Your CPU chipset is also standalone webserver. Most vPro chipsets (MCHs) have:
- An Independent CPU (not IA32!)
- Access to dedicated DRAM memory
- Special interface to the Network Card (NIC)
- Execution environment called Management Engine (ME)
Your chipset is a little computer. It can execute programs in parallel and independently from the main CPU!
How might we design some malware that embeds itself into the chipset? Such malware would be able to survive reboots, brick the hardware on demand, reboot on demand, act as a MITM for all network traffic, inject vulnerabilities into the host OS during bootup, etc.
Step 1: Search for an attack vector in any version of the Intel BIOS. If you can find any attack vector in any version of the BIOS, you've won. For example, if the latest Intel BIOS is v3.9.2, but you found an exploit in BIOS v2.3.1, you've still won. Because...
Step 2: ... as the attacker, you can downgrade the victim's BIOS to any previous version without any user consent! Any old version of the BIOS is of course signed by Intel; all versions are. The chipset firmware allows any valid signed BIOS to replace the current BIOS regardless of whether it's older or newer than the current.
It was pretty shocking that the BIOS can be downgraded without any user consent. Downgrading requires a reboot, but that's probably not a huge problem in practice.
This article is from 2009, so at this point it's just an interesting piece of history. But I wonder whether any of these issues still persist today, such as the ability for userspace programs to downgrade/upgrade the BIOS at will?
As for the management engine (the CPU that drives the vPro stuff), it exists in _all_ Intel chipsets since Series 5, vPro is just a certain configuration of its firmware. It also has full access to RAM, some access to USB, network and graphics.
I assume some amount of privileges would be required to reflash. By "at will", do you mean that once those privileges are acquired, there is no notification or confirmation to the user? (Or perhaps it is easier than I think to reflash.)
Apparently they've added some downgrade protection[1]:
> The recent patch mentioned above solves this problem by displaying a prompt during reflash boot, if reflashing to an older version of BIOS. So now it requires user intervention (a physical presence). This "downgrade protection" works, however, only if we have administrator password enabled in BIOS.
[1]: http://theinvisiblethings.blogspot.com/2009/08/vegas-toys-pa...
Imagine infecting a machine with this either before delivery (requires physical access, but should be doable for FBI/NSA/foreign-counterpart) or in a "rent a server" situation. Most providers will allow you to rent a full server with root-access for a month and then cancel the contract. I'm assuming those servers get re-used if they're not too old.
[1] Code to disable access checks through DMA has been around for a long time: http://www.breaknenter.org/projects/inception/
http://media.ccc.de/browse/congress/2013/30C3_-_5380_-_en_-_...
> In this work we present a stealthy malware that exploits dedicated hardware on the target system and remains persistant across boot cycles. The malware is capable of gathering valuable information such as passwords. Because the infected hardware can perform arbitrary main memory accesses, the malware can modify kernel data structures and escalate privileges of processes executed on the system.
> The malware itself is a DMA malware implementation referred to as DAGGER. DAGGER exploits Intel’s Manageability Engine (ME), that executes firmware code such as Intel’s Active Management Technology (iAMT), as well as its OOB network channel. We have recently improved DAGGER’s capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code.
edit: you still have to first get the malware in though
None of my machines have vPro; I remember someone I know calling it "the ultimate pre-installed RAT" when it first came out.
Another interesting little fact: Intel's wireless cards, at least the 3945/4965 generation, also use an ARC core to run their firmware.
IIRC this was ultimately abandoned due to the possibility of turning the 4965 into a pretty sophisticated SDR. What a shame!
Here's another one about hardware backdooring from 2012:
https://www.youtube.com/watch?v=tV0YqJa-0OA
But when we discover a backdoor on Intel chips (not necessarily put there by Intel) in 5 years, everyone will probably act in shock and awe that it was possible.
"Prevent attacks below the operating system
Intel vPro technology protects against difficult-to-detect, penetrating rootkits and malware that threaten users working in cloud or virtual environments. It combines several hardware-based features, including Intel® Trusted Execution Technology (Intel® TXT)3 and Intel® Virtualization Technology (Intel® VT)4 for centralized image management and administration, secure network storage, and out-of-band protection—all beyond the firewall."
Irony? Or hopefully the current version of vPro as built-in to some Xeon processors is a bit more hardened...
Do you know if hardware uses http://en.wikipedia.org/wiki/Reed-Muller_Code for the ECC bits?
IMO, it's some sort of NSA thing.
I can only think of buying AMD Chips with CoreBios instead, which of I don't know, if they may have similar issues. Maybe buy Tilera, or other manycore chips instead?
This article with the title: "Expert Says NSA Have Backdoors Built Into Intel And AMD Processors" raises some concerns, even though I don't know, if the source can be trusted. http://www.eteknix.com/expert-says-nsa-have-backdoors-built-...
The system doesn't reserve memory for any of them, and they don't have official connections to the outside world (and are located in places that make such connections unlikely). Firmware is generally rather small, too.
None of them come with up to 5MB of firmware, tons of private RAM and official paths to network, graphics, system RAM and USB, like Intel chips.
Some more details on Intel and AMD at http://www.coreboot.org/Binary_situation
https://www.youtube.com/watch?v=MqbvxrJqrPU
He's done a few of these, so I might be getting them mixed up -- but the message is basically that x86 (and by extension amd64) is hopelessly broken due to legacy crap that sort of hides between the cpu, ram and devices (the software running on your cdrom drive, on the network or sound card...).
Also related:
4 2 1 Christopher Domas The future of RE Dynamic Binary Visualization
https://www.youtube.com/watch?v=4bM3Gut1hIk
[ed2: Skip to ~14-15 minutes to get to the good stuff, then go back and watch the whole thing :)
software home page and demo download (I don't think there's anything new published):
https://sites.google.com/site/xxcantorxdustxx/
https://media.blackhat.com/bh-us-12/Arsenal/Domas/_cantor.du...
ed: More recent presentation, looks to be the same: http://recon.cx/2013/schedule/events/20.html
]
Again related to (but as far as I remember does not reference [edit: I was wrong, he does indeed reference this]):
Black Hat USA 2010: Voyage of the Reverser: A Visual Study of Binary Species 1/5 https://www.youtube.com/watch?v=6Xw6pIbd2Hc
#HITB2013AMS D2T1 Sebastien Kaczmarek - Dreamboot - A UEFI Bootkit
E.g. this one doesn't:
http://ark.intel.com/products/64015/Intel-BD82X79-PCH
(Whether they actually do have the silicon and are just disabled somehow and could be enabled/not is a different issue, however...)
That's definitely not the vPro enabled version (which uses about 5MB), but approximately matches the regular non-vPro versions in size.
Maybe the "ME firmware N/A" field is meant to mean "don't bother, we don't want you to configure it"?
edit: updated with information from another bios update that isn't a diff
So, basically, the "trusting trust" extends to even your chipset. Basically, the majority of people are doomed to be the subjects of those controlling the means of production. Most of those few who have the wherewithal to peer past the curtain can easily be bribed and intimidated into cooperating.
Tinfoil hat on: I wonder if such vulnerabilities might have been concocted as a means of sneaking backdoors into the technical projects of non-US countries?
