Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday February 01 2020, @03:24PM   Printer-friendly
from the total-recall dept.

DMA attacks have never really gone out of fashion and, contrary to popular belief, do not necessarily require physical access. DMA is a misfeature designed provide peripherals with direct, unconstrained, high-speed read-write access to the whole of a system's RAM. Firewire (IEEE-1394) and Thunderbolt are two of the more infamous avenues for attacks, but network cards and other peripherals can also have this capability. One example of abuse would for the peripheral to read and exfiltrate private encryption keys as they rest in memory.

Eclypsium's latest research shows that enterprise laptops, servers, and cloud environments continue to be vulnerable to powerful Direct Memory Access (DMA) attacks, even in the presence of protections such as UEFI Secure Boot, Intel Boot Guard, HP Sure Start, and Microsoft Virtualization-Based Security.

DMA attacks are a particularly powerful class of attacks for any adversary who has compromised firmware locally or remotely on peripheral hardware such as network cards, or who has physical access to a system. As the name suggests, DMA attacks enable a potential attacker to read and write memory off a victim system directly, bypassing the main CPU and OS. By overwriting memory, attackers can gain control over kernel execution to perform virtually any manner of malicious activity. We collectively refer to these as Memory Lane attacks.

Earlier on SN:
Thunderbolt Enables Severe Security Threats (2019)
$300 Device Can Steal Mac FileVault2 Passwords (2016)


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by Anonymous Coward on Saturday February 01 2020, @05:24PM (1 child)

    by Anonymous Coward on Saturday February 01 2020, @05:24PM (#952404)

    Two minimum features for all hardware systems.

    The Intel iAPX432 had parity and separate IO address space designed into the architecture (it was actually designed to use x86 processors as IO processors hidden behind their OWN access chips, which would tag where the i/o came from and only allow it to designated places in memory.)

    The largest issues with the modern system architectures was the decision to keep ECC and IOMMU capabilities for high end or enterprise only hardware when in actuality it should have been implemented on all hardware as standard. The reason we have all these issues today is a lack of focus on security as a necessity and more of it being a 'value add' only for high end parts, which instead results in no one having it because the high end parts don't get the validation of hundreds of millions of consumers using it, and the enterprise gets to be the beta testers for their own necessary security features. As a result everyone loses, whereas in an ideal system the consumers would have new security features that were tested mostly safe, the heavy testing would happen on them, and then the next iteration of high end chips would ensure their parts solved any errata discovered in the previous generation's consumer parts. However today there is a perverse incentive to have performance above all other metrics and both consumer and enterprise security are suffering as a result.

    Starting Score:    0  points
    Moderation   +4  
       Insightful=3, Informative=1, Total=4
    Extra 'Insightful' Modifier   0  

    Total Score:   4  
  • (Score: 4, Interesting) by sjames on Saturday February 01 2020, @08:05PM

    by sjames (2882) on Saturday February 01 2020, @08:05PM (#952462) Journal

    Then, just to make matters worse, just as the IOMMU becomes more commonly supported, Intel decides to implement the Management Engine that can bypass it and provide a nice and safe place to tuck a persistent threat into. And the cherry on top is that they designed systems so that if you disable the ME, the thing won't boot at all. And it doesn't even help performance.