Eclypsium Researchers Demonstrate Direct Memory Attacks
Researchers from Eclypsium, a provider of secure firmware, disclosed this week that they have been able to launch successful direct memory access (DMA) attacks that bypass security frameworks such as UEFI Secure Boot, Intel Boot Guard, HP Sure Start and Microsoft Virtualization-Based Security.
Jesse Michael, principal researcher for Eclypsium, said these attacks can be launched by cybercriminals that have physically gained possession of a laptop, desktop or server or via devices such as network integration cards (NICs) or Firewire devices that are plugged into PCIe ports.
DMA attacks enable cybercriminals to read and write memory off a system directly, bypassing the main CPU and OS. By overwriting memory, attackers can gain control over kernel execution to perform virtually any manner of malicious activity using what is known as Memory Lane attacks.
Eclypsium researchers employed a Dell XPS 13 7390 2-in-1 laptop and an HP ProBook 640 G4. Researchers used a PCILeech tool created by DMA hacker Ulf Frisk to show how a DMA attack can work.
Michael noted there have been previous successful DMA attacks against Intel NUC mini-Pcs and Lenovo laptops. Controls to defend against these threats have been developed, but Michael said the Eclypsium research shows that many devices with built-in hardware protections continue to be vulnerable.
In the case of the Dell laptop, an insecure default BIOS configuration was set to “Enable Thunderbolt and PCIe behind TBT pre-boot modules.” The HP notebook was subjected to an open chassis attack through which researchers were able to launch pre-boot DMA attacks to disrupt the UEFI secure boot process.
To thwart DMA attacks, Eclypsium researchers report both UEFI secure-boot firmware and the OS need to support the DMA protection using IOMMU (VT-d) hardware. If the firmware leaves the DMA protection on while it transfers control to the OS bootloader, but the operating system does not update the DMA remapping controls as needed, normal system functionality will be broken due to incorrectly blocked DMA operations. Firmware support to protect against these attacks did not exist in the UEFI reference code until 2017, so the first devices with this support became available in 2019. On the OS side, Windows 10 1803, released in spring 2018, was the first version of that operating system to support leaving DMA protection on while the OS boots.
While it may be difficult for cybercriminals to gain physical access to a laptop, it’s worth remembering these systems are lost or stolen all the time. By opening the chassis, cybercriminals can use these attacks to read memory or install various types of malicious code before finding a way to return them to their original owner. Most people are so glad to recover a lost laptop that they tend not to ask too many questions about where it was before it was recovered. Similarly, while most data centers are physically secured, it’s not unheard of for persons to gain unauthorized access.
Regardless of the means employed, the one thing that is clear is most systems are not quite as secure as one might expect.
