Analysis Computers have enough trouble defending sensitive data in memory from prying eyes that you might think it would be unwise to provide connected peripherals with direct memory access (DMA).
Nonetheless, device makers have embraced DMA because allowing peripherals to read and write memory without oversight from the operating system improves performance. It's become common among network cards and GPUs, where efficient data transfer is necessary.
To prevent abuse, vendors have implemented input-output memory management units (IOMMUs), which attempt to limit the CPU memory regions available to attached devices.
Unfortunately, as with CPU architecture capabilities designed to deliver speed, like speculative execution, device makers turn out to be overconfident in their defenses. A wide variety of laptop and desktop computers can be compromised by malicious peripherals, allowing the extraction of secrets from memory or root shell access, despite supposed protections.
Proof that peripherals can pwn you
A paper presented today at the Network and Distributed System Security Symposium (NDSS) in San Diego, California, describes a set of vulnerabilities in macOS, FreeBSD and Linux, "which notionally utilize IOMMUs to protect against DMA attackers."
"Notionally" here serves as polite academese for "fail to." As the paper's author's put it, "We investigate the state-of-the-art in IOMMU protection across OSes using a novel I/O-security research platform, and find that current protections fall short when faced with a functional network peripheral that uses its complex interactions with the OS for ill intent."
The aforementioned research platform, dubbed Thunderclap, and the associated paper represent the work of assorted academic and think tank boffins: A. Theodore Markettos, Colin Rothwell, Allison Pearce, Simon W. Moore and and Robert N. M. Watson (University of Cambridge), Brett F. Gutstein (Rice University) and Peter G. Neumann (SRI International).
Thunderclap is an FPGA-based peripheral emulation platform. The researchers claim that it can be used to interact with a computer's operating system and device drivers, bypassing IOMMU protections. You connect it to a device and seconds later it's compromised.
"The results are catastrophic, revealing endemic vulnerability in the presence of a more sophisticated attacker despite explicit use of the IOMMU to limit I/O attacks," the paper explains. "We are able to achieve IOMMU bypass within seconds of connecting on vulnerable macOS, FreeBSD, and Linux systems across a range of hardware vendors."
Malicious peripherals may not be as alarming as remote code execution vulnerabilities because local access to a target device is necessary and physical security precautions can be effective. But DMA attack scenarios shouldn't be brushed aside too lightly.
"In the most accessible version of our story, you obtain a VGA/Ethernet dongle, power adapter, or USB-C storage device from a malicious person/organization and your device is immediately compromised," explained Robert N. M. Watson, senior lecturer in systems, security, and architecture at the University of Cambridge Computer Laboratory, in an email to The Register.
"But it's worth thinking a bit further: we can consider a range of supply-chain and remote device attacks, such as attacks against Thunderbolt or PCIe devices themselves that allow them to then be used against an end user."
Think supply and demand
As examples, Watson cites supply chain attacks originating in a factory, in firmware development or as a result of a vulnerability in Ethernet dongle firmware or Wi-Fi firmware that could be triggered via malicious network traffic. He also suggests the possibility of a supply chain attack involving malicious firmware on public USB charging stations.
Devices that include a Thunderbolt port (Apple laptops and desktops since 2011, some Linux and Windows laptops and desktops since 2016) or support for Thunderbolt 3 (USB-C) or older versions of Thunderbolt (Mini DisplayPort connectors) are affected by this research. So too are devices that support PCIe peripherals, via plug-in cards or chips on the motherboard.
Apple, Microsoft, and Intel have issued patches that partially fix the revealed vulnerabilities, but additional mitigation will be required to address the issues identified by the researchers. Windows, which makes limited use of the IOMMU, remains vulnerable.
For example, the paper says, macOS 10.12.4 implements a code-pointer blinding feature, which limits the injection of kernel pointers, but fails to secure other data fields, including data pointers, that may leave systems vulnerable.
Microsoft released Kernel DMA Protection to provide IOMMU support in devices shipped with Windows 10 1803 (updates don't count), but hasn't yet provided documentation for device-driver makers to implement such defenses.
The Linux security team considers peripheral security within its threat model but considers the problem difficult to address due to the variety of drivers. An Intel patch in kernel 4.21 enables the IOMMU for Thunderbolt ports and disables ATS. The FreeBSD Project doesn't consider malicious peripherals part of its threat model but asked for a copy of the paper for review.
"For systems where it's under admin control (Linux and FreeBSD), we recommend enabling the IOMMU at boot," said Theodore Markettos, senior research associate in the University of Cambridge Computer Laboratory, in an email to The Register.
"This will likely have a performance implication. More deeply, we are highlighting that the interface between peripherals capable of DMA and the kernel is much richer and more nuanced than previously thought."
Markettos argues that operating system kernels and device drivers should treat interactions with peripherals with the same wariness that operating systems and applications treat data from the internet.
Intel Management Engine JTAG flaw proof-of-concept publishedREAD MORE
"The system call interface between processes and the kernel has received substantial scrutiny and hardening, and the same process should be applied to the interface between peripherals and the kernel," he said.
The researchers have been exploring IOMMU issues since 2015 and working with vendors since 2016. They've have now released Thunderclap as an open source project to assist with the identification and remediation of DMA attacks.
"We began our research into this problem in early 2015 using OS tracing techniques to investigate how IOMMUs were managed by various operating systems – the results were not encouraging," said Watson.
"This led us to a far more detailed multi-year vulnerability analysis, hardware prototyping, and close conversations with multiple vendors to help them understand the implications of the work on their current and future products. We hope very much that our open-source research platform will now be used by vendors to develop and test their I/O security protections going forwards."
And it appears there's more work to do. Markettos said DMA in peripherals has become popular due to increasing performance requirements. He and his colleagues have yet to poke around NVMe storage on phones, other phone peripherals including Wi-Fi, GPU, audio, mobile baseband, and cameras, SD card spec v7 (which supports PCIe/NVMe), NVMe over ethernet and other fabrics, and DMA in embedded systems.
"We've been advising vendors to be cautious about adding new devices that support DMA before they understand the security model," said Markettos. ®