Tag Archives: WiGig

Researchers Disclose New DMA Attacks

=====================
TL;DR
If you own an affected laptop from Dell (XPS 13 7390) or HP (ProBook 640 G4), please update its BIOS/firmware to the most recent version. For other laptop vendors, check if the most recent BIOS/firmware resolves this or similarly named vulnerabilities. For servers, keep operating systems and software up to date and enforce physical access control.

If you are cautious with the links you click and when processing your email, you will likely not be vulnerable to these flaws. A social engineer might also attempt to exploit this vulnerability using either a closed or open chassis attack.
=====================

=====================
Acknowledgements
My sincere thanks to Eclypsium researchers, Jesse Michael and Mickey Shkatov for their detailed walkthrough of their research within their referenced work (below). I have used this research to provide the extracts below supplementing my write-up of this work below.

=====================

In the second half of last week, security researchers from Eclypsium disclosed a vulnerability present within Dell and HP laptops (however it is likely other vendors are also affected). Servers (especially hosting cloud infrastructure are at increased risk due to the widespread availability of remote DMA (RDMA) (defined) enabled networks.

How serious is this vulnerability?
While the vulnerability is considered high severity due to its CVSS 3 base score of 7.6 (defined) (in the case of CVE-2019-18579 for Dell systems) an attempt to leverage the vulnerability would not be trivial (see also “How can an attacker exploit this vulnerability?” below).

What could an attacker do if they exploited this vulnerability?
According to the researchers “It can allow attackers to bypass hardware-based root-of-trust and chain-of-trust protections such as UEFI Secure Boot, Intel Boot Guard, HP Sure Start and Microsoft Virtualization-Based Security with Device Guard”.

“an attacker can…extend control over the execution of the kernel itself,”. “This can allow an attacker to execute kernel code on the system, insert a wide variety of kernel implants and perform a host of additional activity such as spawning system shells or removing password requirements”.

How can an attacker exploit this vulnerability?
This vulnerability could be exploited remotely or locally. Let’s discuss the remote means first:

Remote attacks
An attacker would first have needed to compromise software within your system and then attempt to exploit the systems firmware (defined) e.g. the network interface card (NIC). The Eclypsium researchers also provide the following example:

“malware on a device could use a vulnerable driver to implant malicious firmware to a DMA capable device such as a NIC. That malicious code could then DMA back into memory during boot to get arbitrary code injection during the boot process. The fundamental ability of DMA attacks to shim attacker code into the boot process makes it useful for almost any type of attacker goal”.

Alternatively an attacker could use the Throwhammer exploit developed by VUSec to compromise a system by sending specifically crafted data packets to a target system. This results in bit flips within the target systems main memory providing an attacker with code execution for an application (which is remote to the attacker).

Local attacks
Closed chassis
The researchers demonstrated a closed chassis attack on a Dell XPS 13 7390 laptop. They did so by connecting to the Thunderbolt port of the laptop and performed a DMA code injection during the boot process of the system.

Separately the researchers were able to compromise a Dell laptop connected to a modified WiGig (information on WiGig) dock which was wirelessly connected to that dock. They were successful in “dump[ing] secrets out of the laptop remotely over the air. In this example the laptop was never touched by the attacker or physically connected to any device but was compromised remotely via DMA”.

Open chassis
Due to the presence of HP SureStart it was necessary for the attackers to open the case of the HP laptop they were testing namely a HP ProBook 640 G4 (which includes HP SureStart Gen4). Upon opening the chassis, they replaced the systems M.2 wireless card with a Xilinx SP605 FPGA development platform, they then performed the following:

“We were able to successfully attack the system and gain control over the device. By using DMA to modify the system RAM during the boot process, we gained arbitrary code execution, thus bypassing the HP Sure Start protections that verify BIOS code integrity before CPU execution starts”.

How can I protect myself or my organisation from this vulnerability?
If your organisation uses either of the affected laptops, please update their BIOS(defined)/firmware to the most recent version. For other laptop vendors, check if the most recent BIOS/firmware resolves this or similarly named vulnerabilities. The update for the Dell XPS 13 7390 laptop is referenced from within their security advisory.

Since an attacker would need to first compromise the software of your systems, please keep your software (especially web browsers, email clients, productivity software, document readers, virtualisation software and media players) and operating system up to date.

Be cautious with the links you click and when processing your email, don’t click on unknown/unexpected links and don’t open unexpected file attachments. While up to date software and operating systems for servers are equally important they are much less likely to be vulnerable to malicious links in emails, IM clients or drive by downloads since only authorised administrators should have access for maintenance/admin and not for day to day work activities.

Social engineers or malicious insiders may seek to exploit this vulnerability in person, verify the identity of any person before allowing them near your IT infrastructure especially in the case of servers. Lock laptops away when not in use. If employees need to leave laptops unattended, use Kensington locks (especially at locations other than your usual office) and consider the use of port blockers (Type C for Thunderbolt) for laptops and servers which will deter casual attackers or less determined thieves.

For servers (especially part of cloud infrastructure), your existing IT security policy should already include regular patching of servers, only having necessary applications and sufficient physical access control. Access control monitoring should also be in place to detect malicious insiders, while your incident management policy should contain how to respond in a timely and decisive manner.

Thank you.

=====================

Aside
While I have used the term “BIOS/firmware” above they are not the same thing. I have done this since the terms are often used interchangeably and I wish for users to still understand the intended meaning. For one user, they may understand updating their laptops firmware but not updating its BIOS and vice versa. My intention is for them to check the vendor website for such updates and if present, to install them.

At the time of writing the HP ProBook 640 G4 did not have a BIOS update available resolving this vulnerability. From the researchers work, the BIOS appears to be still in beta testing. Please regularly check with the HP website and apply the update when it is publicly available.

=====================

References
Eclypsium PDF Report:
https://eclypsium.com/wp-content/uploads/2020/01/DMA-Attacks-A-Walk-Down-Memory-Lane.pdf

Eclypsium Vulnerability Write Up:
https://eclypsium.com/2020/01/30/direct-memory-access-attacks/

Dell Security Advisory:
https://www.dell.com/support/article/SLN319808

=====================