Vulnerabilities / Threats

4/3/2018
05:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

New Attack Vector Shows Dangers of S3 Sleep Mode

Researchers at Black Hat Asia demonstrated how they can compromise the security of a machine as it powers down and wakes up.

Two researchers at Black Hat Asia last month gave computers a reason to sleep with one eye open in their demo of "S3 Sleep," a new attack vector used to subvert the Intel Trusted eXecution Environment (TXT). A flaw in Intel TXT lets hackers compromise a machine as it wakes up.

Intel TXT is the hardware-based functionality that supports the dynamic root-of-trust measurement (DRTM) and validates the platform's trustworthiness during boot and launch. This attack targets trusted boot (tBoot), a reference implementation of Intel TXT normally used in server environments. tBoot is an open-source project that protects the virtual machine monitor (VMM) and operating system.

Senior security researcher Seunghun Han and security researcher Jun-Hyeok Park, both with the National Security Research Institute of South Korea, presented an exploit of the "Lost Pointer" vulnerability (CVE-2017-16837), a software flaw in tBoot. This specific attack vector has never been reported, the two said at Black Hat, and attackers only need root privilege to do it.

Researchers have investigated Intel TXT and tBoot before, the researchers explained. However, previous studies have only focused on the boot process. This one focuses on the sleeping and waking up sequence of tBoot, and how attackers could exploit a machine as it reactivates.

Securing the sleep states

Sure, you could avoid this kind of attack by keeping machines running constantly, so Han started their Black Hat session by pointing out the financial reasons for sleep mode. "Power consumption is cost," Han explained. "Many companies worry about power consumption for their products because lower power consumption means a lower electricity fee."

Shutting down machines dramatically reduces power consumption; however, reactivating all of their components poses a security risk. As the computer wakes up, restarting its many parts takes time and security devices might be temporarily shut down for part of the process.

PC, laptop, and server environments supporting advanced configuration and power interface (ACPI) have six sleeping states to gradually reduce power consumption as the machine shuts down. The states go from S0 to S5 as the CPU, devices, and RAM go into full sleep mode. Power to the CPU and devices is cut off at the S3 phase of sleep.

"Because of power-off, their states need to be restored and reinitialized for waking up," says Han. "If we intercept sleep and waking up, we can do something interesting."

There are boot protection mechanisms, Park says. The secure boot of the Unified Extensible Firmware Interface (UEFI) checks a cryptographic signature of the binary prior to execution, and stops it if the executable file lacks a valid signature. "Measured boot" measures a hash of the binary prior to execution and stores the measurement to the Trusted Platform Module (TPM).

TPM is a hardware security device widely deployed in commercial devices, Han says. It's designed with a random number generator, encryption functions, and Platform Configuration Registers (PCRs), which store hashes and can be used to seal data like Bitlocker, he explains.

The danger of sleep mode

When the system wakes up, it should turn on the security functions of the CPU and recover the PCRs of the TPM. However, because of the Lost Pointer flaw, tBoot doesn't measure all function pointers. Certain pointers in tBoot are not validated and can cause arbitrary code execution.

By exploiting the Lost Pointer flaw on a machine in S3 sleep mode, Han and Park found they can forge PCR values while a system sleeps and wakes up. If they can make the PCR variables whatever they want, attackers can subvert the Intel TXT security mechanism.

The researchers advise updating your tBoot to the latest version, or disabling the sleep feature in the BIOS, to protect against this kind of attack.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6485
PUBLISHED: 2019-02-22
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5...
CVE-2019-9020
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc...
CVE-2019-9021
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file...
CVE-2019-9022
PUBLISHED: 2019-02-22
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parser...
CVE-2019-9023
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcom...