Some potential: How bad software updates could over-volt, brick remote servers
PMFault – from the eggheads who brought you Plundervolt and Voltpillager
Video Presenting at Black Hat Asia 2023, two infosec researchers detailed how remote updates can be exploited to modify voltage on a Supermicro motherboard and remotely brick machines.
The duo behind the discovery, both at the University of Birmingham in England, like to play around with voltage. They were already known for revealing a vulnerability in Intel's Software Guard Extensions (SGX) feature – a hole exploitable via their technique dubbed Plundervolt – and a $30 2020 Intel SGX cloud server attack called Voltpillager.
When the voltage of these systems is altered, their cryptographic processes can be manipulated or compromised, and attackers can potentially extract sensitive data. Voltpillager was not a remote attack and required physical proximity, such as a rogue employee, so was limited in threat scope. Plundervolt, while possibly remote, required privileged access to the operating system and BIOS.
Intel issued firmware updates to prevent Plundervolt, and stated at the time that techniques that require an attacker to physically open a case – such as Voltpillager – were not considered vulnerabilities.
This latest power management tampering, or PMFault, can be carried out by a privileged software adversary who doesn't have access to Board Management Controller (BMC) login credentials. It allows the same data extraction as its predecessor attacks, but through the BMC flash memory chip. In other words, you need to be able to update the BMC firmware to include malicious code to perform the attack, which means you'll need root access pretty much.
So this is quite an involved assault - it's not for those just casually breaking into a network to steal files and extort corporations, it's for those who want to cause chaos at the hardware level.
The two researchers, PhD student Zitai Chen and Professor David Oswald, said in a January academic publication that "undervolting through the PMBus allows breaking the integrity guarantees of SGX enclaves, bypassing Intel's countermeasures against previous undervolting attacks like Plundervolt."
By then overvolting – sending 2.84 volts to the 1.52 spec'd CPU – the pair permanently bricked two separate Xeon CPUs used in the experiment. This was done by a malicious software update. Below is a video demonstrating PMFault.
They pinned the vulnerabilities on insecure firmware encryption and signing mechanisms, a lack of authentication when it comes to firmware and IPMI KCS control interface upgrades, and the overall motherboard design.
- Arm acknowledges side-channel attack but denies Cortex-M is crocked
- Millions of mobile phones come pre-infected with malware, say researchers
- Intel's SGX cloud-server security defeated by $30 chip, electrical shenanigans
- Two Microsoft Windows bugs under attack, one in Secure Boot with a manual fix
"I think this attack is nicer than the VoltPillager," said Chen at Black Hat Asia 2023, adding that it was "less messy" as there were fewer cables and no need to control temperature.
"With this attack we only need the Ethernet cable to connect to the server. And that's it. We don't need to open the box anymore."
The duo's big takeaway is that trusted execution environments "like SGX must not only rely on the security of the CPU itself, but also of that of management components [in] the hardware design of the platform."
Overall, they advocate thinking of a server as an embedded system, declare that SGX attestation cannot measure BMC firmware, and warn that improper jumper configuration can cause security issues.
Chen and Oswald offer a PMBusDetect tool for identifying if a voltage regulator modeule is connected to the PMBus. However, they've only yet tested it on Reneseas ISL68137 and Monolithic MP2955.
Supermicro did respond to Chen and Oswald's disclosure back in January. The hardware maker rated the vulnerability's severity as "high" and issued new signed BMC firmware for all affected Supermicro motherboard SKUs.
That includes those that incorporate the Intelligent Platform Management Interface (IPMI) – the X11, X12, H11, and H12 product lines. ®