DMA attack
This article needs additional citations for verification. (August 2012) |
A DMA attack is a type of side channel attack in computer security, in which an attacker can penetrate a computer or other device, by exploiting the presence of high-speed expansion ports that permit direct memory access ("DMA").
DMA is included in a number of connections, because it lets a connected device (such as a camcorder, network card, storage device or other useful accessory or internal PC card) transfer data between itself and the computer at the maximum speed possible, by using direct hardware access to read or write directly to main memory without any operating system supervision or interaction. The legitimate uses of such devices have led to wide adoption of DMA accessories and connections, but an attacker can equally use the same facility to create an accessory that will connect using the same port, and can then potentially gain direct access to part or all of the physical memory address space of the computer, bypassing all OS security mechanisms and any lock screen, to read all that the computer is doing, steal data or cryptographic keys, install or run spyware and other exploits, or modify the system to allow backdoors or other malware.
Preventing physical connections to such ports will prevent DMA attacks. On many computers, the connections implementing DMA can also be disabled within the BIOS or UEFI if unused, which depending on the device can nullify or reduce the potential for this type of exploit.
Examples of connections that may allow DMA in some exploitable form include FireWire, CardBus, ExpressCard, Thunderbolt, PCI, and PCI Express.
Description
In modern operating systems, non-system (i.e. user-mode) applications are prevented from accessing any memory locations not explicitly authorized by the virtual memory controller (called Memory Management Unit (MMU)). In addition to containing damage that may be caused by software flaws and allowing more efficient use of physical memory, this architecture forms an integral part of the security of the operating system. However, kernel-mode drivers, many hardware devices, and user-mode vulnerabilities allow direct, unimpeded access of the physical memory address space. The physical address space includes all of the main system memory, as well as memory-mapped buses and hardware devices (which are controlled by the operating system through reads and writes as if they were ordinary RAM).
The OHCI 1394 specification allow devices, for performance reasons, to bypass the operating system and access physical memory directly without any security restrictions.[1][2] But SBP2 devices can easily be spoofed, allowing an operating system to be tricked into allowing an attacker to both read and write physical memory, and thereby to gain unauthorised access to sensitive cryptographic material in memory.[3]
Systems may still be vulnerable to a DMA attack by an external device if they have a FireWire, ExpressCard, Thunderbolt or other expansion port that, like PCI and PCI Express in general, connects attached devices directly to the physical rather than virtual memory address space. Therefore, systems that do not have a FireWire port may still be vulnerable if they have a PCMCIA/CardBus/PC Card or ExpressCard port that would allow an expansion card with a FireWire to be installed.
Uses
An attacker could, for example, use a social engineering attack and send a "lucky winner" a rogue Thunderbolt device. Upon connecting to a computer, the device, through its direct and unimpeded access to the physical address space, would be able to bypass almost all security measures of the OS and have the ability to read encryption keys, install malware, or control other system devices. The attack can also easily be executed where the attacker has physical access to the target computer.
In addition to the abovementioned nefarious uses, there are some beneficial uses too as the DMA features can be used for kernel debugging purposes.[4]
There is a special tool called Inception for this attack, only requiring a machine with an expansion port suspectible to this attack. Another application known to exploit this vulnerability to gain unauthorized access to running Windows, Mac OS and Linux computers is the spyware FinFireWire.[5]
Mitigations
DMA attacks can be prevented by physical security against potentially malicious devices.
Kernel-mode drivers have many powers to compromise the security of a system, and care must be taken to load trusted, bug-free drivers. For example, recent versions of Microsoft Windows require drivers to be tested and digitally signed by Microsoft, and prevent any non-signed drivers from being installed.
An IOMMU is a technology that applies the concept of virtual memory to such system busses, and may be used to close this security vulnerability (as well as increase system stability). Intel brands its IOMMU as VT-d. AMD brands its IOMMU as AMD-Vi. Linux supports these IOMMUs[6][7] and can use them to block I/O transactions that have not been allowed. However, IOMMUs mostly are used instead to give guest virtual machines passthrough access to host hardware.
Newer operating systems may take steps to prevent DMA attacks. Recent Linux kernels include the option to disable DMA by Firewire devices while allowing other functions.[8] Windows 8.1 can prevent access to DMA ports of an unattended machine if the console is locked.[9]
Never allowing sensitive data to be stored in RAM unencrypted is another mitigation venue against DMA attacks. However, protection against reading the RAM's content is not enough, as writing to RAM via DMA may compromise seemingly secure storage outside of RAM by code injection. An example of the latter kind of attack is TRESOR-HUNT, which exposes cryptographic keys that are never stored in RAM (but only in certain CPU registers); TRESOR-HUNT achieves this by overwriting parts of the operating system.[10]
See also
References
- ^ Freddie Witherden (2010-09-07). "Memory Forensics Over the IEEE 1394 Interface" (PDF). Retrieved 2011-04-02.
{{cite journal}}
: Cite journal requires|journal=
(help) - ^ Piegdon, David Rasmus (2006-02-21). Hacking in Physically Addressable Memory - A Proof of Concept (PDF). Seminar of Advanced Exploitation Techniques, WS 2006/2007.
- ^ "Blocking the SBP-2 Driver to Reduce 1394 DMA Threats to BitLocker". Microsoft. 2011-03-04. Retrieved 2011-03-15.
- ^ Tom Green. "1394 Kernel Debugging: Tips And Tricks". Microsoft. Archived from the original on 2011-04-09. Retrieved 2011-04-02.
{{cite web}}
: Unknown parameter|deadurl=
ignored (|url-status=
suggested) (help) - ^ "Tactical IT Intrusion Portfolio: FINFIREWIRE" (PDF) (PDF). Gamma International. October 2011. Retrieved 2014-04-28.
- ^ http://www.cs.fsu.edu/~baker/devices/lxr/http/source/linux/Documentation/Intel-IOMMU.txt
- ^ http://cateee.net/lkddb/web-lkddb/AMD_IOMMU.html
- ^ Hermann, Uwe (14 August 2008). "Physical memory attacks via Firewire/DMA - Part 1: Overview and Mitigation". Archived from the original on 4 March 2016.
{{cite web}}
: Unknown parameter|dead-url=
ignored (|url-status=
suggested) (help) - ^ "Countermeasures: Protecting BitLocker-encrypted Devices from Attacks". Microsoft. January 2014. Archived from the original on 2014-03-24.
{{cite web}}
: Unknown parameter|deadurl=
ignored (|url-status=
suggested) (help) - ^ Blass, Erik-Oliver (2012). "TRESOR-HUNT". Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC '12: 71. doi:10.1145/2420950.2420961. ISBN 9781450313124.
External links
- 0wned by an iPod - hacking by Firewire presentation by Maximillian Dornseif from the PacSec/core04 conference, Japan, 2004
- Physical memory attacks via Firewire/DMA - Part 1: Overview and Mitigation (Update)
- Paper on hacking in physically addressable memory ("SEAT1394")