Vulnerabilities / Threats

4/3/2018
05:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

New Attack Vector Shows Dangers of S3 Sleep Mode

Researchers at Black Hat Asia demonstrated how they can compromise the security of a machine as it powers down and wakes up.

Two researchers at Black Hat Asia last month gave computers a reason to sleep with one eye open in their demo of "S3 Sleep," a new attack vector used to subvert the Intel Trusted eXecution Environment (TXT). A flaw in Intel TXT lets hackers compromise a machine as it wakes up.

Intel TXT is the hardware-based functionality that supports the dynamic root-of-trust measurement (DRTM) and validates the platform's trustworthiness during boot and launch. This attack targets trusted boot (tBoot), a reference implementation of Intel TXT normally used in server environments. tBoot is an open-source project that protects the virtual machine monitor (VMM) and operating system.

Senior security researcher Seunghun Han and security researcher Jun-Hyeok Park, both with the National Security Research Institute of South Korea, presented an exploit of the "Lost Pointer" vulnerability (CVE-2017-16837), a software flaw in tBoot. This specific attack vector has never been reported, the two said at Black Hat, and attackers only need root privilege to do it.

Researchers have investigated Intel TXT and tBoot before, the researchers explained. However, previous studies have only focused on the boot process. This one focuses on the sleeping and waking up sequence of tBoot, and how attackers could exploit a machine as it reactivates.

Securing the sleep states

Sure, you could avoid this kind of attack by keeping machines running constantly, so Han started their Black Hat session by pointing out the financial reasons for sleep mode. "Power consumption is cost," Han explained. "Many companies worry about power consumption for their products because lower power consumption means a lower electricity fee."

Shutting down machines dramatically reduces power consumption; however, reactivating all of their components poses a security risk. As the computer wakes up, restarting its many parts takes time and security devices might be temporarily shut down for part of the process.

PC, laptop, and server environments supporting advanced configuration and power interface (ACPI) have six sleeping states to gradually reduce power consumption as the machine shuts down. The states go from S0 to S5 as the CPU, devices, and RAM go into full sleep mode. Power to the CPU and devices is cut off at the S3 phase of sleep.

"Because of power-off, their states need to be restored and reinitialized for waking up," says Han. "If we intercept sleep and waking up, we can do something interesting."

There are boot protection mechanisms, Park says. The secure boot of the Unified Extensible Firmware Interface (UEFI) checks a cryptographic signature of the binary prior to execution, and stops it if the executable file lacks a valid signature. "Measured boot" measures a hash of the binary prior to execution and stores the measurement to the Trusted Platform Module (TPM).

TPM is a hardware security device widely deployed in commercial devices, Han says. It's designed with a random number generator, encryption functions, and Platform Configuration Registers (PCRs), which store hashes and can be used to seal data like Bitlocker, he explains.

The danger of sleep mode

When the system wakes up, it should turn on the security functions of the CPU and recover the PCRs of the TPM. However, because of the Lost Pointer flaw, tBoot doesn't measure all function pointers. Certain pointers in tBoot are not validated and can cause arbitrary code execution.

By exploiting the Lost Pointer flaw on a machine in S3 sleep mode, Han and Park found they can forge PCR values while a system sleeps and wakes up. If they can make the PCR variables whatever they want, attackers can subvert the Intel TXT security mechanism.

The researchers advise updating your tBoot to the latest version, or disabling the sleep feature in the BIOS, to protect against this kind of attack.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10886
PUBLISHED: 2018-07-16
ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant.
CVE-2018-10859
PUBLISHED: 2018-07-16
git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex
CVE-2018-14324
PUBLISHED: 2018-07-16
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a &q...
CVE-2018-14325
PUBLISHED: 2018-07-16
In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.
CVE-2018-14326
PUBLISHED: 2018-07-16
In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.