From owner-freebsd-questions@FreeBSD.ORG Mon Feb 23 23:10:00 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BF927D9C; Mon, 23 Feb 2015 23:10:00 +0000 (UTC) Received: from mail-ob0-x22f.google.com (mail-ob0-x22f.google.com [IPv6:2607:f8b0:4003:c01::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 771A5E91; Mon, 23 Feb 2015 23:10:00 +0000 (UTC) Received: by mail-ob0-f175.google.com with SMTP id va2so39969224obc.6; Mon, 23 Feb 2015 15:09:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=C418XS7f9XMZtG5l2BlGRQPBxcAfn2oBZzX6lltXWEI=; b=EM5VERUEd4VigSX8GFMxg9WJexery77NM2asv8UqRFnthhsmV6V6iihSf595t41VaK V1rCQWEb8QQOrX+UZe9x9o7k4X9LvTUacAHfSYgtX8dAxbDj8r2nOEe1wvsN4gFvXtY9 jXVOBP7d8WEBABz1UrSThZOOGijsrgpH+A+fAvM3EWj3QJThyXr3MYO0EIOZxuyT1ZHh t4AKfIXfSJV8+xMdSLWnN5HkG1s/hA/RupTamO18vNc0At0oWokcIs0nLLb99Sti2f8J 1zmphKzI2xNhxE/VdbAEuqym+trgYgi3Dkt0/xdpBx01wYY4LIfAhEzscnHWUB+TrrlP /ZIQ== MIME-Version: 1.0 X-Received: by 10.182.165.202 with SMTP id za10mr9095760obb.8.1424732999673; Mon, 23 Feb 2015 15:09:59 -0800 (PST) Received: by 10.60.140.199 with HTTP; Mon, 23 Feb 2015 15:09:59 -0800 (PST) In-Reply-To: References: <54E2B04C.9080707@av8n.com> <54E436FB.9000709@deadhat.com> <711B69EB-1CBF-4F03-9336-AFEBE0B857A0@callas.org> Date: Mon, 23 Feb 2015 18:09:59 -0500 Message-ID: Subject: Fwd: [Cryptography] trojans in the firmware From: grarpamp To: cypherpunks@cpunks.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 23:10:00 -0000 > http://www.recover.co.il/SA-cover/SA-cover.pdf Since the firmware rules over everything, all the spare sectors for block reallocation must be considered too, not just the service areas. Then there is the per sector CRC space that could perhaps be reutilized if CRC is implemented as software function. Kernel options to permit only your approved list of opcodes and block all else by default would seem useful to have. > http://www.spiegel.de/media/media-35661.pdf Again, look at the list of Unix operating systems and file systems. These guys are calling Unix out by name, and soon the common script kid will be too. Unix is under attack and this stuff can't be ignored as "too rare and/or hard and/or low market share to be relavent" anymore. ---------- Forwarded message ---------- Date: Mon, Feb 23, 2015 at 12:10 PM Subject: Re: [Cryptography] trojans in the firmware FYI -- CMU has been hacking disk drive firmware since the 1990's for "smart disks" and "performance"; UCSD has been hacking flash drive firmware more recently. I believe that DARPA has also openly solicited for disk drive/flash drive firmware hacking capabilities. Both CMU & UCSD are hotbeds of NSA recruitment activity. We now know that in NSA parlance "smart" anything =3D "spying" anything; e.g., "smart disks" =3D "spying disks"; "smart phones" =3D "spying phones", etc. BTW, hiding stuff in a flash memory stick is even easier than in a hard drive. This is because flash memory is so unreliable, that there is typically a huge percentage of unused space; the cheaper the flash memory, the smaller the fraction of usable reliable memory space. So it wouldn't be at all surprising to find that your 32GB flash drive is really constructed from 64GB chips, and that 50% of the device is unavailable for use. It is highly unlikely that _all_ of this unused space is unreliable, so this leaves plenty of room for NSA lurking. But even if the device were 100% reliable, noticing that only 50% was actually in use would be unremarkable, given the typical degree of unreliability of these types of devices. For these reasons, it is critical for flash memory devices to _open up_ their API's, so that the raw memory (with all of its warts) can be inspected and verified. http://www.wired.com/2015/02/nsa-firmware-hacking/ How the NSA=E2=80=99s Firmware Hacking Works and Why It=E2=80=99s So Unsett= ling By Kim Zetter 02.22.15 8:09 pm One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive=E2=80=99s firmware with malicious code. T= he Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware=E2=80=94-the guts of any computer=E2=80=94-=E2=80=9Csur= passes anything else=E2=80=9D they had ever seen. The hacking tool, believed to be a product of the NSA, is significant because subverting the firmware gives the attackers God-like control of the system in a way that is stealthy and persistent even through software updates. The module, named =E2=80=9Cnls_933w.dll=E2=80=9D, is the= first of its kind found in the wild and is used with both the EquationDrug and GrayFish spy platforms Kaspersky uncovered. It also has another capability: to create invisible storage space on the hard drive to hide data stolen from the system so the attackers can retrieve it later. This lets spies like the Equation Group bypass disk encryption by secreting documents they want to seize in areas that don=E2=80=99t get encrypted. Kaspersky has so far uncovered 500 victims of the Equation Group, but only five of these had the firmware-flashing module on their systems. The flasher module is likely reserved for significant systems that present special surveillance challenges. Costin Raiu, director of Kaspersky=E2=80=99s Global Research and Analysis Team, believes these are high-value computers that are not connected to the internet and are protected with disk encryption. Here=E2=80=99s what we know about the firmware-flashing module. How It Works Hard drive disks have a controller, essentially a mini-computer, that includes a memory chip or flash ROM where the firmware code for operating the hard drive resides. When a machine is infected with EquationDrug or GrayFish, the firmware flasher module gets deposited onto the system and reaches out to a command server to obtain payload code that it then flashes to the firmware, replacing the existing firmware with a malicious one. The researchers uncovered two versions of the flasher module: one that appears to have been compiled in 2010 and is used with EquatinoDrug and one with a 2013 compilation date that is used with GrayFish. The Trojanized firmware lets attackers stay on the system even through software updates. If a victim, thinking his or her computer is infected, wipes the computer=E2=80=99s operating system and reinstalls it t= o eliminate any malicious code, the malicious firmware code remains untouched. It can then reach out to the command server to restore all of the other malicious components that got wiped from the system. Even if the firmware itself is updated with a new vendor release, the malicious firmware code may still persist because some firmware updates replace only parts of the firmware, meaning the malicious portions may not get overwritten with the update. The only solution for victims is to trash their hard drive and start over with a new one. The attack works because firmware was never designed with security in mind. Hard disk makers don=E2=80=99t cryptographically sign the firmware t= hey install on drives the way software vendors do. Nor do hard drive disk designs have authentication built in to check for signed firmware. This makes it possible for someone to change the firmware. And firmware is the perfect place to conceal malware because antivirus scanners don=E2=80=99t examine it. There=E2=80=99s also no easy way for us= ers to read the firmware and manually check if it=E2=80=99s been altered. The firmware flasher module can reprogram the firmware of more than a dozen different hard drive brands, including IBM, Seagate, Western Digital, and Toshiba. =E2=80=9CYou know how much effort it takes to land just one firmware for a hard drive? You need to know specifications, the CPU, the architecture of the firmware, how it works,=E2=80=9D Raiu says. The Kasper= sky researchers have called it =E2=80=9Can astonishing technical accomplishment and is testament to the group=E2=80=99s abilities.=E2=80=9D Once the firmware is replaced with the Trojanized version, the flasher module creates an API that can communicate with other malicious modules on the system and also access hidden sectors of the disk where the attackers want to conceal data they intend to steal. They hide this data in the so-called service area of the hard drive disk where the hard disk stores data needed for its internal operation. Hidden Storage Is the Holy Grail The revelation that the firmware hack helps store data the attackers want to steal didn=E2=80=99t get much play when the story broke last week, = but it=E2=80=99s the most significant part of the hack. It also raises a numbe= r of questions about how exactly the attackers are pulling this off. Without an actual copy of the firmware payload that gets flashed to infected systems, there=E2=80=99s still a lot that=E2=80=99s unknown about = the attack, but some of it can be surmised. The ROM chip that contains the firmware includes a small amount of storage that goes unused. If the ROM chip is 2 megabytes, the firmware might take up just 1.5 megabytes, leaving half a megabyte of unused space that can be employed for hiding data the attackers want to steal. This is particularly useful if the computer has disk encryption enabled. Because the EquationDrug and GrayFish malware run in Windows, they can grab a copy of documents while they=E2=80=99re unencrypte= d and save them to this hidden area on the machine that doesn=E2=80=99t get encrypted. There isn=E2=80=99t much space on the chip for a lot of data or documents, however, so the attackers can also just store something equally as valuable to bypass encryption. =E2=80=9CTaking into account the fact that their GrayFish implant is active from the very boot of the system, they have the ability to capture the encryption password and save it into this hidden area,=E2=80=9D Raiu says. Authorities could later grab the computer, perhaps through border interdiction or something the NSA calls =E2=80=9Ccustoms opportunities,=E2= =80=9D and extract the password from this hidden area to unlock the encrypted disk. http://cryptome.org/2014/05/nsa-customs.htm Raiu thinks the intended targets of such a scheme are limited to machines that are not connected to the internet and have encrypted hard drives. One of the five machines they found hit with the firmware flasher module had no internet connection and was used for special secure communications. =E2=80=9C[The owners] only use it in some very specific cases where there i= s no other way around it,=E2=80=9D Raiu says. =E2=80=9CThink about Bin Laden= who lived in the desert in an isolated compound=E2=80=94-doesn=E2=80=99t have interne= t and no electronic footprint. So if you want information from his computer how do you get it? You get documents into the hidden area and you wait, and then after one or two years you come back and steal it. The benefits [of using this] are very specific.=E2=80=9D Raiu thinks, however, that the attackers have a grander scheme in mind. =E2=80=9CIn the future probably they want to take it to the next lev= el where they just copy all the documents [into the hidden area] instead of the password. [Then] at some point, when they have an opportunity to have physical access to the system, they can then access that hidden area and get the unencrypted docs.=E2=80=9D They wouldn=E2=80=99t need the password if they could copy an entire direct= ory from the operating system to the hidden sector for accessing later. But the flash chip where the firmware resides is too small for large amounts of data. So the attackers would need a bigger hidden space for storage. Luckily for them, it exists. There are large sectors in the service area of the hard drive disk that are also unused and could be commandeered to store a large cache of documents, even ones that might have been deleted from other parts of the computer. This service area, also called the reserved are or system area, stores the firmware and other data needed to operate drives, but it also contains large portions of unused space. An interesting paper (.pdf) published in February 2013 by Ariel Berkman, a data recovery specialist at the Israeli firm Recover, noted =E2=80=9Cnot only that these areas can=E2=80=99t be sanitized (via standard= tools), they cannot be accessed via anti-virus software [or] computer forensics tools.=E2=80=9D http://www.recover.co.il/SA-cover/SA-cover.pdf Berkman points out that one particular model of Western Digital drives has 141 MB reserved for the service area, but only uses 12 MB of this, leaving the rest free for stealth storage. To write or copy data to service area requires special commands that are specific to each vendor and are not publicly documented, so an attacker would need to uncover what these are. But once they do, =E2=80=9C[b]y sending Vendor Specific Commands (VSCs) directly to the hard-drive, one can manipulate these [service] areas to read and write data that are otherwise inaccessible,=E2=80=9D Berkman writes. It is also possible, though not trivial, to write a program to automatically copy documents to this area. Berkman himself wrote a proof-of-concept program to read and write a file of up to 94 MB to the service area, but the program was a bit unstable and he noted that it could cause some data loss or cause the hard drive to fail. One problem with hiding large amounts of data like this, however, is that its presence might be detected by examining the size of the used space in the service area. If there should be 129 MB of unused space in this sector but there=E2=80=99s only 80 MB, it=E2=80=99s a dead giveaway= that something is there that shouldn=E2=80=99t be. But a leaked NSA document th= at was written in 2006 but was published by Der Spiegel last month suggests the spy agency might have resolved this particular problem. NSA Interns to the Rescue The document (.pdf) is essentially a wish list of future spy capabilities the NSA hoped to develop for its so-called Persistence Division, a division that has an attack team within it that focuses on establishing and maintaining persistence on compromised machines by subverting their firmware, BIOS, BUS or drivers. The document lists a number of projects the NSA put together for interns to tackle on behalf of this attack team. Among them is the =E2=80=9CCovert Storage=E2= =80=9D project for developing a hard drive firmware implant that can prevent covert storage on disks from being detected. To do this, the implant prevents the system from disclosing the true amount of free space available on the disk. http://www.spiegel.de/media/media-35661.pdf =E2=80=9CThe idea would be to modify the firmware of a particular hard driv= e so that it normally only recognizes, say, half of its available space,=E2=80=9D the document reads. =E2=80=9CIt would report this size bac= k to the operating system and not provide any way to access the additional space.=E2=80=9D Only one partition of the drive would be visible on the partition table, leaving the other partitions=E2=80=94-where the hidden dat= a was stored=E2=80=94-invisible and inaccessible. The modified firmware would have a special hook embedded in it that would unlock this hidden storage space only after a custom command was sent to the drive and the computer was rebooted. The hidden partition would then be available on the partition table and accessible until the secret storage was locked again with another custom command. How exactly the spy agency planned to retrieve the hidden data was unclear from the eight-year-old document. Also unclear is whether the interns ever produced a firmware implant that accomplished what the NSA sought. But given that the document includes a note that interns would be expected to produce a solution for their project within six months after assignment, and considering the proven ingenuity of the NSA in other matters, they no doubt figured it out. _______________________________________________