Enterprise hardware, encompassing laptops, servers and the cloud, continue to be vulnerable to Direct Memory Access (DMA) attacks. This is despite multiple-layers of protection such as UEFI Secure Boot and other proprietary boot protections (Intel Boot Guard and HP Sure Start) being in place, according to newly published research by Eclypsium.
"DMA attacks enable a potential attacker to read and write memory off a victim system directly, bypassing the main CPU and OS," the researchers warn. "By overwriting memory, attackers can gain control over kernel execution to perform virtually any manner of malicious activity."
Although an industry-wide issue, the Eclypsium research focused on a two laptops with a known enterprise presence: the Dell XPS 13 (7390) 2-in-1 and the HP ProBook 640 G4. They found two different vulnerabilities in the laptops, both now mitigated by the respective vendors.
The Dell XPS 13 was running on Intel's 10th generation Ice Lake processor and was found to be susceptible to pre-boot DMA attacks that enabled code injection across Thunderbolt during the boot process. It turned out the problem was an insecure default BIOS configuration. Dell issued a security advisory and update for the high-severity CVE-2019-174 vulnerability and has confirmed that all other platforms already had the relevant setting switched off by default.
The HP ProBook 640 G4 exploit was a little more complex as it required the case of the laptop to be opened. However, an open-chassis attack is still within the bounds of possibility and once inside the machine the exploit was relatively straightforward involving the existing wireless card to be replaced with a Xilinx SP605 FPGA development platform that enabled system RAM to be modified during the boot process and arbitrary code execution to be gained. HP released an updated version of the BIOS on 20 January to mitigate against the DMA attack methodology.
"When analysing an attack type, organisations must look at three factors: Means - Motive - Opportunity," Niamh Muldoon, senior director of Trust and Security (EMEA) at OneLogin, says. Seeing as DMA is a sophisticated type of attack that requires persistence if it is to succeed, Muldoon explains that it "empathises with the requirement for Security by Design." So security teams have to be part of the design and architecture conversation from the get go. "Key questions to ask internally within your organisation are," Muldoon says, "how many architecture designs in the last 12 months have received security team input and what percentage of security requirements are implemented prior to go-live implementations?"
Michael Barragry, operations lead and security consultant at edgescan, warns that "publicly available tools such as PCILeech have shown that these attacks are straightforward to perform and can bypass UEFI protection in some cases." Despite this, many enterprises may feel they are not vulnerable if they have robust physical security in place, Barragry suggests.
Its something that Ed Williams, director (EMEA) of SpiderLabs at Trustwave. also picks up on. One of the main reasons DMA attacks pose a risk to business is, he told SC Media UK, "because they often take a back seat when compared to more traditional network based attacks due to the physical element." It's not unusual, Williams argues, for security teams to be less-focused on physical based attacks.
So, just how big a problem are these DMA attacks against the enterprise in the real world? And why do they remain a problem when tools such as PCILeech have been demonstrating the risk for at least 18 months now?
That's the question SC Media UK put to Matt Aldridge, principal solutions architect at Webroot. "DMA attacks are primarily orchestrated after some kind of physical compromise," Aldridge says, " either on a stolen device or during some kind of on-premises attack such as a physical penetration test." He admits that they can be extremely effective, particularly against stolen target devices but also, in certain cases, used to bypass the authentication on a running system.
"Because there is a physical element to this attack," Aldridge continues, "most of the risk can be mitigated for systems which have not been stolen by restricting carefully the types of USB or Thunderbolt devices that can be connected to the organisation’s computer systems." Things are more challenging when it comes to protecting against an encryption or authentication bypass on stolen systems. "This is because the attacker can physically connect an attack device to the internal bus of the computer," Aldridge explains, concluding "such attacks are difficult to fully address without a redesign of the bus architecture itself, although some mitigations now exist in firmware and in operating system kernel implementations."
Mickey Shkatov, principal researcher at Eclypsium, told SC Media UK that in order to broadly mitigate the DMA attack risk, enterprises need to take the following steps:
1. Choose laptops with DMA protections in firmware and in the OS. For example, the latest models of HP and Dell laptops with updated DMA protection capabilities as a result of this research. Other vendors which recently introduced DMA protections are Apple in MacBooks and Microsoft in Surface devices.
2. Test laptops and servers for properly configured and enabled DMA protections.
3. Keep firmware up to date, including system firmware (UEFI/EFI) and firmware of Network Interface Cards and other components with DMA capabilities.
4. Scan laptops and servers for possible compromise at the firmware level due to missing DMA protections or other vulnerabilities.