ARLINGTON, Va.—Unless you were at Black Hat on Feb. 28, you probably woke up safe in the assumption that if a rootkit hit your system, reimaging would remove it. You probably also thought that the best way to search a PCs volatile memory, or RAM, was by grabbing it with a PCI card or a FireWire bus.
You were wrong.
At the Black Hat Briefings here on Jan. 28, two breakthrough hardware hacks were demonstrated. One shocker was Coseinc Senior Security Researcher Joanna Rutkowskas demonstration of a way to subvert system memory through software—in essence, the shattering of our long-held belief that "going to hardware" to secure incident response is a security failsafe.
Security professionals at the show called it the "attainment of the holy grail," particularly since the only way to fix the systems memory corruption is to reboot—thus erasing all tracks of the subversion.
Its a digital forensic teams worst nightmare. How can you figure out—and prove in court or to auditors—what people have been doing on your companys PCs, for good or evil?
Hardware heresy didnt stop there. John Heasman from NGSS (Next Generation Security Software) proved that rootkits can persist on a device—on firmware—rather than on disk, and can thus survive a machine being reimaged. Even reformatting wont save us these days.
These hacks are esoteric, but theyre proving that much of what we thought of as hardware unassailability is pure folklore.
Jamie Butler, principal software engineer at security services provider Mandiant, explained the significance of Rutkowskas hack in an interview with eWEEK at Black Hat here. "The significance of it is theres been this folklore, this legend that if you do hardware acquisition of memory, its not subvertible," Butler said. "But if youre running software and youre accessing memory, you can be subverted."
Heres how Rutkowska herself described our current beliefs about hardware unassailability on her blog: "We all know that any software-based system compromise detector can always be cheated if malware runs at the same privilege level as the detector (usually both run in kernel mode)," she writes. "This is what I call Implementation Specific Attacks (ISA). Because of that, mankind has tried to find some better, more reliable ways for analyzing systems, which would not be subject to interference from malware. "And we all know what weve come up with as a solution—hardware-based devices for obtaining the image of volatile memory (RAM), usually in the form of a PCI card."
Those devices include a proof-of-concept called Tribble (PDF), from security professionals Brian Carrier and Joe Grand, as well as BBN Technologies CoPilot, a device you cant get unless youre doing research for the U.S. government. The idea behind these devices is to access physical memory by using DMA (Direct Memory Access). This method doesnt touch the CPU when it accesses memory, so its been considered a reliable way to read physical memory that hasnt been mucked up by whatever havoc malware has been playing with the operating system. Not.
"The point is: once we get the memory image, we can analyze it for signs of compromises on a trusted machine or we can have the PCI device do some checks itself," Rutkowska said. "So, it seems to be a very reliable way for reading the physical memory …. But it is not! At least in some cases ...."
Butler explained it this way: "Because the CPU accesses physical memory through a different channel than DMA access, she was able to redirect DMA access somewhere else. The significance is that people were using DMA-based acquisition, either with FireWire or PCI, to get physical memory from a machine. Then they could search for processes, ports, whatever was happening at the time of acquisition. Now shes redirected that access, that read of memory, to some other place. She just filled in all that memory with [the character F, repeated multiple times: FFFFFFFF]. Now theyre reading something completely different than whats actually running."
In her demonstration at Black Hat, Rutkowska showed her work on x86/x64 architecture, specifically AMD64-based systems. Not that this hack wouldnt necessarily work on 32-bit systems, but, Rutkowska said, AMD is what she had on hand.
Bear in mind, you wont hear from AMD or Intel about patches for your hardware, because theres nothing wrong with it. Rutkowska pulled everything she needed out of AMD manuals. So yes, she shattered beliefs in hardware architecture, but in essence she just played with what was already known.
"Its about design," she said during her demonstration. [PCs] werent designed for security. They were designed to do complex work."