A Kaspersky Lab bulletin indicates a cyberattack group has the capability to infect hard drive firmware. Learn how this capability works, and what it means for your deployed systems.
A cyberattack group dubbed Equation group by Russian security firm Kaspersky Lab has a portfolio of intricate and highly sophisticated malware that dates back to at least 2001. The organization is considered by Kaspersky to be "the most advanced threat actor we have seen." The portfolio of Equation group's exploits extensively utilizes a variety of encryption algorithms and hashes, including using SHA-256 1,000 times on an NTFS object ID.
Information about the afflicted parties and details regarding the use of code written by Equation group is covered in depth on CNET, as well as information regarding how these disclosures relate to the Stuxnet worm, which was discovered in 2010 and is still a subject of political intrigue. The focus of this article is on the technical inner workings of the Equation group exploit, and the use of drive firmware as an attack vector.
What sets Equation apart from other groups?
Perhaps the most alarming capability detailed in the report is that the malware produced by Equation can reprogram the firmware of hard drives. According to Kaspersky, the malware's design allows for the creation of hidden sectors on the drive, which are resistant to drive formatting. Naturally, it also provides an API for access to the hidden sectors for use by other Equation components. Of the two identified modules with this capability, the first (from 2010) can reprogram six distinct drive "categories," which constitute individual products or product lines by Maxtor, Seagate, Western Digital, and Samsung. The second version (from 2013) has 12 product classes, which include the previous brands and adds HGST/IBM, Micron, OCZ, OWC, Corsair, and Mushkin.
Finnish security firm F-Secure notes that this disclosure describes the capabilities of a utility called IRATEMONK in an internal National Security Agency (NSA) catalog from 2008 that "provides software application persistence...through MBR substitution." This utility can infect the firmware of "a variety of Western Digital, Seagate, Maxtor, and Samsung hard drives," which supports FAT, NTFS, EXT3, and UFS file systems not running as part of a RAID array.
What are the implications of using that attack vector?
In an interview with Reuters, lead Kaspersky researcher Costin Raiu claims that the vendors must have had access to the source code of the drive firmware. Raiu is quoted by Reuters as saying that, "There is zero chance that someone could rewrite the [hard drive] operating system using public information."
In response to this claim, a Western Digital spokesman told Reuters they "[have] not provided its source code to government agencies." Reuters indicates other drive makers declined to say if they have shared their source code. A Seagate spokesman said it has "secure measures to prevent tampering or reverse engineering of its firmware and other technologies." In the report from Reuters -- which names the NSA as the developers of this exploit -- it is possible for the government to request source code in the process of a security audit for government purchases.
Importantly, the Kaspersky report notes that this exploit is extremely rare, and that it is "kept for the most valuable victims or for some very unusual circumstances." This does not appear to be a scenario in which Equation-produced code is accompanying drives shipped from the factory.
How hard is it to reverse-engineer drive firmware?
Surprisingly, the answer to that question is not very, but it is not trivial either. A hard drive is, in essence, functionally identical to any other integrated system. Typically speaking, the circuit board on a hard drive contains DRAM for the drive cache, a spindle motor controller, the drive controller -- a multi-core ARM processor for modern drives. Some drives, like the drive used in this experiment at SpritesMods, have an additional serial flash to store the firmware, though others may keep this storage internal to the controller. These drive controllers are either off-the-shelf parts, or made by the drive vendors.
In the experiment at SpritesMods, the Western Digital firmware does not contain any obfuscation tricks. That experiment starts with getting access by connecting to an ARM core on the controller accessible via JTAG, which allows for easier debugging with breakpoints and memory editing. In that experiment, making a persistent change to the drive firmware was possible -- the memory layout of the chip was already documented, and free space existed in which to inject arbitrary instructions, which can be executed before the rest of the drive firmware by changing the execution order in the header.
Notably, some of the instruction blocks in the firmware code are stored in an unknown compression format and unpacked into RAM at start -- making this edit does not require the ability to modify that code in the compressed state. When it is unpacked for execution at boot, the arbitrary code can insert hooks into the executed code. In the SpritesMods experiment, a small program was written utilizing code from the idle3-tools package, which allows for the firmware to be flashed to the drive.
What does this mean for deployed systems?
Considering the rarity with which this exploit appears to be used, it probably is not an issue worth worrying about at this time. Windows users are a more obvious target through sheer ubiquity, though Mac OS X and Linux users should know there is no security through obscurity. The Kaspersky report indicates there are some signs that Equation can target non-Windows systems, and IRATEMONK is documented as supporting EXT3 and UFS.
The opaque nature of hard drive firmware, and the extensive amount of vendor-specific commands, often with poor to no documentation (a somewhat shocking state of affairs for such ubiquitous hardware as mass storage devices) is reason to give pause. Ariel Berkman of the Israeli firm Recover has written a proof-of-concept on hiding data in reserved service space that only requires knowledge of vendor-specific commands, which has the potential to be easier than firmware modification.
No comments:
Post a Comment