There are not one, but two side-channel attacks to talk about this week. First Pacman, a bypass for ARM’s pointer authentication code. PAC is a protection built into certain ARM processors, where a cryptographic hash value must be set correctly when updating the pointer. If the hash is not set correctly, the program simply crashes. The idea is that most exploits use pointer manipulation to achieve code execution and require a clear instruction call to set the PAC correctly. PAC is actually indicated on the unused bits of the pointer. AArch64 uses 64-bit values for architecture addressing, but address space is much lower than 64-bit, typically 53-bit or less. This leaves 11 bits for PAC values. Note that the application does not hold the key and does not count this value. The 11 bit may not seem to be enough to secure it, but keep in mind that every failed attempt crashes the program and the keys are rebuilt when each application is restarted.
What Pacman introduces is an oracle, a way to gain insight into data that attackers shouldn’t be able to see. In this case, Oracle works through speculative attacks, like Meltdown and Specter. The key is to try to guess a secure pointer dereference, and then observe the resulting system changes. All you can notice is that the PAC Oracle strategy requires an attack for the code already running on the target system. Pacman is not a remote code execution error, nor is it effective in achieving RCE.
Another important note is that you need to compile PAC support in an application to benefit from this protection. The platform that makes the most use of PAC is MacOS, as it is a feature baked in their M1 processor. The attack chain will probably start with a remote execution bug in an application that lacks PAC support. Once a foothold is placed in the place of the privileged user, it will be used as part of the exploit against the Pacman kernel. See PDF paper for all details.
Another side-channel strategy is adopting a new one from an old concept. Hertzblide is based on the idea that it is possible to distinguish between a CPU running on the base frequency and a CPU running on the boost frequency. The difference between the two states may reveal some information about what the CPU is actually doing. They have a pre-release PDF of the paper for details. The biggest consequence is that standard protection against timing attacks, constant-time programming, is not always a reliable security measure.
This works because most frequency processors rely on thermal design power (TDP), the maximum power and heat dissipation amount designed to use a CPU. Different directions will actually use different amounts of energy and will generate less heat based on it. More heat means earlier throttling. And throttling can be detected during the reaction. The details are quite striking. Did you know that even the same instructions, with different register values, result in slightly different power draws? They chose a single cryptographic algorithm, SIKE, a quantum-secure key exchange strategy and tried to find out the secret key of a server through time attack.
There is a paradox in SIKE, which has been discovered and revealed in this study that it is possible to short-circuit part of an algorithm, such as a series of internal, intermediate steps resulting in a value of zero. If you know multiple consecutive bits of the static key, it is possible to create a challenge that strikes a chord. With extensions, you can make a guess at the next unknown bit, and only if you guess correctly will it get confused. SIKE uses constant-time programming, so this weird behavior doesn’t matter. And here the heartblood observation factor is included. The SIKE algorithm consumes less energy when performing a run containing this cascading-zero behavior. Low power consumption means that the processor can stay on the full boost clock for a long time, which means that the key exchange is done somewhat faster. Suffice it to say, it can also be detected by a network connection They tested against CloudFlare’s CIRCL library and Microsoft’s PQCrypto-SIDH and were able to recover hidden keys from both implementation within 36 and 89 hours, respectively.
There is a mitigation against this particular error, where it is possible to identify a challenge value that can trigger cascading zeros and block that value before any processing can take place. It will be interesting to see if other similar algorithms can be explored and weapons made using this same technique. Unfortunately, from a processor’s point of view, the only real mitigation is to completely disable boost clocks, which has a significant negative effect on processor performance.
Defeating Nest Secure Boots
[Frédéric Basse] There’s a Google Nest hub, and he really wanted to run his own Linux distro on it. There is a problem though. Nest uses secure boot and there is no official way to unlock bootloader. Since when will a dedicated hacker stop him? The first step was to find a UART interface, which was hidden in some indefinite channel of a ribbon cable. After a custom breakout board, and he had a U-boot log. The bootup button combinations were then run and see what U-Boot tried to do with each. One of these adjustments allows you to boot from recovery.img, which is ideal if not for secure boot.
The great thing about U-Boot is that it is open source under GPL, which means the source code should be available for viewing. Find a bug at that source, and you have a safe boot bypass. Open source also allows for some fun approaches, such as running some part of the U-Boot code in userspace and exercising it with fuss. This is the method that found a bug where a block size of more than 512 bytes triggers a buffer overflow. This is a generally safe estimate, since there are no USB storage devices with more than 512 block sizes.
Never be afraid, a device like Raspberry Pi Pico can run TinyUSB, which allows you to mimic a USB device with the size of the block you specify. An experiment has determined that this method has resulted in repetitive crashes on real devices. Code execution is fairly straightforward, basically writing a bunch of instructions
noop The code indicates a payload, and then overwrites the return pointer. The code execution in Cannes, all that was left was to overwrite the command list and run a custom U-boot script. Beauty thing.
ping How much can a single pair packet of commands tell us about a network and remote host? According to [HD Moore], Very little. For example, take the time allotted for a ping response and calculate a distance based on 186 miles per millisecond. This is the perfect distance to the maximum distance of the host, although a reasonable lower and upper limit for estimating a quarter and a half distance of that amount. The TTL most likely started at 64, 128, or 255, and you can guess really well about the hops facing the path. Oops, and if that response starts at 64, it probably points to a Linux machine, 128 for Windows, and 255 typically a BSD-derived OS.
Receiving a “destination host unreachable” message is interesting in itself, and tells you about the router that should be able to access the given IP. Then there is Broadcast IP, which sends messages to each IP of the subnet. Using something like Wireshark for packet capture is highlighted here. The command itself can only show one response, although multiple devices have responded. Each of these responses contains a MAC address that can be found to find the seller. Another interesting strategy is to evade the source IP address of a ping packet, using a machine that you control with a public IP address. Ping to every device on the network, and many of them will send feedback through their default gateway. You can find an internet connection or VPN which is not supposed to be there Who knew you could learn so much from humility
Bits and bytes
Internet Explorer is really, really, dead. If you’re into the idea, as I was, that Internet Explorer retired a few years ago, you might be surprised to learn that it was finally completed this past week. This month’s patch was on Tuesday, the last day IE was officially supported, and from now on it is completely unsupported, and will eventually be uninstalled automatically from Windows 10 machines. Also coming in this month’s patch drop is finally the fix for Folina, as well as a few other important fixes.
HTTPS has a new record for DDOS attacks, set last week: CloudFlare has mitigated an attack featuring 26 million requests per second. An HTTPS attack is a one-two punch that depletes both raw data saturation as well as server resources. The attack came from a botnet on the VM and the server, most of which came from Indonesia.
Running the free level of Travis CI? Did you know that your logs are accessible worldwide via a Travis API call? And on top of that, the whole history of the run since 2013 seems to be available. It may be time to revoke some access keys. Travis makes an attempt to censor access tokens, but several of them somehow manipulate it.
Ever wondered what the risk matrix looks like for sniffing TPM in boot? It’s not beautiful. Secure researchers looked at six popular encryption and secure boot applications, and none of them used parameter encryption features that would encrypt cable keys. The ironic conclusion? Separate TPM chips are less secure than those built into the motherboard’s firmware.