33 hardware and firmware vulnerabilities and threat guidelines

As it became known to the public that Meltdown and Specter bugs could attack vulnerabilities in hardware and firmware, security vulnerabilities became more vigilant. This article has compiled 33 particularly threatening hardware-related bugs.

January 2018, Meltdown and SpecterA new CPU security bug named as was discovered and put an emergency across the industry. This is because the basic concept of operating system security, which separates CPU memory into kernel space and user space, was broken by two bugs. This security flaw stems from one of the characteristics of modern CPUs,’guess execution’, and to fix the flaw, CPU makers, device makers, and operating system developers had to make some of the biggest adjustments in history.

Vulnerabilities stemming from hardware design existed before Meltdown and Specter. However, the wide range of damage that the two bugs can cause has attracted a lot of attention, especially from the security community. Academia and civilian researchers are discovering more problems than ever by studying low-level processes of operation on CPUs and other hardware components.

Among the security vulnerabilities of hardware, some can be improved by releasing new components, and some can be improved by upgrading the firmware embedded in the hardware chip. In either case, applying a patch is not that simple, so these flaws can last a long time.

Although attention was drawn to meltdown, hardware-related vulnerabilities continued to exist. Here’s a look at some of the hardware-related vulnerabilities that are worth noting.

CPU side-channel attacks
Specter Variant 1-CVE-2017-5753
Attackers can take advantage of the latest CPU’s branch prediction capabilities through CVE-2017-5753, also known as bound check bypass. By using the CPU cache as a subchannel, information in the memory allocated to other processes is extracted. In this case, not only one process may leak important information of another process, but it may also bypass the privilege boundary between user memory and kernel memory. Intel, IBM and some ARM CPUs are exposed to this vulnerability.

Specter Variant 2-CVE-2017-5715
Specter Variant 2 has the same impact as Variant 1, but uses a technique called branch target injection. To effectively prevent this variant of Specter, you need to update the CPU’s microcode. This can be done by BIOS and UEFI updates or by operating system.

Meltdown variant 3-CVE-2017-5754
The meltdown bug, also called bad data cache loading (RDCL) or a third CPU speculative execution function defect, is a vulnerability that exploits the out-of-order instruction execution function of the latest Intel CPUs. By using this vulnerability, it is possible to read the protected kernel memory across the security boundary set for each user process. To fix vulnerabilities, only the operating system needs to be updated, and this involves a more rigorous separation of kernel memory, which contains sensitive information. For example, separation can be done through mechanisms such as Linux’s Kernel Page Table Separation (KPTI).

Meltdown-GP-CVE-2018-3640
Meltdown variant or variant 3a collects subchannel information using speculative reads of system registers. For this reason, it is also called Rogue System Register Read (RSRE). To prevent this, you need to update your microcode.

Meltdown-NM-CVE-2018-3665
The speculative execution flaw is related to a meltdown called LazyFP. This flaw can be used by the FP to leak the status information of the floating point unit (FPU). The FPU is a specialized computational coprocessor used to accelerate mathematical operations and is built into Intel’s latest CPUs. This vulnerability can be prevented by applying “eager” instead of “lazy” FPU when switching processes.

Specter-NG-CVE-2018-3639
It is called Specter Variant 4 or Speculative Save Bypass (SSB). Attackers force the memory allocated for each application to be shared, and then access information from another application through one application. Microcode and Update operating systemShould be.

Specter-PHT-CVE-2018-3693
Also known as Specter 1.1, this Specter variant utilizes a speculative store to create speculative buffer overflows. Even if we took software mitigation measures for Specter, it was possible to circumvent those measures with this variant. To fix this problem, you need to update your operating system.

Meltdown-RW
Also known as Specter 1.2, this vulnerability exploits speculative execution storage to overwrite read-only data and code pointers. This violates software sandbox security. To mitigate the vulnerability, the operating system must be updated.

Pore ​​Shadow OS-CVE-2018-3620
Pore ​​Shadow(Foreshadow) is known by the name of the L1 terminal pole. Foreshadow is a speculative execution attack that steals information from the Intel CPU’s L1 data cache. Particular attention should be paid to this attack in virtual machines that divide the same physical CPU into multiple virtual CPUs. This is because these virtual CPUs use the same L1 cache. Attackers can use this variant to extract information from the operating system or SMM (system management mode). SMM is an alternative operating mode for CPU that exists separately from the operating system. It is designed to be used by BIOS and UEFI or low-level OEM code.

Pore ​​Shadow-VMM-CVE-2018-3646
This vulnerability, a variant of Foreshadow, affects virtual machines. It is possible that a guest operating system running on a virtual machine could use this variant to read the sensitive memory of another guest’s virtual machine or hypervisor.

Pore ​​Shadow-SGX-CVE-2018-3615
It is a variant of Foreshadow that allows an attacker to read the enclave memory of Intel’s SGX (Software Guard Extension). SGX is an execution environment provided by some Intel CPUs. Even if the operating system itself is compromised, developers can store data and safely execute code in SGX.

Meltdown-PK and Meltdown-BND
Meltdown-PK (Protection Key Bypass) and Meltdown-BND (Bound Check Bypass) are two variants of Meltdown that were announced in the academic world in November 2018. Meltdown-PK affects Intel CPUs, and Meltdown-BND affects both Intel and AMD.

Specter-PHT-CA-OP, Specter-PHT-CA-IP and Specter-PHT-SA-OP
These are variants of Specter that utilize the CPU’s PHT (Pattern History Table). It was found at the same time as Meltdown-PK and Meltdown-BND.

Specter-BTB-SA-IP and Specter-BTB-SA-OP
It is a variant of the Specter attack that utilizes the branch target buffer (BTB). It is a Specter variant discovered by the team that discovered Meltdown-PK and Meltdown-BND in November 2018. At the time, the team concluded that “not all variants can be completely prevented with most defenses, including existing defenses.”

Fallout-CVE-2018-1226
Also known as microarchitectural store buffer data sampling (MSBDS) Fallout(Fallout) is similar to Meltdown. Through this vulnerability, a hacker can cross a security boundary and leak sensitive information in a protected memory area. This is one of the new types of side-channel attacks targeting the CPU. Intel calls this microarchitecture data sampling (MDS). Fallout makes both the operating system and hypervisor vulnerable, and can be resolved through CPU microcode updates.

RIDL – CVE-2018-1127 및 CVE-2018-1230
Microarchitectural Load Port Data Sampling (MLPDS) and Microarchitectural Fill Buffer Data Sampling (MFBDS) MDS attackThere are two variants of. As with Fallout, the CPU microcode must be updated to fix this vulnerability.

Zombie Road-CVE-2019-11091
MDS attack Fourth variantIt is known as microarchitectural data sampling non-cacheable memory (MDSUM). Like Fallout and RIDL, it can be used to leak sensitive kernel or hypervisor memory information.

Star bleed
Starbleed is a design flaw that exists in the bitstream encryption process of Xilinx’s Field Programmable Gate Array (FPGA). Unlike CPUs that perform computing tasks according to pre-set instructions, FPGAs are integrated circuits that allow customers to fully program their logic. Unlike general purpose CPUs, FPGAs are specialized for one specific task and are widely used in business or safety critical applications in areas such as aerospace, finance, and defense.

The configuration file that the customer loads into the FPGA is called a bitstream. FPGA manufacturers, like Xilinx, who account for 50% of the FPGA market, have added encryption and bitstream verification mechanisms to help protect intellectual property and other confidentiality that may be included in their customers’ FPGAs. A research team studying IT security at the Horst Guerz Institute at Ruhr University in Bochum, Germany, discovered a design flaw in the bitstream security mechanisms of Xilinx 7-series and Virtex-6 FPGAs that could decrypt and fix bitstreams.

The research team will be presented at the 29th USENIX Security Symposium. Paper“As a result of the research team’s attack, we were able to avoid the bitstream encryption process on all Xilinx 7-series devices, as well as partially decrypt the secure bitstream on the Virtex-6 device.”

They “can also manipulate the bitstream by adjusting the HMAC. In general, setting up an out attack is the same as is common in major practice. The attacker only needs to access the field FPGA’s configuration interface. Secret. The decryption key is already stored in the FPGA, for example the key is stored in internal battery-backed RAM (BBRAM) or eFUS after the device is manufactured The attacker uses the FPGA where the key is stored as an oracle to decrypt the bitstream. I can do it.”

Initiating a Starbleed attack requires access to the FPGA’s hardware configuration interface. That means you need to have physical access to the device. However, some FPGAs can be programmed and reprogrammed through a separate microcontroller and connected to the network. In this case, the attack can also be executed remotely.

Because this design flaw exists in silicon, it cannot be fixed with a patch, and we have no choice but to expect it to be improved in the Xilinx FPGA successor. The company was notified of the vulnerability before the research team’s paper was published, and sent recommendations to customers.

Platypus
Platypus(PLATYPUS) is a side-channel attack that abuses the RAPL (Execution Average Power Limit) interface, which is used to measure the power consumption of a CPU core. It is always present in the Intel CPU (Sandy Bridge) that appeared in 2011. This is the first differential power analysis attack that can be executed remotely to leak secrets such as cryptographic keys in Linux kernel memory and Intel SGX security enclosures.

The attack was devised by a research team at the University of Birmingham in the UK and the Helmholtz Information Security Center at CISPA, and was announced in November 2020. Linux kernel developers addressed the vulnerabilities CVE-2020-8694 and CVE-2020-8695 by preventing unauthorized applications from accessing RAPL energy consumption data.

However, it doesn’t deal with a vector of’privileged attack’ targeting Intel Software Guard Extensions (SGX). SGX is a Trusted Execution Environment (TEE) built into the CPU, and its essential role is to securely protect important encrypted data even if the operating system is completely damaged. To stop this attack CPU microcode update released by IntelShould be distributed.

In an attempt to attack Intel CPUs, the researchers warned that CPUs from other chip makers, including AMD, Nvidia and ARM, also have on-board energy meters that can be accessed and may be vulnerable to such attacks.

DRAM memory rowhammer attacks
Low hammer
A row hammer is a physical effect that can occur when reading the same row of memory cells physically quickly multiple times within an SDRAM chip. This effect is also called hammering. The electric charge generated by the cell in the row being hammered leaks into the adjacent row, changing the value of the cell in the row. Known as bit flip, this effect can occur because of the increased cell density of modern SDRAM chips such as DDR3 and DDR4.

The low hammer effect has been known for a long time. Members of Google’s Project Zero team demonstrated for the first time in March 2015 that they could have security implications when they uncovered two cases of privilege escalation exploits using a low hammer.

Low Hammer.js
Row Hammer.js is a row hammer attack implemented using JavaScript. As long as this vulnerability exists, it has been found that remote attacks could be accomplished simply by visiting a malicious web page. Browser vendors have taken steps to mitigate this attack.

Dreamer-CVE-2016-6728
Drummer(Drammer) is a low hammer type of attack known to target Android devices. Memory chips in mobile devices were not considered to be in the affected area until the Drammer was discovered.

Flip Feng Shui
It is a low hammer attack targeting virtual machines. A malicious guest virtual machine can flip a bit in physical memory and affect other virtual machines under control. The research team proved this by turning off OpenSSH public key authentication on the target virtual machine.

ECCPloit
ECCploitIs an attack that shows that a low hammer type attack can occur even on SDRAM chips with error correction code (ECC) functions. The theory is that this type of memory commonly used in servers can prevent row hammers.

Throwhammer
Throwhammer refers to a low hammer attack that can attack the entire network by using the RDMA (Remote Direct Memory Access) function mounted on a high-speed network card similar to that used in servers.

Rambleed
Rambled(RAMBleed) is the first attack to show that it is possible to steal data from a memory cell when using the row hammer effect. In the past, row hammer attacks weakened the memory integrity function through bit flip, and could induce other conditions for attack such as elevation of privilege. Meanwhile, the rambleed attack is accomplished by using row hammering and side channels. This is because the purpose is to extract data by inferring information on adjacent memory cells. In that respect, Rambled is similar to Meltdown and Specter.

Firmware vulnerabilities with broad impact
Bluebone
Bluebone was announced in 2017 during the implementation of the Bluetooth stack for Linux, Android, Windows and MacSO. weaknessto be. It has been estimated that this vulnerability affects more than 5 billion devices. In the case of computers, the vulnerability can be fixed relatively easily by simply updating the OS. On the other hand, Bluetooth enabled smart watches, TVs, medical devices, automotive infotainment systems, wearables and other IoT devices require firmware updates. The researchers estimate that in 2018, a year later, more than 2 billion devices will remain exposed.

crack
crackThe (KRACK) or key reinstallation attack exploits the weaknesses of the WPA2 wireless security standard. The WPA2 wireless security standard is used to secure most wireless networks in use today. However, due to weaknesses in the standards themselves, there were problems implementing WPA2 on all types of devices, including home routers and other IoT devices. Firmware updates were required to mitigate this vulnerability, and devices that have ended support remain vulnerable to this day.

Bad USB
In 2014, it turned out that microcontrollers on USB thumb drives could be reprogrammed to spoof keyboards and other devices, and then used to control computers or filter data. Many USB thumb drives remain under attack.

Thunderstrike and Thunderstrike 2
It refers to an attack that targets a vulnerability in the Apple MacBook’s firmware to install a firmware rootkit in the process of connecting a malicious device to a Thunderbolt port. Thunder Strike 2 (Thunderstrike 2) also damaged the newly inserted Thunderbolt device, creating room for the worm to act.

Thunder Clap
ThunderClap has demonstrated the ability to execute privilege code on computers equipped with Thunderbolt ports. attackto be.

ROCA
Corpus Miss attack return(ROCA) is an attack targeting Infineon Technologies’ Trusted Platform Module (TPM) and security chip (SE). TPMs and SEs are used in tens of millions of business computers, servers, hardware authentication tokens, and various types of smart cards, including national ID cards. RSA keys generated through various methods become increasingly vulnerable to factorization, an attack designed to recover keys. The researchers estimated that recovering individual 2048-bit RSA keys generated on multiple devices would cost about $20,000, and about $40 for 1024-bit RSA keys.

Intel Management Engine
The Intel Management Engine (ME) is a dedicated coprocessor and subsystem on several Intel CPUs and is used for out-of-band management tasks. Intel ME runs its own lightweight operating system completely separate from the user-installed operating system. For this reason, it was often called a backdoor in the security community. Past years Serious vulnerabilities found in Intel METo fix this, you need to install a firmware update provided by the computer manufacturer. This means that many obsolete systems that have ended support are unlikely to receive updates.

*Lucian Constantin is CSO’s Chief Reporter. Covers information security, privacy, and data protection.