A Universal Framework for BIOS/UEFI Rootkits in System Management Mode

A Universal Framework for BIOS/UEFI Rootkits in System Management Mode

LONGKIT – A Universal Framework for BIOS/UEFI Rootkits in System Management Mode Julian Rauchberger1, Robert Luh2 and Sebastian Schrittwieser2 1St. Poelten University of Applied Sciences, St. Poelten, Austria 2Josef Ressel Center TARGET, St. Poelten University of Applied Sciences, St. Poelten, Austria fi[email protected] Keywords: Malware, Rootkit, BIOS, UEFI, System Management Mode. Abstract: The theoretical threat of malware inside the BIOS or UEFI of a computer has been known for almost a decade. It has been demonstrated multiple times that exploiting the System Management Mode (SMM), an operating mode implemented in the x86 architecture and executed with high privileges, is an extremely powerful method for implanting persistent malware on computer systems. However, previous BIOS/UEFI malware concepts described in the literature often focused on proof-of-concept implementations and did not have the goal of demonstrating the full range of threats stemming from SMM malware. In this paper, we present LONGKIT, a novel framework for BIOS/UEFI malware in the SMM. LONGKIT is universal in nature, meaning it is fully written in position-independent assembly and thus also runs on other BIOS/UEFI implementations with min- imal modifications. The framework fully supports the 64-bit Intel architecture and is memory-layout aware, enabling targeted interaction with the operating system’s kernel. With LONGKIT we are able to demonstrate the full potential of malicious code in the SMM and provide researchers of novel SMM malware detection strategies with an easily adaptable rootkit to help evaluate their methods. 1 INTRODUCTION of a system are still underrepresented in security re- search and contain vulnerabilities that might prove Hiding malware such as rootkits or bootkits inside more tempting a target in the long term. the BIOS/UEFI of a computer has long been deemed The System Management Mode (SMM) is a a theoretical threat rather than an actual attack sur- legacy mode of operation available in x86 and x86-64 face. Implementation seemed too difficult and the CPUs. Originally, SMM was intended to be used for benefits for malicious actors aiming for quick profits maintenance tasks such as power and thermal man- were considered negligible. However, with the recent agement (Duflot et al., 2010). It is a highly privi- rise of Advanced Persistent Threats (APTs) and state- leged mode of operation which has free I/O access, sponsored attacks, sophisticated targeted attacks are can directly interact with memory and has no hard- now considered a realistic threat to businesses (Luh ware memory protections enabled. The operating sys- et al., 2016). For skilled attackers requiring high tem itself is suspended during SMM and is therefore stealth and persistence rather than widespread infec- unable to enforce any security policies. To emphasize tion, the BIOS/UEFI of a computer provides an ideal that SMM is even more privileged than hypervisors, target as it allows their payload to act independently it is often referred to as Ring -2 (Domas, 2015; Wo- of the operating system while still maintaining full jtczuk and Rutkowska, 2009). control over it. Moreover, in recent years, an in- Due to its high privileges, the SMM is one of the creased focus on security in software development key areas of many low-level attacks described in the can be observed and common attack surfaces such literature (Duflot et al., 2010; Kallenberg and Kovah, as operating systems and web browsers have become 2015; Domas, 2015; Duflot et al., 2006; Embleton more and more difficult to exploit. Today, a lot more and Sparks, 2008; Embleton et al., 2013; Schiffman investment is needed to compromise a system and and Kaplan, 2014). On modern operating systems, it ”low-hanging fruits” are slowly disappearing, which provides a level of access even above the kernel. The will force attackers to find different targets (Forristal, main motivation for SMM attacks is therefore the es- 2011). Lower operational levels such as the firmware calation of privileges, often with the goal of installing 346 Rauchberger, J., Luh, R. and Schrittwieser, S. LONGKIT – A Universal Framework for BIOS/UEFI Rootkits in System Management Mode. DOI: 10.5220/0006165603460353 In Proceedings of the 3rd International Conference on Information Systems Security and Privacy (ICISSP 2017), pages 346-353 ISBN: 978-989-758-209-7 Copyright c 2017 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved LONGKIT – A Universal Framework for BIOS/UEFI Rootkits in System Management Mode persistent malware on the system which is indepen- A recurring question regarding SMM malware re- dent from the operating system. volves around the level of control the SMM has over Malware running in System Management Mode the system and what malicious actions it can exe- provides attackers with several more advantages cute (Kallenberg et al., 2014; Kallenberg and Ko- which traditional kernel or userland based malware vah, 2015). Since SMM has direct access to physical does not have due to access restrictions. It has RAM, malware running inside its boundaries can es- extremely high stealth and persistence capabilities: sentially do everything lower privileged malware can. under normal circumstances, System Management The only difference is that said functionality might be RAM (SMRAM) cannot be read or written to from more difficult to implement because there is no au- outside the SMM, not even with Ring 0 privi- tomatic translation between virtual and physical ad- leges (Kallenberg and Kovah, 2015). Thus, SMM dresses (Duflot et al., 2006) and it is not possible to malware, which does not alter the operating system, directly call APIs of the operating system. Attack- is very hard to detect, requiring manual dumping and ers might have to reimplement certain functionality reverse engineering of the System Management Inter- which is otherwise easily accessible. rupt (SMI) handler. By demonstrating the very real threat posed by novel solutions such as LONGKIT, we hope to shift Contributions. The main contributions of this pa- attention to the SMM attack surface and inspire fu- per are: ture research in this area. We introduce a flexible framework for • BIOS/UEFI rootkits in the SMM. 2.1 Related Work We show how SMM rootkits can access the en- • tire 64-bit address space of the virtual memory by In the past, the SMM was shown to be exploitable by entering the Long Mode. attackers to bypass certain security features (Duflot et al., 2010). The authors identified four fundamental We explain LONGKIT’s ability of interfering with flaws in the design of the SMM which they attribute to • the operating system’s kernel by locating and the fact that security has mostly been an afterthought parsing the page table used by the OS. in the specification. Moreover, they also identified We present a prototype of the LONGKIT frame- • two common design flaws in SMI handlers. These work as well as the implementation and evaluation are not flaws in the specification but rather commonly of two typical rootkit functionalities (login bypass made programming mistakes which subvert security. and system call hooking). Similar observations have been made by (Kallenberg and Kovah, 2015). Boot script vulnerabilities are a class of attacks 2 BACKGROUND that apply only to UEFI systems as they rely on in- terpretation of the S3 boot script data structure which SMM can only be entered when the CPU receives is a feature of UEFI firmware. S3 resume allows for a a System Management Interrupt (SMI) which is a faster startup during a suspend/resume cycle by skip- hardware interrupt. However, triggering an SMI in ping certain parts of a normal boot sequence and ex- software is also possible, for instance by writing ecuting the S3 boot script to restore configuration. If to the Advanced Power Management Control Reg- this script is stored insecurely, attackers with Ring 0 ister (APMC) (Duflot et al., 2010). Upon receiving privileges can modify it and execute arbitrary code an SMI, the CPU will enter SMM and execute the during early boot (Wojtczuk and Kallenberg, 2014). System Management Interrupt Handler which is lo- Additionally to the classes of attack vectors speci- cated in System Management RAM (SMRAM) (Du- fied above, other, less generic exploits have been pub- flot et al., 2010). SMRAM is a special region in mem- lished in the past. Speed Racer (Kallenberg and Wo- ory which, if correctly configured, can only be read jtczuk, 2015) is a race condition found on multi-core and written to when the CPU is in System Manage- systems with chipsets lacking or making no use of the ment Mode (Duflot et al., 2006). A part of SMRAM is SMM BWP (SMM BIOS Write Protect Disable) reg- reserved for the state save area where the contents of ister. When this register is set, the BIOS region is only most CPU registers are stored when entering SMM. writable if all processors are in SMM. If this feature When the SMI handler has finished, it executes the is missing or unused, a race condition exists which al- RSM assembly instruction which restores the registers lows reflashing of firmware by continuously attempt- with the values in the state save area and returns con- ing to unlock the BIOS region on one core and writing trol to the operating system. to it on another core. In some cases, the firmware can- 347 ICISSP 2017 - 3rd International Conference on Information Systems Security and Privacy not re-lock memory fast enough and the write will go only capability is to scan memory for a certain signa- through. Another attack, The Memory Sinkhole (Do- ture. If this signature is found, data following there- mas, 2015), abuses a legacy feature of modern pro- after will be executed as code by the rootkit (Kallen- cessors that allows remapping of the Advanced Pro- berg et al., 2014).

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    8 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us