Firmware Attacks: An Endpoint Timeline
One of the most common questions I’ve heard regarding the need for firmware security is “Could you provide examples of real-world attacks”? I began to research the history of attacks against firmware inside your computer and uncovered quite a list of various pieces of malware with firmware-based attack capabilities. For many, the firmware attack vector falls into the “out of sight, out of mind” category. I don’t fault people for this train of thought, after all, firmware should be something that most people don’t have to worry about. However, firmware ends up embedded inside our PCs, servers, and laptops and lives in several different components. The central question is “Can you trust the hardware and firmware in your computer?”. Of course, if these components are “out of sight, out of mind”, you may not be asking that question. If we are to trust the hardware and firmware in our computers this means, at some level, we have to trust the supply chain. Has the firmware been tampered with to include a backdoor or unintended behavior? Are there vulnerabilities that attackers could exploit to gain highly privileged access to my system? Attackers are increasingly exploring these exposures in our systems, but why?
Motivations For Attacking Firmware
- Impact – Almost nothing enjoys higher privileges than firmware. If the goal is to disable or destroy a system, firmware possesses some of the highest levels of privilege in the stack. As attackers increase their own permissions, the amount of damage they can also do increases.
- Availability – UEFI standardized the interaction between hardware and software on most modern computers. Before UEFI each OEM had a different BIOS, making ubiquitous attacks more difficult.
- Increased Attack Surface – UEFI also introduced a vast attack landscape as it represents an increase in features and functionality at the firmware level.
- Highest Level of Trust – Firmware often represents a level of access to hardware and software that can defy controls at other levels (Such as the operating system and applications). Attackers typically exploit this trust for the following goals:
- Stealth – Most attackers’ primary goal is to gain control of a system covertly. The likelihood of being detected decreases as the level of permissions increases. Attackers controlling a system in the highest privilege levels (e.g. Ring -3 as described in the Intel ME article as an example) therefore have the best chance of going undetected. In order to reach these levels of privilege, attackers often go after firmware.
- Persistence – Attackers understand there is always a chance of being detected. The deeper into the system an attacker can control the better they can configure malicious software to lie about its presence and persist for longer periods of time.
- The Exploitation of Supply Chain Weaknesses – While there are various examples of attackers going after the weaknesses in the supply chain (most notably SolarWinds and Log4j), much of the firmware attack surface has even more serious supply chain security impacts. Each of the components within your system has slightly different supply chains. Hardware and firmware are acquired from various suppliers before being baked into your computer. Attackers could exploit the supply chain directly, infecting component firmware early in the process with backdoors. Vulnerabilities or configuration mistakes can be introduced (or exploited) at various stages in the supply chain. More complex attack chains could be formed by taking advantage of several mistakes along the way, such as not implementing newer protection mechanisms made available by hardware manufacturers in firmware.
- The Difficulty of Remediation – Firmware is typically not easy to recover or reinstall on a system, and many practitioners will avoid “reflashing” even actively-exploited firmware. Due to the complexity of the firmware supply chain, it may not be possible to implement a fix in the current hardware. Configuration often cannot be changed by the end consumer, leaving you waiting for upstream hardware and software vendors to implement a fix and push new firmware (which, in some cases, may never happen).
Malware authors are taking advantage of the above weaknesses, including vulnerabilities below the surface and inherent supply chain issues. Below is a list of real-world examples. While not a comprehensive list (as there are some additional “fringe” cases), these events represent the most common and visible examples:
One of the first observed malware to attack the BIOS directly.
Hacking Team had a UEFI rootkit that was used to maintain persistent access to target systems. It is believed that this was installed with physical access, however, it is possible that physical access was not required to implant the malware.
Equation Group and Vault 7 Leaks
Two separate instances led to tools and techniques for firmware attacks being leaked to the public. In 2015 we learned of EquationDrug and Grayfish. Later in 2017, we learned of Dark Matter and Sonic Screwdriver.
Russian hacking group Fancy Bear is found using a UEFI rootkit to install Lojax, independent of the kernel and operating system, even a complete wipe of the hard drive will not remove the malware (patched UEFI modules of the LoJack anti-theft software (also known as Computrace) were used). (You can find our discussion of LoJax here.)
Researchers at Kaspersky disclosed a new UEFI implant being used in the wild dubbed MosaicRegressor. This implant has been used in targeted attacks as a way to maintain a persistent foothold in target organizations and evade most detection controls while delivering malicious payloads to compromised systems. You can find more information about MosaicRegressor and other UEFI implants here.
Trickbot contains code to read, write, and erase firmware dubbed Trickboot. This was discovered in a collaborative research effort between Advanced Intelligence (AdvIntel) and Eclypsium.
A UEFI component belonging to the FinFisher surveillance toolset. Although researchers have tracked the spy tool since at least 2011, the bootkit didn’t surface until 2021. You can find our full write-up, including a video breakdown, of FinSpy here.
A bootkit persisting in the EFI System Partition that can bypass Windows Driver Signature Enforcement to load its own unsigned driver. You can find our article on detecting ESpector (and FinSpy) here.
Discovered in January and attributed to APT41, or an actor closely affiliated to the group, which researchers say is part of the Winnti Umbrella.
Conti Group Found Actively Looking For Firmware Vulnerabilities
Leaked chat logs show that the Conti ransomware group is actively looking for firmware vulnerabilities, specifically in Intel ME technologies.
One of the most recent examples of malware that “hooks” UEFI at an early stage to infect all subsequent operations in the boot process. The end result is malware stealthy infecting the Windows kernel, evading most protections. You can find our write-up on CosmicStrand here.
Researchers observed a UEFI bootkit sold online called “BlackLotus”. Commanding a $5,000 price tag the sellers claim this malware can bypass Secure Boot.
There will likely be more examples of malware to add to the above list. As attackers run into challenges at the operating system level, diving to the firmware level is the next logical step to evade detection. Ensuring the firmware on your systems is important, as is making sure protections such as Secure Boot are enabled and configured properly (and each of those is not always an easy task).