TID-212: FW/SW Update Integrity Shared Secrets Extraction
Threat Description
Some devices utilize a shared secret authentication scheme to verify firmware updates. This is an improvement over unauthenticated updates (as in TID-211) and can be coupled with or implemented as symmetric key encryption for added confidentiality. This process requires the shared secret to be present on the device for verification (or decryption). Often the same shared secret will be used across many or all examples of that model device, therefore if the secret is compromised on one device it makes all others vulnerable. A threat actor may extract the secret via various means then use it to fabricate a malicious firmware update that is accepted by all devices that use the same integrity mechanism and shared secret.
Malicious firmware or software could then be installed to (i) “brick” the device and prevent it from being reset, (ii) install malicious logic on the device, including to gain persistence, or (iii) enable access to ease reverse engineering the device to identify remotely exploitable vulnerabilities on the device.
Threat Maturity and Evidence
Proof of Concept
Siemens SIMATIC S7-1500 Series Allow for Bypass of All Protected Boot Features
“The Siemens S7-1500 series PLCs implement a boot-time firmware validation scheme using a combination of hardware-enabled firmware decryption and binary integrity validation in the Siemens ADONIS operating system. Multiple architectural vulnerabilities exist which allow attackers to bypass all protected boot features, resulting in persistent arbitrary modification of operating code and data. With physical access to a single device, attackers can exploit the vulnerabilities to generate valid AES keys for most of the S7-1500 series firmwares, including the one modified by attackers. The custom-modified firmware can be authenticated and decrypted by the original boot process. By flashing this malicious firmware on a target device, either physically or by exploiting an existing remote code execution vulnerability, attackers could persistently gain arbitrary code execution and potentially circumvent any official security and firmware updates, without the user’s knowledge.”
CWE
CVE
CVE-2022-38773
“Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.”