The Snowden leaks have taught us much about the tactics employed by the NSA and GCHQ, from brazen malware attacks to more esoteric dark arts, such as infecting low-level pieces of computer code. Correspondingly, research into more surreptitious activities targeting the guts of modern systems has often been overshadowed by studies of more obvious attacks. Yet such high-tech techniques pose a more severe risk. They can, for instance, allow agencies to spy on Tails, the Linux-based secure operating system favored by Snowden. And they’re not as difficult to exercise as many would imagine. They can totally obliterate the privacy of even the most careful computer user.
That will be the message of Corey Kallenberg and Xeno Kovah when they present research on easy-to-find BIOS-level vulnerabilities at the CanSecWest conference in Vancouver this week. BIOS firmware is the first software to run when a PC is switched on. It checks hardware and starts the load process for the operating system. Attackers who can get their code running at that level, usually installing a malware known as a rootkit, will be able to avoid most security detections systems, which tend to work at the operating system level, not below it. To get malicious tools running in the BIOS, however, the attacker will first have to hack their way to getting administrator privileges on a PC, through something like an Internet Explorer exploit, and then find some BIOS vulnerabilities to hack away at. The first part happens across the web every day, but the second part, the so-called “post-exploitation” phase, is considered the domain of highly-sophisticated hackers, such as the NSA or GCHQ, and extremely tricky to pull off.
But Kallenberg and Kovah have created a tool that automates the identification and exploitation of BIOS bugs, a number of which they will detail at CanSecWest. Using their own bespoke malware, they have repeatedly been able to gain access to System Management Mode (SMM), a part of the computer used by firmware that’s entirely separate from other processes, but can read everything going through a machine's memory.
“Once the payload is delivered, we have an agent running in SMM,” said Kallenberg during a demo session with FORBES. “The thing about SMM is that it runs independent of the operating system, the operating system has no visibility into system management mode, it’s a protected region that can’t be read or written by the OS - Tails can’t read or write to it - but it has access to all of memory.”
The researchers, who, frustrated at not getting enough traction with their insights into firmware insecurities, have set up their own "digital voodoo" consultancy LegbaCore, said they can use their exploits to completely undermine the security of Tails, which typically runs from a thumb drive and is supposed to be entirely unaffected by malware attacks on the computer it plugs into. The Tails website says “if the computer has only been compromised by software, running from inside your regular operating system (virus, trojan, etc.), then it is safe to use Tails”, whilst noting that if the computer has been compromised by someone having physical access to it, “then it might not be safe to use Tails”.
Kallenberg believes his research has shown this statement to be slightly misleading, given his attacks can be initiated remotely by first targeting the OS and then going lower down. “Tails isn’t keeping you safe from our agent,” he added. “We have exploits that can get past any BIOS protection that’s there so that’s not a problem either.”
He claimed that even other Tails protections, such as the memory wiper and offline mode, would not save it from the malware he and Kovah created. “We can just write the secrets you scrape to non-volatile storage and just wait until we have access to the internet to exfiltrate that data to the attacker.
“If an attacker has remote software access to your system, Tails can’t keep you safe if someone really sophisticated is coming after you.”
The Tails team had not responded to a request for comment at the time of publication.
Proof of such low-level hacks has been more forthcoming in recent years, largely thanks to Snowden. His leaks revealed one NSA project called DEITYBOUNCE, a tool for running malicious BIOS code on
Though such "voodoo" hacking will likely remain a tool in the arsenal of intelligence and military agencies, it’s getting easier, Kallenberg and Kovah believe. This is in part due to the widespread adoption of UEFI, a framework that makes it easier for the vendors along the manufacturing chain to add modules and tinker with the code. That's proven useful for the good guys, but also made it simpler for researchers to inspect the BIOS, find holes and create tools that find problems, allowing Kallenberg and Kovah to show off exploits across different PCs. In the demo to FORBES, an HP PC was used to carry out an attack on an ASUS machine. Kovah claimed that in tests across different PCs, he was able to find and exploit BIOS vulnerabilities across 80 per cent of machines he had access to and he could find flaws in the remaining 10 per cent.
“There are protections in place that are supposed to prevent you from flashing the BIOS and we’ve essentially automated a way to find vulnerabilities in this process to allow us to bypass them. It turns out bypassing the protections is pretty easy as well,” added Kallenberg.
Kovah also plans to show CanSecWest attendees how simple it is to infect the BIOS when the attacker has physical access. Some PCs allow easy access to the chips that control the BIOS functions. With one specialist device, designed to let analysts check for and fix security issues, Kovah was able to infect the BIOS with just the push of a button. “A couple of minutes is all it takes to infect it,” he added, suggesting that agents working at border crossings might find uses for such techniques.
He believes that BIOS level vulnerabilities can be found in millions of machines across the world; everyone is running architecturally vulnerable machines, but no one's doing anything about it, he claimed. Though vendors, from Intel through to the likes of Asus and Acer, are supplying patches, they just aren’t being applied by others further along the supply chain, he added.
“There are a lot of different ways to get in because people aren’t applying the patches and people aren’t tamping down the vulnerabilities… there are no commercial grade tools inspecting at this level.
“People like corporations and agencies, they aren’t doing a good job of patching. They basically sit there vulnerable forever.”
There have been some community efforts in addressing the issues raised by the LegbaCore crew. One with some potential was the SMM Transfer Monitor, which was designed to prevent hackers doing anything to other system processes once they had compromised SMM. At CanSecWest last year, Intel Security's Advanced Threat Research team released an open source security assessment tool called CHIPSEC as an aid to finding vulnerabilities in platform hardware and firmware. But these and other measures have not been deployed widely across systems, according to the LegbaCore founders.
Kallenberg and Kovah hope their startup will shine a light on the kinds of exploits the likes of the NSA have tried to keep hidden for years, and the quality of security in the darkest corners of modern computers might improve.
