Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
8/20/2015
05:08 PM
Steve Grobman
Steve Grobman
Partner Perspectives
50%
50%

Spiderbot, Spiderbot, Does Whatever A Hacker Thought

Virtual machine, she ignores, owns the bot, then controls yours.

At this week’s Intel Developer Forum, CEO Brian Krzanich demonstrated some gesture-controlled spiderbots during his opening keynote that lit up and danced across the stage, entertaining the crowd. These robots spawned from Intel’s investments in the maker movement, demonstrating the limitless creativity and innovation of the developer community.

Big Mama spiderbot, reporting for duty

One significant upside to the evolution of technology is lowering the barrier to entry for developers. Innovations like Intel’s Edison board enable an individual or small team to create sophisticated, autonomous robots in days instead of weeks. During the mega-session of Chris Young, senior VP and general manager of Intel Security Group, the bots were assigned sentry duty, guarding a big donut because software developers need to protect important assets such as sugary food and drinks. All joking aside, the reality is that we really do need to protect key assets, and sound coding is critical to securing our infrastructure.

Spiderbot on duty, guarding the donut

Along with this development agility, however, come new risks that need to be understood by Intel Security and developers. As connected devices become more sophisticated, they are inherently more susceptible to attacks. We took the opportunity during Young’s mega-session to showcase how vulnerabilities in the computing ecosystem can be exploited if platform and application developers are not careful in their coding practices.

We replicated a common cloud environment with multiple virtual machines running on the same physical server. In this case, the robots had a control application running in a virtual machine, which was communicating wirelessly and giving the spiderbot commands. Then we asked one of our senior software engineers, Jenny Mankin, to see if she could commandeer the robot for her own nefarious purposes. She could, and she commanded the robot to stop performing its sentry duty.

Jenny Mankin commandeering Steve Grobman's spiderbot

First, Jenny needed to steal credentials from the control application in the virtual machine. She took advantage of a vulnerability in the firmware implementation to install a rootkit inside the firmware. The rootkit allowed her to remap memory from the controlling VM to her own VM and monitor all activity in the controlling VM. (For more information on this class of attack, refer to the presentation from Black Hat USA 2015 by Intel’s Advanced Threat Research team.) This is a BIOS implementation vulnerability that breaks the VM isolation, moving the classic issue of privilege escalation in the realm of cloud, virtualization, and the Internet of Things. It also shows the attack technique of lateral movement, where the attacker uses her position in the environment (in this case, being on the physical machine) to take the next step in her attack.

In this case, once Jenny had the credentials she was able to reprogram the spiderbot by sending a return-oriented programming (ROP) exploit remotely to open a reverse-shell on the spiderbot. With ROP attacks, instead of trying to inject her own code into the software on the spiderbot, Jenny uses instructions that are already in memory and exploits a buffer-overflow vulnerability to chain together short sequences of instructions in an unintended order to execute the functionality she wants.

With Capabilities Comes Risk

As IoT devices become connected, we get much greater capabilities, but at the same time we expose ourselves to new risks. I think of the challenges demonstrated last month on automotive hacking, where a remote attacker completely took over control of a car. It is a big issue and one that developers need to comprehend in the world of rapid development, which can lead to quick but sloppy coding practices that are functional but susceptible to security vulnerabilities.

In the short term, our focus is helping the developer community understand good security coding practices. For more information, check out the following resources:

In the long term, Intel and Intel Security are looking at technology to detect and prevent this type of exploitation so that your spiderbot -- and your donuts -- remain yours. 

Steve Grobman is the chief technology officer for Intel Security Group at Intel Corporation. In this role, Grobman sets the technical strategy and direction for the company's security business across hardware and software platforms, including McAfee and Intel's other security ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We are really excited about our new two tone authentication system!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7335
PUBLISHED: 2020-12-01
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploit...
CVE-2020-15257
PUBLISHED: 2020-12-01
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that...
CVE-2020-9114
PUBLISHED: 2020-12-01
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause pr...
CVE-2020-9117
PUBLISHED: 2020-12-01
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected prod...
CVE-2020-4126
PUBLISHED: 2020-12-01
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.