Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mickey, threats inside your platform final

PacSec 2015 speaker

  • Login to see the comments

Mickey, threats inside your platform final

  2. 2. Thank you for having us here
  3. 3. 私たちです
  4. 4. Agenda -  Part 1 -  Background -  Overview of platform assets -  Types of platform components -  Motivation for malicious intent -  Part 2 -  Real world example of a worst case scenario -  Explanation of vulnerabilities found
  5. 5. 古典 プラットフォーム
  6. 6. Classic platform
  7. 7. Modern platform
  8. 8. Modern platform
  9. 9. Modern platform
  10. 10. Modern platform
  11. 11. There is code inside BSL Mask ROM, Marked This is an MSP430F2274 bootloader ROM. The leftmost column is annotated - Travis Goodspeed
  12. 12. Attackers motivation
  13. 13. Attackers motivation •  Stealth •  Persistence •  Low level security bypass •  Data intercepts (USB) •  Side channel spying (sensors etc.) •  Privilege escalation •  VM escape •  Jail break/carrier unlock •  PDoS (Permanent/Persistent Denial of Service)
  14. 14. It is possible BadUSB root cause -  Controller inside flash drive has a CPU (8051) -  Insecure firmware update mechanism
  15. 15. Attack surface review from the inside
  16. 16. Modern platform
  17. 17. Modern platform •  Hide a tiny amounts of data in SPD •  OLD attack – change SPD to indicate smaller RAM size than actually exists to cause PDOS •  OLD attack – change SPD to indicate larger RAM size than actually exists to make some memory accesses wrap around and bypass security controls (i.e. memory aliasing)
  18. 18. Modern platform •  JEDEC eMMC spec 5.1 •  Introduced FFU •  FIELD FIRMWARE UPDATE
  19. 19. Modern platform
  20. 20. Modern platform
  21. 21. Modern platform
  22. 22. Modern platform
  23. 23. Modern platform
  24. 24. Modern platform
  25. 25. Modern platform
  26. 26. Modern platform
  27. 27. Modern platform
  28. 28. Modern platform The curious case of “Plugable” -  USB 3.0 SATA dock for external HDD -  Controller used is made by ASMedia -  Release a firmware update tool and patch back in 2013 - u3-firmware-update
  29. 29. Modern platform Same ASMedia controller found in Samsung Ultrabook
  30. 30. Example 1.  Malware gets installed on a platform via phishing, browser vulnerability, etc. 2.  It detects a vulnerable platform component. 3.  Then uses that component for persistence on the device.
  31. 31. Platform DEMO Internet Malware C&C Internal LTE module Malware AV clean or OS wipe & reinstall
  32. 32. VIDEO
  33. 33. Internal Huawei LTE modem •  Connected via USB interface in M.2 socket •  ARMv7, 256MB flash, 50MB ram
  34. 34. •  Software •  Windows utility for firmware updates •  Firmware •  Strings is useful •  Hardware •  Test pads?
  35. 35. Contains embedded Linux with Android kernel
  36. 36. root@9615-cdp:# cat /proc/cpuinfo Processor : ARMv7 Processor rev 1 (v7l) BogoMIPS : 274.02 Features : swp half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x0 CPU part : 0xc05 CPU revision : 1 Hardware : QCT MSM9615 CDP Revision : 0000 Serial : 0000000000000000 Contains embedded Linux with Android kernel
  37. 37. LTE module firmware update vulnerability •  Windows firmware update tool performs CRC check before passing firmware image to LTE module •  LTE module only performs CRC check of firmware image before accepting update •  CRC helps with integrity verification, but is not sufficient to prevent security compromise •  Easy to recalculate CRC and get LTE module to accept any arbitrary update •  Even easier to patch firmware update tool to recalculate CRC for us •  Bonus: No way to force firmware update if the module has been compromised •  Firmware updates should be signed by OEMs private key •  LTE module should perform a signature verification using public key stored inside module
  38. 38. •  CVE-2015-5367 •  Insecure Linux Image in Firmware •  CVE-2015-5368 •  Insecure Firmware Update Authentication
  39. 39. Affected products •  Huawei •  ME906V/J/E •  HP •  HP EliteBook 725 G2,HP EliteBook 745 G1,HP EliteBook 755 G2,HP EliteBook 820 G1,HP EliteBook 820 G2,HP EliteBook 840 G1,HP EliteBook 840 G2,HP EliteBook 850 G1,HP EliteBook 850 G2,HP EliteBook 1040 G1,HP EliteBook 1040 G2,HP EliteBook Folio 9470m,HP EliteBook Revolve 810 G2,HP EliteBook Revolve 810 G3,HP ElitePad 1000 G2,HP Elite x2 1011 G2,HP ProBook 430 G1,HP ProBook 430 G2,HP ProBook 440 G0,HP ProBook 440 G1,HP ProBook 440 G2,HP ProBook 450 G0,HP ProBook 450 G1,HP ProBook 450 G2,HP ProBook 640 G1,HP ProBook 645 G1,HP ProBook 650 G1,HP ProBook 655 G1,HP Pro x2 612 G1,HP Spectre x2 13-SMB Pro,HP ZBook 14,HP ZBook 14 G2,HP ZBook 15,HP ZBook 15 G2,HP ZBook 15u HP ZBook 17,HP Zbook 17 G2,mt41 Thin Client
  40. 40. Thanks for your research and for giving the DefCon talk. I was there in the audience.   Huawei is refusing to provide the ME906 firmware update directly to end users. Instead, they refer to the OEM partner (Sony, etc.), who in turn knows nothing about this. It's a classic case of finger pointing.   Do you have any insight and/or suggestions on how an end user of one of these LTE modules can acquire the patch? In my case, it's the Sony variant.   Thanks in advance for your assistance. Please excuse the anonymous disposable email, but I'm sure you know it's the only way to remain secure.    Regards, A (Disgruntled) Huawei Modem Owner
  41. 41. Summary and key takeaways •  Every modern platform contains many CPUs beyond the main one everyone knows about •  They often do not use a secure update mechanism •  AV software running on main CPU doesn’t have visibility into these additional CPUs •  They can be used to circumvent security controls in interesting ways •  Once one of these CPUs has been compromised, it can be impossible to clean •  We have to view the platform as an interconnected system with multiple security boundaries and execution environments rather than focusing only on main CPU and OS security issues •  Impossible to secure the overall platform without fixing device firmware security
  42. 42. Questions?