Analyzing UEFI BIOSes from Attacker & Defender Viewpoints

Presented at Black Hat Europe 2014, Oct. 17, 2014, 9 a.m. (60 minutes).

In 2013, MITRE released Copernicus 1, a best-effort system to capture a raw dump of the BIOS and whether it appears to be possible for an attacker to write to it. In 2014, we released Copernicus 2 to combat the ability of an attacker to subvert not just Copernicus 1, but all other BIOS capture systems. While these free tools are a good way to get a copy of your BIOS, analyzing it to detect malicious changes is still an open problem in need of further investigation before defenders can feel confident that they have un-infected BIOS. You can't just compare the MD5s from two BIOS dumps and get a valid comparison. This is a problem that leads to firmware-level malware going under-reported and under-analyzed due to not enough people with the background to jump into this area.

In this presentation, we will assume that you have a suspected badBIOS dumped by Copernicus that you'd like to determine the integrity and authenticity of. We will perform a breadth-first discussion of the topics such as port IO, memory-mapped IO, PCI, SMM, UEFI, and others that you need to become more familiar with in order to effectively analyze modern BIOSes. We will especially focus on how UEFI's removal of security through obscurity is a double edged sword which helps both attackers and defenders analyze BIOSes for attacks or integrity checks. This talk will serve as a gateway for people with existing reverse engineering knowledge to start analyzing modern PC firmware.


Presenters:

  • Xeno Kovah - The MITRE Corporation
    Xeno is a Lead InfoSec Engineer at The MITRE Corporation, a non-profit company that runs six federally funded research and development centers (FFRDCs) as well as manages CVE. He is the team lead for the BIOS Analysis for Detection of Advanced System Subversion project. On the predecessor project, Checkmate, he investigated kernel/userspace memory integrity verification & timing-based attestation. Both projects have a special emphasis on how to make it so that the measurement agent can't just be made to lie by an attacker. He is also the founder and most prolific contributor of OpenSecurityTraining.info (@OpenSecTraining).
  • John Butterworth - The MITRE Corporation
    John Butterworth is a Security Researcher at The MITRE Corporation who currently specializes in Intel firmware security. In 2012 he co-authored the whitepaper, "New Results for Timing-Based Attestation," which used timing based attestation to detect Windows kernel hooks. This research was presented at DEF CON and the 2012 IEEE Symposium on Security and Policy. In 2013, he and his colleagues authored "BIOS Chronomancy: Fixing the Static Root of Trust for Measurement," which proposed using Timing-Based Attestation during the BIOS boot process to resolve critical problems which they had found with current implementations of the Trusted Computing Group's "Static Root of Trust for Measurement." He has presented this research at NoSuchCon, Black Hat USA, SecTor, SEC-T, Breakpoint, and Ruxcon. Following this he has created a tool called Copernicus designed to determine just how prevalent vulnerable BIOS is in industry. John is currently continuing to research the security of BIOS/UEFI and the Intel architecture.
  • Corey Kallenberg - The MITRE Corporation
    Corey Kallenberg is a Security Researcher for The MITRE Corporation who has spent several years investigating operating system and firmware security on Intel computers. In 2012, he co-authored work presented at DEF CON and IEEE S&P on using timing based attestation to detect Windows kernel hooks. In 2013, he helped discover critical problems with current implementations of the Trusted Computing Group's "Static Root of Trust for Measurement" and co-presented this work at NoSuchCon and Blackhat USA. Later, he discovered several vulnerabilities which allowed bypassing of "signed BIOS enforcement" on a number of systems, allowing an attacker to make malicious modifications to the platform firmware. These attacks were presented at EkoParty, HITB, and PacSec. Recently, Corey has presented attacks against the UEFI "Secure Boot" feature. Corey is currently continuing to research the security of UEFI and the Intel architecture.
  • Samuel Cornwell - The MITRE Corporation
    Sam Cornwell is a Senior InfoSec Engineer at The MITRE Corporation, a not-for-profit company that runs six federally funded research and development centers (FFRDCs) as well as manages CVE. Since 2011, he has been working on projects such as Checkmate (a kernel and userspace memory integrity verification & timing-based attestation tool), Copernicus, a (BIOS extractor and configuration checker), and several other private security sensors designed to combat sophisticated threats. He has also researched and developed attacks against UEFI SecureBoot.

Links:

Similar Presentations: