Vulnerabilities / Threats

4/3/2018
05:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

New Attack Vector Shows Dangers of S3 Sleep Mode

Researchers at Black Hat Asia demonstrated how they can compromise the security of a machine as it powers down and wakes up.

Two researchers at Black Hat Asia last month gave computers a reason to sleep with one eye open in their demo of "S3 Sleep," a new attack vector used to subvert the Intel Trusted eXecution Environment (TXT). A flaw in Intel TXT lets hackers compromise a machine as it wakes up.

Intel TXT is the hardware-based functionality that supports the dynamic root-of-trust measurement (DRTM) and validates the platform's trustworthiness during boot and launch. This attack targets trusted boot (tBoot), a reference implementation of Intel TXT normally used in server environments. tBoot is an open-source project that protects the virtual machine monitor (VMM) and operating system.

Senior security researcher Seunghun Han and security researcher Jun-Hyeok Park, both with the National Security Research Institute of South Korea, presented an exploit of the "Lost Pointer" vulnerability (CVE-2017-16837), a software flaw in tBoot. This specific attack vector has never been reported, the two said at Black Hat, and attackers only need root privilege to do it.

Researchers have investigated Intel TXT and tBoot before, the researchers explained. However, previous studies have only focused on the boot process. This one focuses on the sleeping and waking up sequence of tBoot, and how attackers could exploit a machine as it reactivates.

Securing the sleep states

Sure, you could avoid this kind of attack by keeping machines running constantly, so Han started their Black Hat session by pointing out the financial reasons for sleep mode. "Power consumption is cost," Han explained. "Many companies worry about power consumption for their products because lower power consumption means a lower electricity fee."

Shutting down machines dramatically reduces power consumption; however, reactivating all of their components poses a security risk. As the computer wakes up, restarting its many parts takes time and security devices might be temporarily shut down for part of the process.

PC, laptop, and server environments supporting advanced configuration and power interface (ACPI) have six sleeping states to gradually reduce power consumption as the machine shuts down. The states go from S0 to S5 as the CPU, devices, and RAM go into full sleep mode. Power to the CPU and devices is cut off at the S3 phase of sleep.

"Because of power-off, their states need to be restored and reinitialized for waking up," says Han. "If we intercept sleep and waking up, we can do something interesting."

There are boot protection mechanisms, Park says. The secure boot of the Unified Extensible Firmware Interface (UEFI) checks a cryptographic signature of the binary prior to execution, and stops it if the executable file lacks a valid signature. "Measured boot" measures a hash of the binary prior to execution and stores the measurement to the Trusted Platform Module (TPM).

TPM is a hardware security device widely deployed in commercial devices, Han says. It's designed with a random number generator, encryption functions, and Platform Configuration Registers (PCRs), which store hashes and can be used to seal data like Bitlocker, he explains.

The danger of sleep mode

When the system wakes up, it should turn on the security functions of the CPU and recover the PCRs of the TPM. However, because of the Lost Pointer flaw, tBoot doesn't measure all function pointers. Certain pointers in tBoot are not validated and can cause arbitrary code execution.

By exploiting the Lost Pointer flaw on a machine in S3 sleep mode, Han and Park found they can forge PCR values while a system sleeps and wakes up. If they can make the PCR variables whatever they want, attackers can subvert the Intel TXT security mechanism.

The researchers advise updating your tBoot to the latest version, or disabling the sleep feature in the BIOS, to protect against this kind of attack.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Number of Retailers Impacted by Breaches Doubles
Ericka Chickowski, Contributing Writer, Dark Reading,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14500
PUBLISHED: 2018-07-22
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.
CVE-2018-14501
PUBLISHED: 2018-07-22
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.