CyberWire Daily - Hidden dangers inside Windows and LINUX computers. [Research Saturday]
Episode Date: March 28, 2020Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacture...rs.” Here to discuss their findings is Rick Altherr, a Principle Engineer at Eclypsium. The research can be found here: Perilous Peripherals: The Hidden Dangers Inside Windows and LINUX Computers. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. data products platform comes in. With Domo, you can channel AI and data into innovative uses that
deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to
your role. Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.
Hello, everyone, and welcome to the CyberWire's Research Saturday.
I'm Dave Bittner, and this is our weekly conversation with researchers and
analysts tracking down threats and vulnerabilities and solving some of the hard problems of
protecting ourselves in a rapidly evolving cyberspace. Thanks for joining us.
And now, a message from our sponsor, Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024.
These traditional security tools expand your attack surface
with public-facing IPs that are exploited by bad actors
more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust Plus AI stops attackers
by hiding your attack surface,
making apps and IPs invisible,
eliminating lateral movement, connecting users only to specific apps, not the entire network, continuously verifying
every request based on identity and context, simplifying security management with AI-powered
automation, and detecting threats using AI to analyze over 500 billion daily transactions.
Hackers can't attack what they can't see.
Protect your organization with Zscaler Zero Trust and AI.
Learn more at zscaler.com slash security.
What really drove us to come back to this area was it's been a while and we've not seen a lot in the industry that's changed.
That's Rick Alther. He's a principal engineer at Eclipsium. The research we're discussing today is titled Perilous Peripherals, the Hidden Dangers Inside Windows and Linux Computers.
So what we really wanted to do
was go explore the breadth of the problem.
We knew the problems existed around unsigned firmware,
but we wanted to see how many different market segments
in the computing industry did this touch?
What types of devices were still vulnerable
and where were improvements being made?
So that's why this really reveals four or five, depending on how you count,
the different examples of unsigned firmware
and how that can be used or misused in these various systems.
And the intent was really to provide some perspective around
this is a known problem, it's been a known problem,
here's how big of a
problem this really is. Well, let's start with some of the real basics here. Can you describe to us
what are we talking about when we're talking about firmware and then what's the difference
between it being signed or unsigned? So firmware is software that is actually run in very low level
context in the hardware. So often the firmware
is not stored on your hard drive, but rather stored in a separate programmable device that is
right next to the device using it. Firmware gets used in all sorts of different components within
your average computer. So if you look at the laptop that's currently sitting in front of me,
So if you look at the laptop that's currently sitting in front of me, the trackpad, the touchscreen, the sound card, the mouse I have connected to it, these all have pieces of software that control the behavior of that individual device.
That firmware talks to the main host processor, the x86 processor, in order to perform whatever function.
So when we then talk about what signed versus unsigned means, most of these devices, when they start up, they don't have firmware built into them.
So they have their own little CPU core inside the device.
Your trackpad has a processor in it.
And when it starts up, it needs to load its firmware from somewhere.
And when it does so, it just reads it from this flash memory device that's attached to it
and starts executing it. And it does so because that's the simplest thing possible. It simply
does what's called execute in place. It fetches an instruction from the flash device and runs it
immediately. This means that there's no integrity checks. There's no validation that this
firmware is actually the correct firmware for this device, that it's even an appropriate firmware for
the device. What signing does is add cryptography to the firmware such that when the device starts
up, you can have a very small built-in bit of firmware, often called a ROM, that instead of
just fetching an instruction and executing it directly from the flash,
copies some of that data out of the flash and runs some cryptographic operations on it
and verifies that, in fact, that firmware was properly signed by some entity that's supposed to produce that firmware.
It provides a level of authenticity and integrity checking of
the actual firmware before you start running it. So in the history of these sorts of devices,
these devices within our devices, is it fair to say that for a long time it was sort of assumed
that these devices were trustworthy, that if the trackpad is within the laptop itself,
the laptop is going to trust that that trackpad is within the laptop itself, well, the laptop's
going to trust that that trackpad is who and what it says it is. Correct. And even further,
it used to be that often the firmware in these devices was fairly static, right? It would be
programmed in at the factory and it would live that way for the rest of its life. Nowadays,
you see that when you go in and do a software update, you know, Windows
update on your laptop or something, you'll see firmware updates be delivered. Or if you go to
your manufacturer's website, you'll see firmware updates. And these are because the firmware has
gotten more complicated over time and now has bug fixes that are relevant. Well, if you have a
firmware update mechanism, that means that the host processor, the system running Windows, actually can replace the firmware on these peripheral devices.
And so that's what changes the scope of if there are mechanisms for doing that updating, then we need to be careful about what updates we accept to make sure that the devices are not being compromised in some way.
And that's where the signing comes into play.
Exactly.
So again, with the ability for these devices
to be updated sort of on the fly,
what opportunities did that open up
in terms of bad actors taking advantage
of this capability within the machine?
It varies a lot from device to device
as to what capabilities you can gain.
One way to think of it is, if I'm a malicious actor and I can replace the firmware in this
device, the simplest case is to emulate the existing device. So for example, if I'm compromising
the firmware on a trackpad, because it's a trackpad, I can easily emulate the behavior of a
trackpad. I can essentially have the firmware
move the mouse cursor all on its own without your finger actually touching the trackpad.
And you might say, well, what good does that do? You can, you know, move it around and make
it annoyance. Well, you can also get a little bit more complicated. And by complicated, I mean,
sophisticated, I guess, in this case, right? They kind of go hand in hand here. But if I can
move the mouse cursor around, I can use that same mechanism to interact with the host system to
emulate other aspects of that device. And I can do so in a very rapid fashion. So I could do things
like move the mouse cursor to the bottom left corner of the screen where I know the start button
always is. And because I know where that is, now I can click and work through the start menu in a very fast fashion. I can also
look at how the device is connected to the host system. In the case of a lot of trackpads or
mice or other pointing or human interface type devices, they use what's called a HID interface
or a human interface device. And that is used for both keyboard and mice.
Well, if the trackpad already acts as a HID device, I can perhaps emulate not only a mouse or trackpad, but also emulate a keyboard at the same time.
So now I have the capability of moving the mouse pointer and typing, which then opens the case of, well, if I could arbitrarily type in
things and move the mouse pointer around, then what can I do with that? I can start up and run
various commands. Now, what about other bits of hardware within the system? I mean, I can imagine
things like your Ethernet interface or your Wi-Fi. That would be an attractive target.
Yeah, this is why we started surveying the different types of devices.
And in fact, one of our examples is a Wi-Fi adapter.
In this case, the Wi-Fi adapter starts up with sort of a minimalistic firmware or a baseline firmware.
And then the device driver from Windows actually is responsible for loading the firmware
once the operating system has started up.
It updates the firmware to match the device driver.
But this means that now I have potential control of the actual network interface.
So now I can be in the data path of every bit of traffic going in and out of your computer.
Now, as you mentioned, this sort of vulnerability has been known for several years now.
Have manufacturers been adapting to this or are you seeing more and more examples of them signing the firmware?
It depends on the space.
Certainly when you look at laptops and systems that are designed for use in sort of enterprise businesses,
there's more effort put into that situation.
You'll see signing applied to the main system firmware,
and you'll see things like Boot Guard and BIOS Guard being rolled out by Intel
and picked up by the manufacturers.
But when you move to the peripheral components like trackpads, et cetera,
if you look at how systems are designed and built by the manufacturer, the trackpad is not something that the manufacturer of your laptop builds themselves.
They purchase a pre-built module from someone or they contract that out.
suppliers often are using that same design to multiple of their customers, which means that multiple laptops on the market are going to have the same core component. It may look slightly
different, but it's ultimately running very similar or the same firmware. And those suppliers
are the ones that are most concerning. And what we found where the least advancement had been made in terms of putting protections in for their firmware. So now we have things like a trackpad or a Wi-Fi adapter
that is used in a variety of devices from a variety of manufacturers that all have the same
flaw in them. And when I go to each of those manufacturers and say, by the way, your laptop contains this device that has this problem, they have to go work with that supplier to actually develop a fix.
Now, this relationship, this indirect relationship between the end user who cares about security and the supplier who actually manufactures that component of the system has to pass through this intermediary.
manufacturers that component of the system has to pass through this intermediary. And there's just a whole bunch of business dynamics that come into play as to, are the computer manufacturers
specifying that signed firmware is a requirement for these devices? And what we find is that in
some cases they have been, but it has to actually be a majority of the computer manufacturers
requesting that for a supplier to really invest in and do the
work to do it properly. Well, take us through some of the specific examples here from your research.
What are some of the devices that you all explored? Well, we've talked a lot about the
trackpad and trackpoint firmware. So that was certainly a case where we looked at and were
able to verify that, in fact, you could modify the firmware and the device would still load it properly.
Another case was actually the built-in web camera used in a variety of HP consumer-level
laptops.
And so in this case, I personally looked in that firmware and saw that there were descriptors,
like strings that show up, you know, descriptive text about the device.
And so I modified that
just to see what would happen. And sure enough, the device accepted it and it would show up in
device manager with the altered text. So, you know, this is another case where a device that's
built right into the system can easily be modified. We've also talked about the Wi-Fi adapter where,
you know, we were able to verify the same thing. One interesting aspect of that mechanism
where the device driver is responsible for loading the firmware is that the device driver itself is
signed. And we talk about this in detail that Windows has a signing mechanism and verifies the
device driver before it loads it. But when the device driver then goes to load the firmware,
it loads it. But when the device driver then goes to load the firmware, it's the responsibility of the device driver author, which is usually that vendor, to actually do the correct checks.
Windows does not help you in this way. And so there's this belief that, oh, well,
the device driver was signed and so therefore everything is okay. That's not necessarily true.
And we get into some of the details of how you can check individual device drivers for this. But ultimately, it means you can tamper with the
firmware, even though Windows says, yes, it's using a signed device driver, because the firmware is
still modified. And probably the most interesting case that we looked at was actually in a network chipset that's used in an Ethernet chipset that's used commonly in servers.
And why this was particularly interesting is that servers often have a separate management processor called a BMC that lets you interact with the system and do things like turn the power on and off or reset the system or control the keyboard and mouse.
And this is really useful
for IT administrative functionality. But it's usually treated as a separate security domain
from the actual computer that it controls. So the idea is that I have a server that's
racked in a data center somewhere. The people that are using that system who are responsible
for maintaining the operating system and applications on that system are one set of security controls.
They control the operating system and everything below that.
The BMC is then controlled by your IT staff to take care of the system if something were to break such that it wasn't booting anymore or things of that nature.
that it wasn't booting anymore or things of that nature. Due to the way that these systems are implemented, the network traffic from both the BMC and the main operating system come together
inside of the network interface chip. And it turned out that the way that this was implemented
meant that the firmware was actually responsible for enforcing that separation of privileges.
So once we were able to replace the firmware with our own firmware,
we could actually snoop on the management traffic from the operating system.
And that shouldn't actually be possible.
In fact, it violates that security boundary
and opens up a lot of potential for doing much more in-depth attacks.
Now, the research that you all have been doing here, exploring these different devices,
have you been tracking any examples of this being used out in the wild?
Are these active exploits?
So often in the wild, examples of these require sophistication enough that they're very targeted.
It's sort of, if you are an attacker,
you're going to invest a lot of time and energy to develop such an attack.
And so you're only going to use that in situations where you need it
or where it's very advantageous to you.
And so that means this tends to target very specific cases
and come from specific threat actors.
That's a long-winded way of saying,
your average business isn't going to see
this kind of attack in the wild.
And when we do see an attack in the wild,
like the equation group attacks
that were revealed five years ago,
they're very specialized
and focused on a particular type of hardware
and a particular attack target.
That said, there are multiple examples over the years
of where this is becoming
more prevalent, that the main advantage you get from infecting firmware this way is a level of
persistence. Even if you replace the hard drive and reinstall the operating system, the infected
firmware is still there. And in fact, that's exactly what the Equation Group hard drive firmware
attack did, was it used the hard drive firmware as a launching point for reinfecting the operating system.
Then we also see these types of attacks being used in other areas, in some of the attacks against power grids and various other places.
There'll be specific focused exploits against certain types of devices, either to cause that specific device to misbehave or to use that as a persistence and jumping point for other types of attacks.
Now, your research points out that this is an issue with many Windows and Linux devices.
Apple seems to be taking additional steps to protect themselves against this?
So Apple does a variety of things in their system to take additional
protection steps. So things like the T2 security chips and those types of things. That said,
looking at the devices in their system, they also use a lot of the same off-the-shelf type
equipment. So the Wi-Fi chipsets that they use would actually be also used in other systems.
We did not do an extensive look at Apple systems, nor did we
look at components that happen to be used in those systems. My experience says that every
machine I have looked at has at least one vulnerable component. So what are the take-homes
here in terms of the level of concern folks should have and the mitigations they should put
in place, what are your recommendations? Well, one aspect is if there is a vulnerability in
your firmware, the mitigations are going to come through a firmware update for that device.
So get a little bit more in the habit of staying up to date on, do I have the latest firmware for
my device? In the past, that used to be only update your
firmware if you're experiencing a problem. Nowadays, there may actually be security
issues that require a firmware update. And so keeping up to date on your software patches,
both from the operating system level, as well as your firmware, helps keep you up to date with
the latest in what vulnerabilities are there and what mitigations have been put in place. Then the other thing is that really as a purchaser or a consumer of these
devices, starting to ask your manufacturers or your devices when you're in a position to about
the security features that they have, especially when you're talking about enterprises and you're
thinking about your refresh of your components and you're
evaluating which machines to purchase, include in your rubric, do you use signed firmware on all
your peripherals? You know, ask that question. And that starts to drive home that this is actually
an important thing for consumers and hopefully builds up that impact through the manufacturers
down to the suppliers to implement those protections down all the way at the peripherals.
Our thanks to Rick Alter from Eclipsium for joining us.
The research is titled Perilous Peripherals, the Hidden Dangers Inside Windows and Linux Computers.
We'll have a link in the show notes. Thank you. to see how a default-deny approach can keep your company safe and compliant.
The CyberWire Research Saturday is proudly produced in Maryland out of the startup studios of DataTribe,
where they're co-building the next generation of cybersecurity teams and technologies.
Our amazing CyberWire team is Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Bond, Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Valecki, Gina Johnson, Bennett Moe, Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner.
Thanks for listening. Thank you.