Update 17:32am PST 5Oct2018 (added references to Eclypsium's work)
Every few years a huge "Supply Chain" security news story hits the mainstream that jolts everyone into a state of unease and paranoia. These stories serve as jarring reminders that amidst the dull hum of discontent that we all have about privacy (in our increasingly app-reliant connected-lives), we also have to worry about the hardware vessels that are home all this presumably sketchy software.
Given that news, we wanted to take a break from our usual postings to share a bit from our perspective. If you dont know who we are and why we may be commenting, please read the next paragraph. If you already do know, skip the next paragraph ;-).
Note: This article will get increasingly more technical as it progresses.
Who we are, and why we are commenting...
What is an implant?
- record video
- record audio
- allow access to the home when the inhabitant is away
- join their wifi
- spy on their wifi
- monitor their power usage
- detect motion
- send data recordings of the above off via cellular data
Hardware Implant constraints:
- What the attacker wants to accomplish.
- The attacker's technical competence/budget.
- The stealthiness of the implant (e.g. You would likely notice a whole camera crew hiding in your closet.)
- The feasibility of the implant to survive change. (e.g. If the implant needed to be installed before you moved in, but only worked well when your furniture was layed out in on specific configuration...like no artwork hanging in front of pinhole cameras!)
- The "operational cost" of the implant (e.g. if the implant required someone to sneak into your home to gather its data every 24 hours)
How hardware implants tend to work...
For example: if the implant only transmits its salacious spy data over close-proximity radio or when an attacker plugging directly into the implant, this requires the attacker (or a co-conspirator) to be in physical contact with the target device. For every thing you would want to spy on, you have to send someone there (paying their travel and accommodations, and risking getting caught) to collect the "spy data".
This is why "hardware hacking" that only focuses on the hardware is more-or-less "arts & crafts" or an exercise in academic self-importance.
The best channel to allow remote access to an attacker tends to generally be via the very networks the target device is attached to. (Which is actually what our product does: find anomalies or changes in the way a device communicates, hinting at something suspicious). The most obvious way for a hardware implant to accomplish this to leverage some kind of "software component" to do things like:
- Inject attackers code into a running computer
- Allow remote access for the attacker via some network
- Allow an attacker (masquerading as an average user of that computer) to do more than their user is supposed to
Categories of Hardware Implants...
- External Standalone Implants (A packet sniffer device listening to your ethernet or wifi data, or camera/microphone spying on keystrokes)
- External-Peripheral Implants (A USB keystroke logger physically plugged into your computer)
- Internal-Peripheral Implants (a device added to the assembly of a device, physically integrated with the PCB)
- Internal Implants (internal to the logic of a chip, more on this later.)
- Software (Firmware) Implants (backdoors, or "bugdoors", implanted in the software/firmware of a device)
1. External Standalone Implants
Packet sniffers and devices like PwnPlugs are perhaps the best examples of these kinds of devices. They are like microphones or cameras in that they are self-contained. In fact, there was a reddit post about a week ago where such a device was implanted at a user's home. There have also been more interesting highly technical devices like this that are standalone that listen to audio of keystrokes, perform power analysis to extract data, or use tiny fluctuations in Wifi signal (backscatter) to "see" into a room or even transmit data.
2. External-Peripheral Implants
Devices like the USB Rubber Ducky (which automates keystrokes as if an attacker were typing), keystroke loggers (pictured to the left) are "implants" that act as peripherals to the target device. You can argue that ye olde DMA attacks like those that leveraged Firewire and the newer Thunderbolt attacks (demonstrated on MacBooks) are an example of External-Peripheral Implants. Even the recent "Graybox" iPhone attacks can be argued to be a kind of "External Peripheral Implant".
3. Internal-Peripheral Implants
This category of device is also what we believe the SuperMicro implant to be...
This the category of implants are where they start to get more technical (and for us, interesting). These implant go into the device, often being soldered directly to the circuit board. Less nefarious kinds of implants like this would be an XBox Mod Chip. This category of implants seem the most effective, because they would likely go un-noticed by the end-user of the device, and can be installed AFTER the manufacturing of the device.
One common revelation among engineers learning more about hardware is that circuit boards and chips have common interfaces that form little "networks" down in the circuit. The chips all talk to each other via these interfaces. These interfaces (when tapped into) can allow for everything from code injection, to memory reading, and OCD (on-chip debugging) control of how a processor executes.
| || |
The aforementioned is generally achieved via JTAG. Which you may have heard about. We spend a LOT of time explaining JTAG to manufacturers and security people, because there has been very little solid public information about it. In fact, our blogpost here: "JTAG Explained" does several thousand inbound links per week from search engines. It is scary that something used in virtually every chip was so poorly understood. But this is changing.
How usable are these kinds of interfaces for implants? Extremely. Some of the documents leaked about the NSA cataloged devices that used JTAG interfaces in servers to inject code and read/extract data.
And often times, the hardware doesnt need to be heavily modified to achieve this. There is a great talk by Felix Domke called "JTAG Blackbox Reverse Engineering" (youtube) in which he discovers undocumented functionality in a device that yields arbitrary read/write access to system memory. Thereby allowing for bypass of OS security mechanisms.
4. Internal Implants
We spend a lot of time talking about this in our trainings, because they are the most interesting example of the Supply-Chain issue. Most modern processors have MANY MANY "cores" inside a single chip. In fact, in the IC (Integrated Circuit) chips that power cellphones called "SoCs" (System On Chip), the single chip actually has EVERYTHING that the device needs...in a one single chip: from USB and audio, to video, ethernet, and memory cards. All handled by one chip (pictured to the left).
So WITHIN a single chip, tens or hundreds of vendors and manufacturers can have their "chips"
Manufacturers increasingly don't manufacture every single sub-component. Instead they purchase or license the designs from another company. These designs come in the form of an "RTL" or design file that describe how the silicon and logic of that core may be manufactured. So WITHIN a single chip, tends or hundreds of vendors and manufacturers can have their chips. This is in fact how ARM works (ARM does not make chips, unlike Intel and AMD. Instead, they just license the designs to companies like Apple, Microchip, et al who manufacture the physical chips). Some might argue that this is actually the secret to their incredible market-share.
These "RTL"s are literally like software libraries are to software developers. Similar to the way a software developer imports libraries to help them write their program (network libraries, protocol libraries, file format output libraries, etc), chip designers do the same thing. They use CAD and design software to build chips and PCBs (like a highly technical version of "Visio"). This design software allows the designer to "import" entire sections of designs to use in their project. In some cases, importing these libraries is literally a "drag and drop" the way you drag images or "shapes" into your Visio or PowerPoint project.
5. Software (Firmware) Implants
So what do we think this thing actually is?
Our favorite bit of "evidence" comes from Trammell Hudson who does some fantastic work on firmware and backdoors. In his short tweet, he noticed that the location that the backdoor chip was placed resides at the 8-pin SOIC (Single Outline IC) where a chip was omitted by the manufacturer.
For context here, 8-pin SOIC chips are often used for EEPROM, a place to store firmware that is loaded by the device at boot time. (We discuss this in great detail as it relates to a router here. And more about SPI EEPROM in this video by one team members.)
The reason this possibility is compelling is that it is the most likely place for a "Class 3 implant" to masquerade as the original EEPROM chip (which contains a modified version of some firmware) which will in turn be loaded or used by the device. There a "Class 5" firmware implant is waiting to begin doing what it needs to do to allow remote access or "spy" on the target device.
Another very fascinating datapoint is the work from the folks at Eclypsium SPECIFICALLY on the vulnerabilities of the SuperMicro firmware update mechanisms that are being called into question in the Bloomberg article. This work was published in early September well in advance of the Bloomberg publication.
The broader issue that this should also raise is: "How real or prevalent are 'Class 4' implants?" That is to say, how many devices do we CURRENTLY use today have undocumented functionality baked into that hardware that is already potentially being used by savvy actors?
Update 10:21am PST 5Oct2018 (added quite a few links/references to articles mentioned). Added new section, new images. Grammar corrections.
Update 17:32am PST 5Oct2018 (added references to Eclypsium's work)