the player executes in root shell, the forged payload also executes in root shell.  This means that the payload has full access to the platform.  As the Smart TV had an integrated camera and microphone, they wrote an exploit that captured the video of the camera and the sound from the microphone.  The captured information can then be sent to a remote server.  As the payload is encapsulated in a real movie, the consumer is not aware that his TV set is being infected and that he is spied.  The researchers found a way to flash the Smart TV set and thus make the infection permanent.

Of course, the payload could do other things.  The researchers could perform a thorough analysis of the TV set because they succeeded to get root access, and thus could explore the system and easily work on the exploit. The target were Samsung TV sets.  Most probably, any other smart TV of any brand could be attacked in a similar way but using another vulnerability.

This POC highlights several interesting points:

  • This exploit highlights an important issue of IoT.  Will devices in the field be upgraded and securely patched?  There are two issues that are not yet solved:
    • Will manufacturers do the security maintenance for the lifetime of the product?   Currently, the business model is to sell one device and not maintain it (unless there is a very serious bug that impact the behaviour).  How could the manufacturer finance this maintenance?  In the software world, maintenance is financed by either new version or maintenance contract for professional expensive applications.  This is not the case in the consumer domain.
    • Will consumers apply the patch?  The likelihood is low if we extrapolate from the computer world. Too many consumers’ computers are not patched.
  • The wide use of open source libraries has brought some benefits.  It is less expensive for companies and it is claimed to be more secure.  Unfortunately, it also has its downside.
    • This last claim is only true if all systems would be patched.  If it is not the case, then the use of widely deployed open source libraries may be an advantage for the attackers.  The attacker can experiment on his own system before trying on the targeted device.
    • Furthermore, the more a ‘common’ library is deployed, the more targets will be hit whenever a vulnerability is found in this library.  Heartbleed is a good illustration.
  • The more features a device has, the higher the risk to have vulnerabilities.

Reference:

Michele, Benjamin, and Andrew Karpow. “Watch and Be Watched:  Compromising All Smart TV Generations.” In Proc. of the 11th Consumer Communications and Networking Conference (CCNC). Las Vegas, NV, USA: IEEE, 2014.

Thundertrike: the first bootkit for Mac OS X

At CCC 2014 winter session, Trammel Hudson disclosed the first known proof of concept of a bootkit for Mac OS X.   Bootkits are a special category of rootkits that stealthily infect the master boot record or volume boot record.  In other words, it is a rootkit that installs itself in the boot system of the machine.

His exploit uses several weaknesses in the boot system of Mac OS X.

  1. The integrity of the boot ROM (which is indeed an EEPROM, to allow an upgrade) is protected by a CRC32 rather than by a cryptographic signature.  Unfortunately, the purpose of CRC is to check whether the software is not corrupted (i.e. no mistake),  CRC does not verify whether a software was altered.  He knows now that he may alter the boot process software.  He now had to find a smart way to do it.
  2. The firmware, to upgrade with Extensible Firmware Interface (EFI), is RSA 2048 signed.  However, the check is done by the boot software that can be impaired.  EFI is the replacement of BIOS. At this point, he knows that he may load his own firmware at boot using EFI.  But how could it provide the firmware to the targeted machine?
  3. He used a trick that was demonstrated in 2012.  At boot time, EFI asks externally connected devices via PCIe if they have any Option ROMs to execute.  Thunderbolt port allows thus to load an arbitrary firmware from a connected device.
  4. He fooled the boot firmware by replacing Apple’s public key with his own public key letting Apple software taking care of checking his malware.   Later, this key is written down in the ROM thus preventing any Apple legitimate upgrade to occur . Only upgrades signed by his private key will be accepted.

The potential attack is to have a forged thunderbolt device with the malware as Option ROM.  The attacker needs physical access to the target, boot it with the connected thunderbolt device, and then the attacker owns the machine.  It is fast.

This only a proof concept and no field attack have been yet discovered.  Apple is preparing fixes that do not allow Option ROM during a firmware upgrade.  The patch is already available for new Mac Mini and Retina.  It will be available soon for all Thunderbolt models.

He mitigates the error of Apple for using CRC32 rather than crypto by stating:

In actuality, any software-only validation is doomed to fail since if an attacker can get code into the ROM, they can just skip that software validation. Either by always returning true or by returning a cached value computed over the boot  ROM. Without some sort of hardware cryptographic signature checks or an actual, unchangable mask ROM, this sort of software-only attempt is futile.

His presentation, which he retranscripted on his site, is an excellent description of the work of a reverse engineer.  He shows some tricks such as looking for strings (too often there are printf remaining in the code), look for hexadecimal sequences on the Net to find corresponding tool signature, …  An excellent reading.

Lesson:  Law 1: attackers will always find their way (even on Mac)

Internet Wide Scanning

AT Usenix 2014, Alex Halderman, Zakir Durumeric and Michael Bailey, from the University of Michigan, presented an interesting study of the new landscape of wide scale Internet scanning.  Scanning the Internet for finding vulnerable targets is an old practice that is used by both academics, security research companies and black hats.   Nevertheless, the practice has changed during this last decade.

First of all, new tools have appeared: ZMap and masscan.  Provided they have access to a huge bandwidth, they can explore the full IPv4 address space in a few minutes from one point.  There is no more the need to use a botnet with tools such as nmap.   This team knows well ZMap as it is an open source project developed by the University of Michigan and at least two authors of this paper.

The type of ports that are scanned has also evolved during the past decade.   The big winner is port 445 for SMB-IP.  Interestingly, HTTP, HTTPS and SSH are mainly scanned by academic driven studies.

2004 2010 2014
HTTP (80) SMB-IP (445) SMB-IP (445)
NetBIOS (135) NetBIOS (139) ICMP Ping
NetBIOS (139) eMule (4662) SSH (20)
DameWare (6129) HTTP (80) HTTP (80)
MyDoom (3127) NetBIOS (135) RDP (3389)

Table describing Temporal differences in targeted protocols

They studied also three use cases.  I had a lot of interest in the use case related to Linksys router backdoor. After the public disclosure, 22 hosts completed 43 scans targeting port 32764 (the backdoor) of the IPv4 address space.  The first one was Shodan in less than 48 hours. Within one week, other ones tarted with two academic, 3 security firms but the reminder were unidentified hosts!

For the HeartBleed, same story

In the week following the disclosure, we detected 53 scans from 27 hosts targeting HTTPS. In comparison,
in the week prior to the disclosure, there were 29 scans from 16 hosts.

The lessons is that this environment is extremely dynamic.  New point of interests appear regularly and shift with time.   New tools appear.   Thus, be proactive to stay secure.

Who is monitoring your baby?

Data Watchdog announced that a Russian website featured a database listing of about 73,000  streaming IP webcams or CCTV whose owners are not aware that their webcam is broadcasting the video. The webcams are located all over the world. They are used for offices, baby monitoring, shop’s monitoring, pubs, etc.  All major manufacturers were present amongst the breached webcams.  The webcams were discovered by Internet scanning and trying the default password.  This is a good illustration of Law 8: If you watch Internet, Internet is watching you.  The UK Information Commissioner’s Office recommends changing the default password of the camera and when not needed disable remote access.

The site claims to do that for educational purpose.   This is what the site claims when accessing it.  It seems that it is efficient, as there are less and less listed feeds.

Sometimes administrator (possible you too) forgets to set the default password on security surveillance system, online camera or DVR. This site now contains access only to cameras without a password and it is fully legal. Such online cameras are available for all internet users. To browse cameras just select the country or camera type.

This site has been designed in order to show the importance of the security settings. To remove your public camera from this site and make it private the only thing you need to do is to change your camera default password.

Several interesting lessons:

  • As usual, default password are incriminated.  Users, and even professionals as it seems that CCTV are also listed, do not change the default password.  Manufacturers may not want to enforce the change of the default password, as it creates issues when users forget their password, but they should at least propose it the first time the user boots the device.
  • People are not good with security.  With the Internet of Things (IoT), there will be more and more connected devices.  This means that there will be more and more vulnerable devices on the Net.  IoT may make the Internet more brittle.
  • Who will inform the owners of these spied webcams that they are spied?  The remedy is simple, but the victims should at least be aware that they should apply this remedy.

By the way, did you change the default password of all your devices?  If not, I plead you to do so.

Dr Who’s leaked

Bad week for the BBC.   Last week, scripts of five episodes of next season of Dr Who leaked online.  The scripts were accessed from a Miami-based BBC worldwide server.  It seems that that they were publicly available (with a lot of material) and was indexed by Google.   A typical Google request provided access to this confidential material.

Unfortunately, other material was available.  A black & white unfinished watermark version of the first episode has also been put online.  The copy is visibly watermarked for a given recipient.   Drei Marc is a Brazilian company that provides subtitling and dubbing services.  Nevertheless, it seems that it comes from the same server.  It is not sure that other episodes may not surface in the coming days.  Broadcast of the first episode is planed on 23 August.

dr-who

BBC asked its fans not to spoil the release.

We would like to make a plea to anyone who might have any of this material and spoilers associated with it not to share it with a wider audience so that everyone can enjoy the show as it should be seen when it launches.

"We know only too well that Doctor Who fans are the best in the world and we thank them for their help with this and their continued loyalty

Several lessons:

  • Secure your servers and be aware of the indexing robots.   No server should be put online without prior pen testing.
  • Encryption at rest should be mandatory for early content.  If ever the attacker access the video server, he will access an encrypted video without the decryption key.  Useless.
  • Forensic marking should only occur at delivery time.  If prepared and stored before release, it is useless.  It will not hold in front of a Court with good security expert.
  • TV series are the new Eldorado of the movie industry