PacSec 2015 speaker

1. THE HIDDEN DANGERS INSIDE
THE PLATFORM

2. Thank you for having us here

3. 私たちです

4. Agenda
- Part 1
- Background
- Overview of platform assets
- Types of platform components
- Motivation for malicious intent
- Part 2
- Real world example of a worst case scenario
- Explanation of vulnerabilities found

5. 古典 プラットフォーム

6. Classic
platform

7. Modern
platform

8. Modern platform

9. Modern platform

10. Modern platform

11. There is code inside
BSL Mask ROM, Marked
This is an MSP430F2274
bootloader ROM. The
leftmost column is
annotated
- Travis Goodspeed

12. Attackers motivation

13. Attackers motivation
• Stealth
• Persistence
• Low level security bypass
• Data intercepts (USB)
• Side channel spying (sensors etc.)
• Privilege escalation
• VM escape
• Jail break/carrier unlock
• PDoS (Permanent/Persistent Denial of Service)

14. It is possible
BadUSB root cause
- Controller inside flash drive has a CPU (8051)
- Insecure firmware update mechanism

15. Attack surface review
from the inside

16. Modern platform

17. Modern platform
• Hide a tiny amounts of data in
SPD
• OLD attack – change SPD to
indicate smaller RAM size than
actually exists to cause PDOS
• OLD attack – change SPD to
indicate larger RAM size than
actually exists to make some
memory accesses wrap
around and bypass security
controls (i.e. memory aliasing)

18. Modern platform
• JEDEC eMMC spec 5.1
• Introduced FFU
• FIELD FIRMWARE UPDATE

19. Modern platform

20. Modern platform

21. Modern platform

22. Modern platform

23. Modern platform

24. Modern platform

25. Modern platform

26. Modern platform

27. Modern platform

28. Modern platform
The curious case of “Plugable”
- USB 3.0 SATA dock for external HDD
- Controller used is made by ASMedia
- Release a firmware update tool and patch
back in 2013
- http://plugable.com/2013/03/05/usb3-sata-
u3-firmware-update

29. Modern platform
Same ASMedia
controller found in
Samsung Ultrabook

30. Example
1. Malware gets installed on a platform via
phishing, browser vulnerability, etc.
2. It detects a vulnerable platform component.
3. Then uses that component for persistence on
the device.

31. Platform
DEMO
Internet
Malware
C&C
Internal LTE
module
Malware
AV clean or
OS wipe &
reinstall

32. VIDEO

33. Internal Huawei LTE modem
• Connected via USB interface in M.2 socket
• ARMv7, 256MB flash, 50MB ram

34. • Software
• Windows utility for firmware updates
• Firmware
• Strings is useful
• Hardware
• Test pads?

36. Contains embedded Linux with Android kernel

37. root@9615-cdp:# cat /proc/cpuinfo
Processor : ARMv7 Processor rev 1 (v7l)
BogoMIPS : 274.02
Features : swp half thumb fastmult vfp edsp neon vfpv3 tls
vfpv4
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x0
CPU part : 0xc05
CPU revision : 1
Hardware : QCT MSM9615 CDP
Revision : 0000
Serial : 0000000000000000
Contains embedded Linux with Android kernel

38. LTE module firmware update vulnerability
• Windows firmware update tool performs CRC check before passing firmware
image to LTE module
• LTE module only performs CRC check of firmware image before accepting update
• CRC helps with integrity verification, but is not sufficient to prevent security
compromise
• Easy to recalculate CRC and get LTE module to accept any arbitrary update
• Even easier to patch firmware update tool to recalculate CRC for us
• Bonus: No way to force firmware update if the module has been compromised
• Firmware updates should be signed by OEMs private key
• LTE module should perform a signature verification using public key stored inside
module

39. • CVE-2015-5367
• Insecure Linux Image in Firmware
• CVE-2015-5368
• Insecure Firmware Update Authentication

40. Affected products
• Huawei
• ME906V/J/E
• HP
• HP EliteBook 725 G2,HP EliteBook 745 G1,HP EliteBook 755 G2,HP EliteBook 820 G1,HP EliteBook 820 G2,HP
EliteBook 840 G1,HP EliteBook 840 G2,HP EliteBook 850 G1,HP EliteBook 850 G2,HP EliteBook 1040 G1,HP
EliteBook 1040 G2,HP EliteBook Folio 9470m,HP EliteBook Revolve 810 G2,HP EliteBook Revolve 810 G3,HP
ElitePad 1000 G2,HP Elite x2 1011 G2,HP ProBook 430 G1,HP ProBook 430 G2,HP ProBook 440 G0,HP ProBook 440
G1,HP ProBook 440 G2,HP ProBook 450 G0,HP ProBook 450 G1,HP ProBook 450 G2,HP ProBook 640 G1,HP
ProBook 645 G1,HP ProBook 650 G1,HP ProBook 655 G1,HP Pro x2 612 G1,HP Spectre x2 13-SMB Pro,HP ZBook
14,HP ZBook 14 G2,HP ZBook 15,HP ZBook 15 G2,HP ZBook 15u HP ZBook 17,HP Zbook 17 G2,mt41 Thin Client

41. Thanks for your research and for giving the DefCon talk. I was there in the
audience.
Huawei is refusing to provide the ME906 firmware update directly to end users.
Instead, they refer to the OEM partner (Sony, etc.), who in turn knows nothing
about this. It's a classic case of finger pointing.
Do you have any insight and/or suggestions on how an end user of one of these
LTE modules can acquire the patch? In my case, it's the Sony variant.
Thanks in advance for your assistance. Please excuse the anonymous disposable
email, but I'm sure you know it's the only way to remain secure.
Regards,
A (Disgruntled) Huawei Modem Owner

42. Summary and key takeaways
• Every modern platform contains many CPUs beyond the main one everyone knows
about
• They often do not use a secure update mechanism
• AV software running on main CPU doesn’t have visibility into these additional CPUs
• They can be used to circumvent security controls in interesting ways
• Once one of these CPUs has been compromised, it can be impossible to clean
• We have to view the platform as an interconnected system with multiple security
boundaries and execution environments rather than focusing only on main CPU
and OS security issues
• Impossible to secure the overall platform without fixing device firmware security

43. Questions?