It’s been almost five years since the discovery of Stuxnet disabused the world of its naivety about nation state malware but since then more attention has been paid to Edward Snowden’s NSA hacking revelations than the occasional technical insights into old-style spying software.
Kaspersky Lab's Equation group report, then, has been a bit of a body shaker while helpfully moving the story on a bit. We can now see that Stuxnet was, as everyone suspected, the business end of a far large platform containing eight or nine modules whose genesis goes back as far as 2001, the defining year for so many things that have been going on behind everyone’s backs.
We also learned that, shockingly this platform has been used to ‘infect’ the low-level firmware chips inside hard drives, something no current security programme could even detect let alone block. Two modules appeared to have this feature, ‘EquationDrug’ and ‘Grayfish’, with version numbers from between 2010 and 2013.
Since each drive vendor develops its drive firmware separately with individual debugging modes, a different routine was needed to attack each one; Samsung, Seagate, Maxtor, Western Digital, Toshiba and Hitachi, and Micron (a reference to SSD drives). Kaspersky’s account asks more questions than it answers but does mention that the individual drives were targeted by serial number, a complex task that undelines that this attack was not trying to infect hard drives in general but for specific operations.
There are good reasons for being careful. Compromising the hard drive of a target is clearly an approach that can’t be over-used for fear of discovery. It’s also risky because interfering with firmware carries the possibility of breaking the drive either during the flashing process or afterwards during its operation. Theory is one thing, practice quite another.
“The Equation group’s HDD firmware reprogramming module is extremely rare,” Kaspersky wrote, underlining how infrequently it had been detected and, most probably, used.
Questions are now being asked about the culpability of drive vendors but this is probably premature. The Equation hackers would need insight into the firmware source code but getting hold of this wouldn’t have been hard for the NSA. They could reverse engineer it if they had enough time and the resources to hire specialist engineers or perhaps even ask for it – US Government agencies have the same right as any nation state to assess computing equipment to a very low level by asking the vendors for privileged access. That wouldn't necessarily be seen as sinister by vendors.
The bigger issue is how they targeted the drives in the field, if that's how the attack worked. Interference during manufacturing seems incredibly unlikely because that assumes they could anticipate where each drive was going to end up. More likely they carried out some kind of reconnaissance to work out which precise brand and model of drive was in specific systems (identifying the serial number) to allow a direct attack on the firmware to be tailored, possibly exploiting zero day firmware vulnerabilities. Then it was just a matter of bypassing any authentication mechanism built into the drive, assuming such a thing existed.
Opinions about how easy this would have been vary widely.
“From what we understand about the architecture of standard hard drives, the controller firmware is typically updatable in the field. The controller is available on the address bus of the computer,” suggests Ken Jones, vice president of engineering at the IronKey division of storage vendor Imation.
“Because the controller is accessible software on the PC can access it.”
The issue for hard drive vendors wasn’t that they had anything to do with the firmware reverse engineering but that they didn’t anticipate that undocumented low-level drive access routines would be abused. It probably seemed too difficult and far-fetched to worry about.
“It says that the manufacturers haven’t really paid much attention, they haven’t fully protected the drives,” says Jones.
Although this kind of low-level interference would have made such an attack almost invisible and impossible to get rid of without destroying the drive, it can’t reach every class of drive. According to Jones, as a small comfort any external hard drive connected via USB would be immune from such an attack because it sits behind the insulation of a bus controller chip (the latter still being vulnerable to attacks such as BadUSB).
Regardless of how easy this attack was – most agree it would be well within the capabilities of a well-resourced and determined nation state – the question now shifts to what if anything can be done to close a vulnerability that has clearly existed for years. Is this firmware hack a proof-of-concept for other attackers? Mark Osborn of security consultancy MWR InfoSecurity is sceptical.
“Deploying an advanced malware implant such as GrayFish simply does not scale well. It’s fine for nation-state agencies with very specific intelligence requirements and budgets which will allow them to develop such tools,” says Osborn.
“For the vast majority of malware authors and criminal gangs this kind of development effort is financially out of reach, technically too difficult, and would simply represent over-kill.”
Inevitably, drive vendors would be looking at how such an attack, however theoretical, could be defended against going forward. It’s not even that it is that new, with at least one well-publicised proof-of-concept attack demonstrated by Dutch researcher Jeroen Domburg in 2013 (he used physical access but some of the principles would hold true for remote attacks).
“Those vendors who ship hard disks may also now be wondering about how they can guarantee the integrity of their products to their customers,” adds Osborn.
“Perhaps providing a cryptographic hash of the firmware images at the time of manufacture and providing customers with specialised software utilities to verify those hashes at any future date? Maybe, but this is likely to require the firmware itself to be part of the process of validation, probably not a good idea. Perhaps by implementing Trusted Platform Module chips on board the disks themselves. This could work, but will obviously add to the costs of manufacture.”
Given the amount of firmware chips in the average PC, defending hard drives alone wouldn’t close the hole on its own. Every hardware subsystem – graphics cards, mice, keyboards, networks cards – has its own firmware too, although not all of them would enable the re-flashing or persistence that characterised the Equation group malware.
Some have dared to raise the issue of whether this might compromise the crown jewels, encrypted drives.
“They can create zero-day vulnerabilities and use them against the firmware, effectively reducing the level of trust in hard drive manufacturers and also in full disk encryption,” suggests Ken Munro, a senior partner at ethical hacking firm, Pen Test Partners.
“If this bypasses full disk encryption (FDE), and in the NSA [Equation group] example it does appear to do so, then there is no way to ensure that any data on the drive is secure. The ability to extract data from an encrypted drive, even one that has been stolen would be a boon to the attacker,” he argues.
“Clearly the vendor community will have to step-up its game and consider base-line security measures built-in at point of manufacture.”
It seems unlikely that an encrypted drive would as easy to compromise and certainly not remotely. The assumption is that on such products every interface is closed off right down to physically accessing the chip on which the key is held, a principle of the Federal Information Processing Standard (FIPS). But even introducing some uncertainty about this could have huge repercussions.
Commentators agree that fixing the new hard drive firmware worry could end up costing buyers.
“This just raises the bar on the cost of building a secure system. If you need every component to be FIPS that is going to double the price of the PC,” says Imation’s Jones.
The question is how much organisations want to spend to defend against an attack probably being used against a tiny number of computers of interest to a nation state such as the US. For now, the answer is it’s probably not worth it. If the NSA is interested then stopping them is probably not possible anyway. But what if Kaspersky Lab or another vendor discovers that hard drive firmware attacks are more common or have been used by other nations such as China or Russia?