Low Level Security Vulnerability

Comments · 2523 Views

Security issues often affect the building blocks used to build software at a similar rate to the software built on top of them.Because of this, more consideration needs to be taken into how low-level design choices impact security, since almost all of these exploits can be used even if the

HeartBleed

HeartBleed is a flaw in OpenSSL implementation of SSL (Secure Socket Layer) and TLS (Transport Layer Security)[1]. SSL and TLS protocols are responsible in maintain safe and secure internet connection which safeguards the data being sent or received. These protocols prevent attackers to read or modify the data by encrypting them. The data includes emails, messages, credit card information, passwords and similar sensitive information. The OpenSSL is widely used and implemented version of the SSL/TLS. For example servers like Apache and NGINX which are responsible in conducting around 50% of the worlds internet has the OpenSSL implementation[2].

There is an extension in the SSL/TLS protocol known as the heartbeat extension. The heartbeat extension allows to keep the SSL/TLS session up and running even though no information has been sent or received over comparatively long period of time. To keep the session up and running a heartbeat request is sent to the user to check if the user is still active, the user response determines the activeness. Due to the system library flaw attackers can make a special heartbeat request with a payload of around 60 GB but disguise the payload as 1 byte.[3] The OpenSSL instead of checking if the payload was actually 1 byte checks the user response, which is a flaw. The first byte is sent as a response but however the OpenSSL copies the rest of the data which is almost 60GB of data in the server and sends it to the attacker as rest of the 

response. These data might contain encryption keys, credit card information, messages, password.  If the data consists of encryption keys, then attacker can use the encryption key to open any message that is being transferred over these servers. Even more, horrifying fact is that the attack can be performed without the attacker leaving any trace.

This flaw was named as Heartbleed because the heartbeat extension leaks the memory contents from the server to the client. This flaw was discovered in April 2014. It was estimated that 39% of Inernet users had changed their password or canceled their accounts after the flaw was discovered. Around 6% of the users data were swiped[4].

Stagefright

The Android Open Source Project (AOSP), a smartphone operating system consist of a flaw in its library known as Stagefright. The flaw would allow the video message to be processed without even having the user to interact with it. THE AOSP made the multimedia processing program in native code (C++) which is prone to memory corruption because the multimedia processing is time intensive. [5]Due to this the flaw would let the attacker, who is sending the multimedia message enter the memory of android devices. After, this attacker used buffer overflow to perform remote code execution on all unpatched Android devices. Messages, users documents and data could easily be retrieved by the attacker since they have an access to the memory.

Immediate software updates with patches were sent in regards to prevent this issues. It was assumed that 95% of the phones using google services were vulnerable to this flaw[6]. Some of the large scale vendors that were susceptible to this flaw were Amazon, Barnes and Noble, Google, HTC, Huawei Technologies, LG Electronics, Mototola Inc., Samsung Mobile and Sony Corporation. Zimperium lab assumes that all of these vendors were actually affected by this system library flaw.

 

Timing Attacks

Timing attacks are side-channel attack method that allows the attacker to obtain information about hidden values in a system through statistical analysis of many precise measurements of the duration a particular series of instructions takes to complete. It relies on the incredibly common design flaw of having a direct relationship between system inputs, hidden values, and the time taken for a system to produce an output. By comparing the amount of time that certain code paths take with different input values, it is sometimes possible to determine the exact path through a series of conditional statements, which can then be used to determine secret values or program flow structure. One of the benefits of timing attacks is that it is often possible to do remotely and does not require physical access to the targeted system. An example of this can be found in the 2005 attack by Brumley et. al., in which it was discovered that OpenSSL was vulnerable to private key exfiltration through the use of a timing attack over a network. The core flaw was that at the time, OpenSSL took slightly different amounts of time to perform a decryption depending on whether the the guessed value for the private key exponent was higher or lower than the correct value, by using this information it was possible to converge upon the correct value of the private key exponent through by performing a binary search. This allowed for the exfiltration of a 1024-bit private key from an OpenSSL-enabled web server with the default configuration over network in slightly under 2 hours. The primary mitigations for this type of attack are to design cryptographic functions in such a way that they operate in an effectively constant time for either correct or incorrect values, and to specifically avoid designs that provide a variable length of time to execute depending on proximity to the secret value.

 

Power Analysis

Power analysis is closely related to the methods used to execute timing attacks, but rather than looking at only the total amount of time taken to execute a series of instructions, it attempts to exfiltrate information from a system through the use of signal analysis on power consumption in the time domain of those same instructions. This method is both more reliable overall as well harder significantly harder to defend against than timing attacks. Power analysis is more reliable than simple timing attacks because it provides significantly more data with which to perform statistical analysis in a much shorter period of time, making it easier to extract the targeted information. It is also harder to defend against when the attacker has physical access because the root cause of the vulnerability is a result of microprocessor instruction set architecture design, and many of the most effective methods to defend against it such as capacitive power filtering, are relatively simple to bypass through physical modification of the targeted device when compared to the more reliable software defenses that can be used to thwart timing attacks that can be applied to physically hardened secure microprocessors. Effective mitigations for this kind of attack are primarily limited to preventing the attacker from having physical access to the target device. An additional mitigation to help increase attack difficulty if preventing physical access is prohibitive is power filtering, although the effectiveness of this method is quite limited compared to preventing physical access.

 

Rowhammer:

Rowhammer is a side-channel attack that allows for the intentional modification or corruption of memory that the attacker does not have direct memory access to. Normally, an attempt to change the memory of another process by an attacker would result in an exception due to the attacker not having the necessary privileges, and the write to memory would fail, but Rowhammer allows the attacker to bypass this protection at the hardware level, out of control of both the software level (OS) and the hardware level (MMU, or Memory Management Unit). The method relies on the physical structure of modern DRAM as rows of adjacent cells on a microscopic scale, each composed of a transistor and a capacitor. Due to the incredibly small size and close proximity, there is a relatively large amount of inductive coupling between adjacent capacitors in the high-capacity DRAM chips commonly found in modern devices containing microprocessors. Because of this, it is possible for an attacker to modify the value contained within a privileged location in memory by toggling the values in the adjacent cells at an incredibly high rate, to trigger a bit flip. This ability potentially allows for an attacker to perform a privilege escalation at the OS-level to gain additional control of a system. Almost all modern devices that run an operating system are vulnerable to this kind of attack, ranging from servers to cell phones. The attack requires the attacker to have a fairly detailed map of the address space they are attempting to attack, which makes this attack fairly difficult to execute in a practical setting. The attack is also generally limited to local privilege escalation, as it is difficult to perform the attack remotely. Luckily several mitigations for this type of attack exist. The primary mitigations for this sort of attack is to perform statistical analysis of writes at the OS level in order to detect the rapid toggling of memory that occurs during an in-progress attack or to use more granular memory-mapping to obfuscate the physical layout of memory in order to make determining which addresses to attack more difficult to perform effectively. Some other methods include preventing the attacker from having the ability to repeatedly and rapidly flushing caches, in order to significantly reduce the throughput of toggling at the DRAM level, instead absorbing the changes in the multiple levels of cache present in modern systems. A few hardware methods exist as well including the use of ECC (Error Correcting Code) which can detect data corruption through the use of parity bits, and TRR (Targeted Row Refresh) which helps to mitigate the effects of the attack by specifically performing additional DRAM refresh cycles on memory rows that may be under attack.

 

Throwhammer

Throwhammer is a variant of the Rowhammer exploit that relies on the implementation of certain high-throughput network cards to bypass the requirement for local code execution that Rowhammer-type attacks generally require. It exploits the DMA (Direct Memory Access) system used by very high throughput network cards to reduce CPU load during network access. One of the more common implementations of RDMA (Remote Direct Memory Access) allows the network card to copy network request data directly to application memory without interference from the CPU or the OS. This implementation is often used on internal networks in data centers and is also supported by the SMB file sharing system in Microsoft Windows. By sending large amounts of carefully crafted packets over a high throughput local area network, it is possible for an attacker to achieve a high enough throughput to successfully perform a Rowhammer attack. This variant of Rowhammer is resistant to the OS-level mitigations that can be used to mitigate local Rowhammer attacks, and instead requires the use of hardware-level mitigations like ECC and TRR systems, similar to Rowhammer proper. This attack is of particular importance because it is both easier to exploit, requiring no local code execution privileges, and is more difficult to prevent in software, requiring hardware mitigations.

 

Spectre:

Speculative execution is a processor optimization where the processor begins to execute an instruction that happens after a conditional before the result of the conditional statement is known. This optimization is necessary to keep the instruction pipeline full and the processor at maximum throughput. The decision on which instruction(s) to speculatively execute is made by the branch predictor. Speculative execution is found in nearly all microprocessors designed since the late 1980s and so represents a large attack surface due to its presence in almost all computing devices.

Spectre is a side-channel attack that targets the branch predictor and speculative execution that, when combined with additional exploits, allows for the exfiltration of data from memory that the attacker should not be able to access. The attack can be divided into two main sub-types: bounds check bypass and branch target injection. Bounds check bypass tricks the CPU into caching out-of-bounds memory through an indirect memory access, and once that data is cached, a cache inference exploit can then be used to extract the data. Branch target injection tricks the branch predictor into speculatively executing an instruction in a memory location that it otherwise would not execute in, potentially allowing indirect access to memory that the attacker would not otherwise have access to. Spectre is a fairly difficult attack to implement, as it requires an additional exploit to be useful, a cache inference exploit, as well as knowledge of the particular CPU in the targeted system, as the behavior can vary significantly even between different model numbers of the same product line. Unfortunately, while the attack is difficult to perform, there are no known software mitigations for the attack, meaning that hardware mitigations are required to reduce attack risk. The first commercial CPUs to be released with hardware mitigations for Spectre were not released until October of 2019.

Brief Analysis

Many security flaws exist at a very low level, as far down as the integrated circuit and microprocessor design. These exploits are able to be executed with no input from the user at all, such as rogue packets being sent over network to cause intentional corruption on a remote device. These security flaws are as easy to create as software bugs, but are often almost impossible to fix once discovered without requiring replacement hardware.

Some Questions to Think About

  • How does the fact that there are likely affected by multiple low-level security vulnerabilities that cannot be fixed without buying new hardware affect your view of IT security as a field?
  • Have you experienced any negative performance implications due to the Spectre and Meltdown software patches?
  • What other low-level security flaws do you know about that we didn’t cover?

 

Bibliography

[1] The Heartbleed Bug, http://heartbleed.com/

 

[2] Ellingwood, Justin. Apache vs Nginx: Practical Considerations, January 28, 2015. https://www.digitalocean.com/community/tutorials/apache-vs-nginx-practical-considerations

 

[3] Wenliang Du. Heartbleed Attack Lab, 2016. http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Networking/Heartbleed/Heartbleed.pdf

 

[4] Rainie,Lee, Duggan Maeve. Heartbleed’s Impact, April 30, 2014. http://www.pewinternet.org/2014/04/30/heartbleeds-impact/2/

 

[5] Avraham, Zuk. Experts Found a Unicorn in the Heart of Android, July 27, 2015. https://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/

 

 [6] Nickinson, Phil. The 'Stagefright' exploit: What you need to know, August 17, 2015. https://www.androidcentral.com/stagefright

 

 

Comments