Security researchers Joanna Rutkowska and Rafal Wojtczuk just published a research paper describing a new SMM rootkit that installs via a CPU caching vulnerability. This could be the "perfect storm" of rootkits.
Rutkowska is known for developing Blue Pill, a rootkit claimed be to be undetectable. The assertion of being undetectable started quite a controversy and to my knowledge was never officially proven. It appears that the new rootkit code is an enhanced version of Blue Pill and has even more insidious capabilities.What's SMM
Originally, System Management Mode (SMM) was added to processor firmware as a way for hardware developers to repair problems in their products by using software. As I understand it, SMM operates at a much higher privilege level than the operating system, which means operating systems can't control or read SMM. In fact, to understand what's going on in SMM usually requires a logic analyzer. To get a better grasp of SMM, check out Robert R. Collin's paper titled "Intel's System Management Mode":
"System Management Mode (SMM) is intended to be used for advanced power-management features and other operating-system-independent functions. The chipset is programmed to recognize many types of events and timeouts. When such an event occurs, the chipset asserts the SMI# input pin. At the next instruction boundary, the microprocessor saves its entire state and enters SMM."Not a new issue
SMM security-related issues have been know about for several years. In fact Federico Biancuzzi of SecurityFocus interviewed security researcher Loic Duflot in June of 2006, and wrote the article "The quest for ring 0." OK, now I'm confused. If this exploit has so much potential and has been around this long. Why haven't any exploits surfaced? Rutkowska explains why:
"Even though there have been several presentations about SMM security-related issues in the past 2-3 years, none of the research considered how to bypass system-level protection of the SMM memory."Code exploits SMM
Rutkowska and Wojtczuk claim they found a method to bypass the system-level protection, allowing them to create a rootkit that installs in the SMM space. Rutkowska has a press release (pdf) on her Web site that describes the attack as a two-step process:
- First an attacker is required to get access to a so called SMM memory. The code within SMM memory (also called SMRAM) is executed with the highest privileges on PC platforms. SMM is more privileged than the kernel-mode code (Ring 0), and even more privileged than a hardware hypervisor code, often referred to as Ring-1. SMM code can be thought of as if executing in Ring -2
- Once the attacker got access to the SMM memory, the attacker can inject a special shellcode2 into the SMM. The payload of the shellcode will depend on the circumstances. In our attack we use a shellcode that adds a simple backdoor to a Xen hypervisor. The whole point about using a shellcode located inside SMM is that Intel TXT doesn't validate the SMM memory during the trusted launch process. Consequently, the attacker might be able to survive the TXT trusted launch, if and only if, he or she decides to shelter themselves inside the SMM memory.
This exploit is completely new and potentially devastating. The malware code takes over a PC with little or no recourse to remove it. I imagine the rootkit will be able to contact command and control servers and of course have the latest and greatest malware payloads rivaling any of the newest trojans. All of this and the computer's operating system is totally oblivious to what's happening.Why release this
Many people, myself included are asking why publicize this? It seems that the researchers felt something needed to be done to motivate Intel into fixing the vulnerability. Rutkowska mentioned that Intel management was informed of this vulnerability in 2005 by its own employees. Rutkowska and Duflot both claim that they also informed Intel of the problem on numerous occasions
According to Rutkowska's Black Hat DC 09 presentation Intel informed CERT about this potential exploit, eventually receiving tracking number (VU#12784). It appears that's as far as Intel went, and that hasn't set well with Rutkowska. So Rutkowska and Wojtczuk decided to force Intel's hand by releasing one version of exploit code and a paper about the vulnerability. Rutkowska explains her position further (courtesy of JHeary and NetworkWorld):
"If there is a bug somewhere and if it stays unpatched for enough time, it is almost guaranteed that various people will (re)discover and exploit it, sooner or later. So, don't blame researchers that they find and publish information about bugs - they actually do a favor to our society."Intel's response
Intel feels that it has a solution in SMI transfer monitor (STM). The premise is that STM places SMM in a sandbox as the following Intel patent explains:
"The VMM may provide the secret value from the VMM to a measurement agent executing in system management mode (SMM) of the processing system. The measurement agent may be a system management interrupt (SMI) transfer monitor (STM) that can create virtual machines to execute in SMM."
It's my understanding that the fix has not been released yet. More importantly, I didn't see any information as to how this would be rolled out. If you think about it, that's going to be one huge task.Final thoughts
The two researchers obviously feel strongly about what they're doing. I'm sure Intel does as well, especially since they have a proposed solution. So where does it go from here? Your guess is as good as mine. I do know that we don't need an ultimate rootkit in the wild.
"Need to know" security news and advice delivered each Tuesday, TechRepublic's IT Security newsletter gives you the hands-on advice you need for locking down your systems and making sure they stay that way. Automatically sign up today!