Vulnerabilities in the Dell and HP laptops could allow an attacker to access information and gain kernel privileges via the devices’ Direct Memory Access (DMA) capability.
DMA is a processing-efficiency approach for peripherals (such as PCI cards or network interface cards) that, as the name suggests, offers direct high-speed access to a system’s memory.
“For example, a network adapter or Firewire device may need to read and write information quickly,” according to an Eclypsium report, issued Thursday. “Passing this traffic up to the OS and back down again is slow and inefficient. Instead, DMA allows devices to directly communicate with the system’s memory without passing through the operating system [or main CPU].”
While useful for conserving processing power, DMA can offer cyberattackers a high-speed ticket to reading and writing memory off a victim system directly. It can also allow attackers to bypass hardware-based root-of-trust and chain-of-trust protections such as UEFI Secure Boot, Intel Boot Guard, HP Sure Start and Microsoft Virtualization-Based Security, Eclypsium found in its research.
If successful in a compromise attempt, “an attacker can…extend control over the execution of the kernel itself,” according to the report. “This can allow an attacker to execute kernel code on the system, insert a wide variety of kernel implants and perform a host of additional activity such as spawning system shells or removing password requirements.”
Bugs in Dell and HP Laptops
In its testing of DMA protections in modern laptops, the Eclypsium team found that Dell’s XPS 13 7390 2-in-1 convertible laptop, released in October 2019, is susceptible to pre-boot DMA attacks.
The high-severity bug (CVE-2019-18579) is an insecure default BIOS configuration in the default firmware settings of the device – this was set to “Enable Thunderbolt (and PCIe behind TBT) pre-boot modules.” According to Dell’s advisory, a local, unauthenticated attacker with physical access to a user’s system can obtain read or write access to main memory via a DMA attack during platform boot. Dell has released the Dell Client BIOS to patch the issue, by turning off the setting by default.
“We were able to perform DMA code-injection directly over Thunderbolt [a USB-type interface for peripherals] during the boot process,” Eclypsium researchers wrote, adding that the attack is thus “closed-chassis” – i.e., attackers would not need to open the hard drive to carry it out. “An attacker could simply connect to the exposed port of the device without otherwise having to modify the device,” they added.
The second flaw was found in the HP ProBook 640 G4, which includes the HP Sure Start Gen4. The report noted that HP Sure Start “incorporates an embedded controller designed to verify the integrity of the BIOS before the CPU executes its first line of code” – which prevents closed-chassis attacks. However, the team found that an open-chassis pre-boot DMA attack (where the computer is cracked open) was still possible.
The bug (which does not have a CVE) allows attackers to compromise the system’s Unified Extensible Firmware Interface (UEFI), which is a specification that defines a software interface between an operating system and platform firmware. A compromise would allow unauthorized code to execute from the beginning of the boot process, before the hand-off to the operating system.
“A pre-boot DMA attack works at this critical time, and has the potential to completely compromise a system, even when other code-integrity protections (like HP Sure Start, Intel Boot Guard or Microsoft Virtualization Based Security with Device Guard) are employed,” Eclypsium researchers said.
The team found that an attack could be carried out if the device were opened, allowing the M.2 wireless card in the system to be replaced with a Xilinx SP605 FPGA development platform.
“The FPGA was then connected to our attacking machine and tested the system against a well-known, public DMA attack technique. We were able to successfully attack the system and gain control over the device,” according to the report. “By using DMA to modify the system RAM during the boot process, we gained arbitrary code execution, thus bypassing the HP Sure Start protections that verify BIOS code integrity before CPU execution starts.”
In response to the findings, HP released an updated version of the BIOS to correct the flaw.
The research firm stressed that the HP ProBook 640 G4 is likely not alone in being vulnerable to such an attack.
“Pre-boot processes are an area of weakness across all laptops and servers from many manufacturers,” the researchers wrote. “In the case of HP, while the machine was not susceptible to a closed-case attack, the version of HP Sure Start in the mode we tested was insufficient to protect against our type of attack. There are many components, from hardware to firmware to the operating system, that all need to work together to prevent pre-boot DMA attacks.”
While both of the discovered vulnerabilities allow exploits that require physical access to the devices, the researchers noted that in general, DMA attacks can also be carried out remotely using malware. To wit: After mounting an attack and implanting malware on a target device, an attacker can then gain additional privileges and control over a compromised host.
“For example, malware on a device could use a vulnerable driver to implant malicious firmware to a DMA-capable device such as a network interface card,” according to the report. “That malicious code could then DMA back into memory during boot to get arbitrary code injection during the boot process. The fundamental ability of DMA attacks to shim attacker code into the boot process makes it useful for almost any type of attacker goal.”