The Bugs in Your Bootloaders: Embedded Device Secure Boot Fails and How to Fix Them

Many embedded devices use complex boot sequences to initiate their operating systems. These boot chains often implement security features that enforce the authenticity and integrity of each boot stage, forming a chain of trust. Often, a single vulnerability is enough to break and circumvent these chains of trust. We think that this, combined with a lack of basic hardware security features, is an industry-wide problem. In this presentation, we show how to easily break secure boot implementations by exploiting bootloader vulnerabilities using physical access or remote, root-equivalent access. One of our examples is a fully-patched network device that runs a fork of grub 0.97 (yes, the legacy one). We also show how it was possible to fully compromise the Dell iDRAC9 secure boot chain using a new vulnerability called "RootBlock". This class of vulnerabilities allows an attacker to achieve the highest possible level of compromise: Undetectable arbitrary code execution that can persist across all sorts of recovery or reset attempts. Unfortunately, vendors often need to resort to drastic measures to fix these vulnerabilities and in the worst cases these vulnerabilities remain unfixed until updated hardware is shipped. We briefly discuss our process of identifying, exploiting, reporting, and receiving fixes for these vulnerabilities and present a survey of popular bootloaders, in which we analyze their attack surface. Since bootloaders are often shared across many different types of devices and vendors, this is a great opportunity to help secure embedded devices across the entire industry. Motivated by that, we discuss what needs to happen to rule out such vulnerabilities entirely. By: Henrik Ferdinand Nölscher | Security Engineer, Google Full Abstract and Presentation Materials: https://ift.tt/7UkXwiq

source https://www.youtube.com/watch?v=eZczwNFzxus