TID-113: Unverified Peripheral Firmware Loaded
Threat Description
A threat actor could manipulate the firmware associated with a peripheral prior to it being loaded and executed. The attackers may be able to manipulate actions on the device by sending it commands that were not the original intention of the user or by manipulating a bitstream before it is loaded, There are multiple possible cases where this could occur, including:
Case 1: Peripheral firmware is stored in a dedicated ROM/NVRAM chip. An adversary with physical access to the device might alter the contents of the peripheral firmware storage to alter peripheral behavior.
Case 2: Peripheral firmware stored as a file in the parent processor’s context. An adversary able to execute code in the parent processor context could replace or alter the firmware image before it is loaded into the peripheral during bootup or other initialization process.
Case 3: The parent processor’s context has privileged access to peripherals and malicious code running there could alter peripheral firmware dynamically (e.g., through shared memory).
Threat Maturity and Evidence
Observed Adversary Behavior
EQUATION GROUP: QUESTIONS AND ANSWERS
“Although the implementation of their malware systems is incredibly complex, surpassing even Regin in sophistication, there is one aspect of the EQUATION group’s attack technologies that exceeds anything we have ever seen before. This is the ability to infect the hard drive firmware… The plugin supports two main functions: reprogramming the HDD firmware with a custom payload from the EQUATION group, and providing an API into a set of hidden sectors (or data storage) of the hard drive. This achieves several important things:
- Extreme persistence that survives disk formatting and OS reinstall.
- an invisible, persistent storage hidden inside the hard drive.”
Proof of Concept
PERILOUS PERIPHERALS: THE HIDDEN DANGERS INSIDE WINDOWS & LINUX COMPUTERS
“In new research, Eclypsium found unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers. We then demonstrated a successful attack on a server via a network interface card with unsigned firmware used by each of the big three server manufacturers.”
CWE
CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface (Base)
“The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.”
CWE-1316: Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges (Base)
“The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region.”