Attackers are increasingly targeting the largely unprotected hardware and firmware within all types of devices. Firmware vulnerabilities are common and difficult to manage, and once exploited, allow attackers to subvert traditional security and gain long-lasting persistence within a network. In this paper, we will explore the nature of the risk, why it has become a priority now, and how organizations can protect themselves today.
In previous blogs we have taken a look at how attackers can target an organization’s most critical devices with firmware rootkits installed remotely or through “evil maid” attacks. However, devices can also be compromised in the supply chain before they are ever deployed in the enterprise. This type of attack can be incredibly difficult for most organizations to detect given that even the earliest baselines of a device are already compromised. Of course, a physical attack isn’t necessarily required for this. Vulnerabilities in firmware, such as failure to authenticate updates to UEFI or Baseboard Management Controller (BMC) firmware, can also enable attacks within the supply chain.
Recent reporting suggests that malicious actors were able to infiltrate over 30 companies using devices compromised in the supply chain. Even with the details of the recent news in dispute, we can see that supply chain risks are quickly becoming a top priority across the industry. NIST recently updated its Framework for Improving Critical Infrastructure Cybersecurity to include a Supply Chain Risk Management (SCRM) category, while greatly improving the guidance for related to SCRM throughout the framework. Likewise, the UK’s NCSC Cyber Threat to UK Business report highlighted the recent increase in supply chain attacks as a major area of focus moving forward. Additionally, in Gartner’s recent Top 6 Security and Risk Management Trends for 2018, the firm highlighted the importance of “origin over pricing” when evaluating technology purchases and the need to carefully consider the upstream and downstream relationships of all technology suppliers.
These are clear signs that a shift is underway in the industry. For many years the notion of firmware and hardware-level attacks in the supply chain may have seemed far-fetched. But now, both research and real-world evidence shows that these threats are here. For example, if attackers leveraged the BMC as described in the article, then an understanding of how BMC firmware can be subverted is the key to detection and an informed defense.
This knowledge is forcing organizations to evolve a more modern approach to how they handle the security of their devices, because they can be compromised remotely, via physical access, or as we see now, in the supply chain. As a result, it is increasingly critical that security teams have the tools and visibility to understand this new attack surface, actively manage any vulnerabilities, and defend themselves from attacks. We, at Eclypsium, look forward to helping to build this critical phase of enterprise security.
Security researchers have long been investigating potential attacks that undermine the foundation of modern software based defenses. For years this has remained a persistent issue without a comprehensive solution. Now, firmware and hardware threats have taken new significance due to recent research from ESET, which has uncovered one of the first UEFI rootkits being used by attackers in the wild (additional coverage).
This new research shows that malware authors are putting the theory of firmware-based malware into real-world practice. As with the HackingTeam UEFI rootkit, LoJax uses a firmware module to re-infect the system even if the OS is reinstalled. In a way, the “hard” part for this attack is getting access to change firmware at all. This can be done either through physical access or by exploiting vulnerabilities in firmware. As we’ve shown before, a few minutes of physical access is all it takes. However, a fully automatic installation of malware is also possible if firmware is not properly protected. One critical safeguard is to configure the BIOS Control Register such that firmware is read-only. If not properly configured (or if the system is very old), a race condition vulnerability (dubbed “Speed Racer”) can allow malware to bypass this protection. Researchers now report that LoJax exploited these vulnerabilities in order to install itself persistently. This is likely to be effective on many systems. Even though manufacturers may have released firmware updates to patch this vulnerability, many systems remain vulnerable, since firmware updates are rarely installed.
Protection of firmware storage is one of the most fundamental safeguards. While research dates much earlier, major recognition can be found in NIST’s Special Publication 800-147, which was released in 2011. This requires secure firmware storage in order to support cryptographically signed updates. The initial release of CHIPSEC in 2014 included tests for these specific vulnerabilities in the common.bios_wp module which continues to be useful today. You can run it to test if your system has properly protected firmware storage and fixed “Speed Racer” vulnerability.
Many other vulnerabilities have been discovered over the past few years in UEFI and related protections. Often, attackers don’t need to exploit a vulnerability at all in order to install implants like LoJax into the UEFI firmware. We have already seen that many older systems and even recent servers lack basic protections like signed firmware updates. Some of these vulnerabilities can be exploited remotely.
In addition to the main system firmware (e.g. UEFI), each system has multiple components including management controllers, network cards, hard drives and many more. Each of these components is responsible for major capabilities on the system. As we study more of these components, we find that their firmware can also be infected which can be challenging to detect or remediate.
So how can organizations defend their systems from firmware implants like the one used by LoJax? CHIPSEC framework includes modules like tools.uefi.blacklist and tools.uefi.whitelist which can help with detecting that the UEFI firmware has been infected. The tools.uefi.whitelist tool can be used to generate a list of “expected” hashes of all UEFI firmware executables on a system and then compare the firmware with this list later to detect any unexpected change or extra binaries added by implants like LoJax. This list must be created on a known good system.
Unfortunately, advanced tools like CHIPSEC are not suitable for wider deployment across enterprise operations. That’s what Eclypsium offers to organizations. More than just vulnerability information, Eclypsium also provides integrity assessment about the firmware on a system, making firmware and hardware visible at enterprise scale. Systems infected with LoJax or similar UEFI implants would fail integrity and whitelisting checks, even though they had never been seen before in-the-wild.
Ongoing exploration of vulnerabilities helps us to develop better defensive strategies and to monitor for previously invisible threats. In turn, we enable organizations to operate with confidence. Research will continue uncovering new techniques for malware, especially in the obscure corners of technology, and it makes sense that attackers are drawn to these unguarded areas in order to persist undetected and bypass security mechanisms. That’s why such research is part of our strategy, and we dedicate ourselves to developing defenses that are informed by research.