Black Hat: Researcher Demonstrates Hardware BackdoorOne security professional shows off techniques for backdooring computer hardware to allow an attack to better hide and be more persistent
While security experts have discussed the potential for compromising firmware with a stealthy backdoor to allow for persistent compromise of a computer, a researcher at the Black Hat security conference last week demonstrated a general version of such an attack.
In a presentation last Thursday, Jonathan Brossard, a security research engineer with consultancy Toucan System, showed off a collection of open-source software and custom-built code -- dubbed Rakshasa -- that allows remote attackers to compromise and control a computer system at the hardware level. While the technique requires physical access to the hardware or remote root on the system, once the attack is complete, the compromise is both stealthy and difficult, if not impossible, to remove.
"If you have an intrusion like this, you would have to physically open your box and ... flash every firmware on your board, including the BIOS," Brossard said. "But since people don't make backups of these things, I just recommend you throw your server away."
Brossard's goal was to make a general backdoor that is capable of surviving not only a reinstallation of the operating system, but also the reflashing of the system firmware, or BIOS. In addition, the attack should be stealthy but allow for remote updates.
Rakshasa can be used on many different platforms because its foundations are not custom code, but legitimate open-source components: Coreboot, a BIOS boot loader; SeaBIOS, an open-source implementation of X86 BIOS; and a set of expansion ROMs to reflash various PCI-enabled peripherals. Because the individual software components are not malicious, the backdoor is hard to detect with antivirus software, Brossard said.
"What we want to do eventually is boot a bootkit from the network, instead of leaving it on the file systems," he said. "From an antivirus perspective the attack surface to detect this code as malicious is basically zero."
The only malicious code is downloaded from the Internet every time the computer boots. When the compromised system starts up, Rakshasa attempts to connect to the Internet using either wireless or wired networking and a variety of protocols. Once a connection is established, it will download a bootkit using a covert channel to a command-and-control server.
For the proof-of-concept attack, Broussard used a commercial bootkit, Kon-boot, which can remove two major exploit defenses on Windows systems: address space layout randomization and the no-execute (NX) bit. On modern-day operating system, these two technologies make exploiting vulnerabilities much more difficult.
"Even if you change your hard drive or remove your operating system, you still very much are going to be owned," he says.
While encryption -- especially via the trusted platform module -- could theoretically be a solution to such an attack by preventing the operating system from accessing protected resources, there are workarounds. The password to the bootable hard drive could be socially engineered from the user by throwing up a login prompt. If a trusted platform module had cryptographically sealed the computer before Rakshasa was installed, then the attacker would have to use the fake login prompt to steal credentials and disinfect the computer.
In the end, users who lack confidence in the security of their computer hardware would have to take steps to prevent such attacks, Broussard said.
"I recommend when you get a new laptop to reflash all these dodgy firmware that you don't understand, and which you can't understand, because it is proprietary, with open-source stuff that you can actually understand," he said.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.