Thursday, July 30, 2009

Black Hat 2009 Slides

The wait is over. The slides are here. The press release is here. Unless you're a chipset/BIOS engineer kind of person, I strongly recommend reading the press release first, before opening the slides.

So, the "Ring -3 Rootkit" presentation is about vPro/AMT chipset compromises. The "Attacking Intel BIOS" presentation is about exploiting a heap overflow in BIOS environment in order to bypass reflashing protection, that otherwise allows only Intel-signed updates to be flashed.

We will publish the code some time after get back from Vegas.

Enjoy.

ps. Let me remind my dear readers that all the files hosted on the ITL website are not digitally signed and are served over a plaintext connection (HTTP). In addition, the ITL's website is hosted on a 3rd party provider's server, on which we have totally no control (which is the reason why we don't buy an SSL certificate for the website). Never trust unsigned files that you download from the Internet. ITL cannot be liable for any damages caused by the files downloaded from our website, unless they are digitally signed.

5 comments:

Joanna Rutkowska said...

I know, the links were swapped. Should be fixed now. Thanks to all the dozen of people for telling me ;) [How come Alex didn't notice that...?;)]

Joanna Rutkowska said...

@Othman:

1) We knew the logo picture is not signed, because, if you think about it, it couldn't be otherwise, as it is something OEM can customize and you don't expect Intel to sign logos of all possible OEMs/organizations.

2) There are also other AMT devices, be we didn't find a way (yet) to use DMA engines on them.

3) I'm not sure why people think that microcode hacking would be better then AMT hacking. A rootkit inside AMT seems to offer more, then a potential ucode compromise. Keep in mind it has a dedicated link to the NIC, executes on a independent processor, that is active even in sleep mode, and has access to some 16MB of dedicated, protected DRAM that nobody else can even read. What else you could ask for?

I think people confuse potential microcode rootkits, with a hypothetical ucode exploitation (ring 3 -> ring 0 escalations). But that would not be rootkits, that would be an escalation attack. The Holly Grail of all attacks, but still not a rootkit.


4) "No More Free Bugs" initiative, as recently advocated by several researchers, seems to me like a very naive, childish attempt to make money on something that is totally useless for business, i.e. on selling bugs and exploits. I have expressed my thoughts on a Daily Dave list some months ago (DD is really touching the bottom these days BTW, wonder if it recover sometime).

Martin T said...

Thanks for uploading the slides so fast! As others have pointed out, these are really ingenious and original attacks, each involving quite a few innovative steps to reach the desired outcome.

BTW, in case you or others didn't know the Intel iTPM (integrated TPM in the chipset) found in eg. Q45, is actually implemented in firmware running on this special processor in the northbridge. So a compromise of this special environment on the Q45 might cause yet other headaches. Maybe it would even be possible to extract the endorsement key of the TPM, making it possible to create a TPM emulator in software that could attest to any desired set of (faked) PCR values.

Not that it really matters, since as you point out, the current attack can already be used to inject malicious code into a trusted environment after it has been measured by the TPM, thereby fooling eg. remote attestation schemes.

Certainly intersting times with these special CPU's popping up everywhere ;)

Joanna Rutkowska said...

@Martin: yes, we're aware of the iTPM device implemented in ME firmware, however the info we have suggests that SPI-flash compromise is not enough to compromise the iTPM's security, so we decided not to mention this in the slides. Similarly it seems like the SPI reflashing is not enough to compromise the AMT code on Q45.

Sam FHT said...

thanks joanna !