SoylentNews

Firmware Vulnerabilities in Supermicro Systems

posted by mrpg on Friday June 08 2018, @12:09PM   
from the not-so-super-it-seems dept.

MrPlow writes:

Submitted via IRC for mechanicjay

We have already seen both proof-of-concept and in-the-wild demonstrations of attacks targeting system firmware such as SMM rootkits, device firmware replacement, and even usurping firmware-based features for malware. As part of our ongoing security research efforts, we recently reviewed various Supermicro systems and discovered serious firmware vulnerabilities. Such issues affect many models and have persisted for many years, which could be problematic since these systems are commonly used as data center servers. As other researchers have shown, Supermicro is not alone. Security vulnerabilities in firmware continue to be discovered regularly. Unfortunately, malicious activity at the firmware and hardware level is invisible to most detection and response mechanisms in use today, leaving many critical systems exposed to attacks that target this area.

These vulnerabilities are easily exploitable and provide malware with the same impact as having physical access to the kind of system that is usually stored in a secure data center. A physical attacker who can open the case could simply attach a hardware programmer to bypass protections. Using the attacks we have discovered, it is possible to scale powerful malware much more effectively through malicious software instead of physical access.

Source: Firmware Vulnerabilities in Supermicro Systems

---

Original Submission

• so incompetent/malicious (Score: 1, Interesting) by Anonymous Coward on Friday June 08 2018, @05:41PM

  by Anonymous Coward on Friday June 08 2018, @05:41PM (#690417)

  Good security practice would be to set the least privilege required. In some cases, however, the descriptor itself is writable by software executing on the host processor. In this case, the mechanism doesn’t protect anything at all! Malware can simply modify the permissions and bypass any protection, potentially leaving firmware exposed.

  so ridiculous it seems malicious.

  In general, the flash descriptor region should be “immutable” once the system completes the manufacturing process and is ready for production use.

  i would think there could be a secure way to let the buyer control this, but hey why not just flash some insecure shit and then lock it down(or don't, i guess). that's Intel's motto, right?

  This manual analysis uncovered that Supermicro X9DRi-LN4F+, X10SLM-F and X11SSM-F systems did not securely authenticate firmware updates. We confirmed this result by intentionally modifying the binary in official Supermicro firmware images and observing that the system firmware still accepted and installed the modified package. We were able to download a standard firmware update, change the code to one of the modules, and successfully apply it to systems using the standard update tools.

  people pay good money for supermicro with the expectation of quality. there's no excuse for the above incompetence/sabotage. if i had bought any of their expensive shit i would be pissed.

  We contacted Supermicro in January of this year to report these vulnerabilities and recommend that they implement industry standard practices to cryptographically authenticate firmware updates and implement anti-rollback for security fixes.

  hmm, it's hard to tell from glancing at supermicro's hilarious cold fusion based website when it's released firmware to address this nonsense. i'm just glad their firmware team is as high caliber as the web dev team.

  Starting Score:	0		points
  Moderation		+1
  Interesting=1, Total=1
  Extra 'Interesting' Modifier		0
  Total Score:		1