Hacking the UEFI BIOS Through the Windows 8 API

DEF CON 22, Las Vegas, NV - The thought of getting a root kit or back door on a critical system is always a bad one. These pieces of malicious code allow an attacker to continue to exploit your network and move laterally increasing their foot hold. The good news is that in most cases you can find and remove these holes either by paving the system (formatting and reinstalling) or by cleaning (not always the best choice).

Now there is a new vector for attack through the basic code that controls your system the BIOS. With the introduction of the UEFI BIOS Intel (perhaps unknowingly) created a new vector for attack and one that allows the ultimate level of access. Even when an attacker gets into Windows with admin privileges they do not have access to everything. There are systems that are still protected including SMM (system memory manager).

By attacking and subverting the UEFI BIOS an attacker can actually break into these areas because they can have their code execute in the most privileged space and before any system locks have been put into place. To do this the attacker will use an already exploited Windows 8 system and an API called SetFirmwareEnvionmentVariable. This API allows for the creation of certain variables that pertain to the UEFI process. One of these that allows for this exploit is the ability to set the variable that tells the system there is new code to apply to the firmware.

Corey Kallenberg and Xeno Kovah from MITRE showed just how easy this was to do and explained that the flaws that allow this to happen are very basic problems that should not be there. Corey described them as coding 101 and even said there appeared to be notes indicating these problems should be looked at.

Now while the vulnerability was simple the exploit was not. Because of security restrictions in the BIOS update process malicious code cannot normally be installed. However, it was found by spraying the flash memory with your malicious code (in the form of capsules) and defining the area that you want the code to execute from (for the Capsule Data variable).

MITRE described two separate exploits that they developed for this new hole. One was called the Queen's Gamut and the other the King's. The Queen's Gamut was the more concerning of the two because it takes place before any locks are placed on the system giving write-what-where access to the system. With this level of access they were able to show off the installation of an agent into the UEFI BIOS that they called the watcher. Again, this watcher agent was now running with the highest level of privilege (just like the CPU). Its whole job was to scan certain areas of the memory for special packets and them assemble and execute this code.

The agent runs on every boot and is OS agnostic. This means that even if you pave the system it is still running. The limits of what it can do do not really exist because it has the highest level of privilege you can get on a computer. Also the system does not have to actually download the malicious code to work. It only has to get into memory, so even if you block a bad script or your firewall restricts access to something the code is still in memory and will be seen and executed by the agent.

MITRE also showed (live) how they could use specially crafted PING packets to brick a system by writing 4 bytes of code. All they had to do was change the start point of the UEFI BIOS to zeroes and the system was dead, there would be no way to reflash the BIOS because the system would not even initialize the power on sequence. You would have to manually replace the BIOS chip in order to get things working. The danger inherent in this is pretty extreme when you think about it and all of this is thanks to Windows 8 and the new methods in the UEFI BIOS.

Tell us what you think in our Forum

No comments

Leave your comment

In reply to Some User