SoS Musings #67 - Bolstering Firmware Security
SoS Musings #67 -
Bolstering Firmware Security
Attackers are increasingly focusing on device firmware. A report from the US Department of Commerce and the US Department of Homeland Security defines firmware as a set of programs and data that are embedded in hardware and is typically stored in Non-Volatile Memory (NVM) such as Read-Only Memory (ROM), Erasable Programmable Read-Only Memory (EPROM), or flash memory. Firmware is critical to system operation because it provides instructions and guidance so that the device can communicate with other devices or carry out a set of basic tasks and functions as intended by the software. Firmware allows the operation of simple and complex Information and Communications Technology (ICT) devices and systems, including medical devices, manufacturing systems, data centers, power plants, mass transit systems, and more. It is required for various electronics, including traffic lights, digital watches, printers, remote controls, mobile phones, network routers, and servers, because it connects hardware to software. Furthermore, individual devices connected to Personal Computers (PCs) contain firmware that controls hardware actions, such as drives, network adaptors, processors, memory, and peripheral devices, including Wi-Fi adapters, routers, webcams, keyboards, batteries, sound cards, and Universal Serial Bus (USB) sticks. A well-known example of firmware is the Basic Input/Output System (BIOS). In a PC, the BIOS facilitates hardware initialization before handing control over to the Operating System (OS). BIOS and Unified Extensible Firmware Interface (UEFI), a newer version of host processor boot firmware, are often used interchangeably. Despite UEFI becoming the new standard boot firmware in PCs, many people still use BIOS and UEFI interchangeably, and BIOS is still found on many devices. With modern computers using UEFI firmware during the boot-up process, the interface contains information that the computer uses for loading the OS, meaning any malicious code in it would execute before the OS boots up. Because of this, UEFI firmware has become a popular target for attackers seeking to conceal implants from malware detection tools and maintain long-term persistence on infected systems.
There are a number of advantages for attackers in targeting firmware. As firmware has a privileged position within the device, firmware-based attacks provide malicious actors with distinct advantages, with attackers being able to subvert OS and hypervisor visibility, bypassing most security systems. In addition, attacks conducted via firmware enable malicious actors to hide and remain in networks and devices for long periods of time while carrying out attack activities and causing irreversible damage. Firmware can also be considered a lucrative target with a low attack cost. Although firmware has a critical role in electronic devices, firmware security has not been high on the list of priorities for manufacturers and users, and it is not always well protected. In 2021, Microsoft commissioned a study that revealed how firmware attacks are outpacing investments aimed at stopping them. According to the March 2021 Security Signals report, based on interviews of more than 1,000 enterprise security decision-makers from various industries, over 80 percent of enterprises experienced at least one firmware attack in the last two years, but only 29 percent of security budgets are dedicated to firmware protection. In regard to firmware providing opportunities for attackers to plant malicious code, the Microsoft Security Team also cited the National Institute of Standards and Technology's (NIST) National Vulnerability Database (NVD) finding that attacks against firmware have increased more than fivefold in the last four years, and attackers have used this time to fine-tune their techniques and stay ahead of software-only defenses.
As the population of electronic devices continues to grow, firmware presents a wide and expanding attack surface. In recent years, hackers have increasingly targeted firmware in order to launch devastating attacks. Firmware-based rootkits are growing in popularity because they give threat actors a way to keep a persistent, difficult-to-detect, and challenging-to-eradicate presence on a target network. An instance of this threat was recently uncovered by researchers deep within a computer's UEFI firmware. Instead of being installed on the hard drive like some other UEFI rootkits, the malicious implant, named "MoonBounce," was placed in UEFI firmware within the Serial Peripheral Interface (SPI) flash storage on the infected computer's motherboard. As a result, the implant could continue to operate on the system even after the hard disk had been formatted or replaced. The implant was created to allow the installation of additional malware on the compromised system.
Firmware security experts at Binarly announced the discovery and coordinated disclosure of 16 high-severity vulnerabilities in various UEFI firmware implementations affecting millions of HP enterprise devices, including laptops, desktops, point-of-sale (POS) systems, and edge computing nodes. These flaws were discovered in HP UEFI firmware, and some of them affect AMD reference code. Using Binarly's code similarity technology across the entire firmware corpus, a detection was triggered on a piece of firmware belonging to a Dell device, but the vulnerability was discovered on HP devices first. It was determined that the vulnerability exists in some piece of reference code. Further investigation tied this code to AMD's firmware driver, 'AgesaSmmSaveMemoryConfig,' which is widely distributed throughout the computing ecosystem. Through the exploitation of the 16 vulnerabilities disclosed, attackers could perform privileged code execution in firmware below the OS, and deliver persistent malicious code capable of surviving OS re-installations and enabling the evasion of Intel Boot Guard, UEFI Secure Boot, and Virtualization-Based Security (VBS) isolation.
Lenovo issued security updates for over 100 laptop models in order to address critical UEFI vulnerabilities, which could allow advanced hackers to install malicious firmware that is nearly impossible to remove or, in some cases, detect. Two of the vulnerabilities stemmed from UEFI firmware drivers that were only intended to be used during the manufacturing process of Lenovo consumer notebooks. The drivers were inadvertently included in the production BIOS images by Lenovo engineers and were not properly deactivated. Hackers can use these faulty drivers to disable UEFI Secure Boot, BIOS control register bits, and protected range register, which are security features built into the SPI to prevent unauthorized changes to the firmware it runs. When a machine is put into System Management Mode (SMM), a high-privilege operating mode typically used by hardware manufacturers for low-level system management, a third vulnerability can allow hackers to run malicious firmware.
Although there are protections designed to thwart unauthorized people from running malicious firmware during the boot process, researchers have discovered critical vulnerabilities that can subvert them. For example, Intel Boot Guard gives platform owners and platform manufacturers hardware-enforced boot policy controls to authorize which BIOS code is permitted to run on that platform. Intel Boot Guard provides a hardware-based Root-of-Trust (RoT) for platform boot verification, which verifies the BIOS image before BIOS execution. This mechanism raises the platform's security bar by reducing the attack vectors and making it more difficult to launch attacks to undermine the boot process. However, Trammell Hudson, a security researcher, discovered three flaws that prevented Boot Guard from functioning when a computer was brought out of sleep mode. This mode keeps all items in computer memory but turns off the CPU entirely. An attacker who can bypass Boot Guard during wakeup can then engage in various malicious activities. Obtaining the keys used to encrypt hard drives is one of them, as long as the keys are stored in memory, as they are with many computers during sleep. An attacker could use this to obtain decrypted versions of all data stored on the computer without needing the user's password.
The ecosystem is made up of complex supply chains with multiple contributors when it comes to developing the firmware that powers computing devices. Firmware for any given device could be a mix of components from various sources, so when it comes to addressing security vulnerabilities, getting a patch out to the public is far from simple. During a panel discussion titled "The Firmware Supply-Chain Security Is Broken: Can We Fix It?" at Black Hat Asia, Kai Michaelis, co-founder and CTO at Immune GmbH, described the overgrown supply-chain "tree," out of which grows heavy code reviews and lengthy patching processes when a bug is discovered. According to the panelists, the average time for patches to be released is six to nine months, with two years not uncommon. Therefore, they warn that the supply chain represents a broad attack surface for compromise. Given that vulnerable firmware jeopardizes the security of the OS and any applications, the possibility of cyberattackers discovering exploitable vulnerabilities is a major concern. Michaelis explained that the final firmware vendors implement into their hardware is a multi-sourced effort. Stakeholders can include various component vendors, open-source repositories, reference implementations, original design manufacturers, independent BIOS vendors, and the Original Equipment Manufacturers (OEMs) who make and sell the final product. If a vulnerability is reported, OEMs often have multiple "branches" from which patches and updates flow, with no visibility into one another. One of the major issues is that when bugs are discovered, they may be harmless, but when combined with other flaws in other parts of the firmware, the vulnerabilities become weaponizable and could allow attacks on partners and end users. According to the panel, securing firmware will require a significant shift in strategy and thinking. For example, the panelists advocated that OEMs and the security community make a concerted effort to improve education among component vendors and other supply chain elements about security and persuade them that updates are required. OEMs should also make efforts to increase risk transparency by facilitating greater vendor communication and establishing a centralized repository of patch and bug information. Collaboration among the private security community will also be critical, according to the panelists. To that end, the Linux Foundation has launched LVFS, a vendor firmware service that provides OEMs the ability to upload firmware updates for free distribution to Linux users. Dell, HP, Intel, Lenovo, and other vendors have signed up.
As the US Department of Commerce and the US Department of Homeland Security pointed out, firmware is often overlooked, but serves as single point of failure in devices and one of the most stealthy ways for an attacker to compromise devices at scale. It is essential to increase efforts to shore up firmware security.