Skip to content

Posts tagged ‘cold boot’

8
Jul

Mac OS X “Lion” and the Dangers of Restoring from a Partition

With the release of Mac OS X 10.7 “Lion”, Apple is changing the way we’ll be doing system upgrades. Lion will only be available to Snow Leopard users electronically through the Mac App Store, and thus it will no longer be possible to purchase a physical install DVD. Before I go into the intended topic of this post, allow me to <rant> about how I’m not too keen on this decision. As a result, it’s no longer possible to install OSX on Macs that don’t have an internet connection (yes, these do exist!). Even for those who do, many don’t have very fast internet connections, or may have extremely low usage caps. I know that UK internet providers still offer entry-level packages 5Mbit lines and stupidly low 1-5 GB monthly limits. Lion is likely to be about 4GBs in size. Oh, you want to install OSX on more than one Mac? Suuure, just download the 4GB install package on each Mac.</rant> You get the point…

The real thing I wanted to talk about is Apple’s solution to system re-installation or recovery, and specifically the security implications thereof. Installing Lion will cause it to create a small ‘recovery’ partition on your primary drive, which is essentially a partition equivalent of an install DVD. If you have a problem with your main OSX partition, and need to run repair utilities or reinstall, you just boot from the recovery partition. Sounds really useful actually, as you don’t need to worry about having a DVD handy. But where this solution brings ease-of-use and convenience, it also brings some security risks.

Although Mac OS X is still largely unaffected by malware, the winds of change are indeed upon us, and it’s unrealistic to assume the Mac will remain virus-free forever. As viruses get more complex they find ever-improving ways of making themselves persistent on a system. There are countless examples of Master Boot Record viruses on Windows where the only sure-fire solution is to completely wipe the hard drive and reinstall from CD/DVD. Because once your system is infected, good security practice forces you to assume that any file or executable is compromised. So, how does this affect a bootable recovery partition? If I were a virus writer, I’d make pretty darn sure that I infect a core installer file on the recovery partition so that any  installation will have my virus. The nice thing about DVDs is that even if you insert them into an infected computer, they can’t be changed, and so you have complete confidence (barring a very advanced/rare firmware virus) that wiping and reinstalling from DVD yields a fresh and clean install of your system. As a security professional, I don’t think I’ll be able to trust a recovery partition like that.

But wait, there’s more. Viruses are a concern, but if you’re a smart user they’re not really a problem. We can run anti-virus, disable Flash, Java and Javascript, etc, and as long as you browse safely and don’t open random executables you’ll be perfectly fine. What about an attacker with remote or physical access to your computer? If I remotely hack into someone’s Mac, either due to a vulnerability or a weak password, all I have to do is modify a few files in the existing system and the recovery partition, and boom, persistent back door! The user can reinstall OSX all they want… my back door will simply be reinstalled with it.

But wait, there’s more. Even if your computer is completely secure from remote attacks, the same goes for someone with physical access to your Mac. Now, as a disclaimer, I have to point out that anytime an attacker gets physical access to any computer it’s game over. Even if you use FileVault, I may not be able to log in to your computer (unless some kind of cold boot attack is still possible), but I can easily boot your computer from a USB stick (or remove your hard drive if you have a Firmware password), trojan your recovery partition and corrupt your primary boot partition (similar to an Evil Maid attack). What are you going to do? Reinstall Mac OS X from my trojaned recovery partition of course! It’s not like you have a choice.

Any system compromise can lead to the installation of a persistent backdoor for the lifetime of the recovery partition on that hard drive. I don’t want to sound overly critical; I am probably one of the most fervent Apple supporters you’ll ever meet (with good reasons too), but not to the extent it stops me from thinking about potential impacts. I appreciate that Apple is trying to make things easier for Joe User. Being able to download updates electronically is awesome, and I honestly believe many would take advantage of that (myself included), but users should be given the choice. Particularly in situations like this where not having a physical install medium can have an impact on both usability and security.

My guess (or maybe hope) is that if Apple is not going to sell install DVDs itself, we may be allowed to burn our own install DVDs after downloading Lion from the Mac App Store. Either way, it is fairly trivial to burn the Lion installer onto a DVD – but users shouldn’t have to (or sometimes can’t) resort to a hack like that. Take heed, Apple.

[Update 21/07/11] Ok, so Apple isn’t going to allow users to burn their own DVDs, but they have confirmed that Lion will be available on a mini USB drive in August (for $69).

28
Feb

Compromising Disk Encryption Through Cold-boot Key Recovery

Note: This is a 2008 post I managed to recover from my archive of Securethoughts.net

A team of researchers at Princeton University have devised a way to compromise disk encryption mechanisms, and even other disk image encryption mechanisms, by recovering latent data such as encryption keys, that remain in RAM after a computer has been rebooted/turned off. They’ve tested their attacks against encryption mechanisms such as Microsoft’s BitLocker, TrueCrypt, Linux’s dm-crypt and Apple’s FileVault.

This technique is ingeniously simple, and they’ve written a tool from which they can boot a computer, and do a memory-dump of the latent memory data, which they then run through another utility which searches the memory dump for encryption keys, which can then be used to decrypt the encrypted drive/images.

With regards to Mac OS X 10.4 and 10.5, the group discovered that the system stores multiple copies of users’ login passwords in active memory, making them vulnerable to such imaging attacks. Those passwords are often used to protect the keychain, which stores many of users’ other passwords, including the FileVault password, and potentially other encrypted disk images. This is potentially something Apple should address, and they don’t really want to be storing passwords and keys in memory, if they don’t have to. Keeping as little sensitive data in active memory as possible would greatly reduce the chances of it being compromised in imaging attacks such as these.

Check out their great video below, and read more about it after the jump!

This research was performed by J. Alex Halderman , Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. A combined team from Princeton, the Electronic Frontier Foundation (EFF), and Wind River Systems (specialists in decide software optimisation).

Although their paper focuses on recovering encryption keys, naturally this technique can be applied to any other sensitive information that may be stored in RAM at the time. They’ve also used data reconstructions algorithms to recover data that has already decayed from RAM. According to their paper, keys with 10% of bits decayed can be reconstructed to nearly any 128-bit AES key within a few seconds. On average, they found that memory was legible for up to 20 seconds on some hardware, but this number could extend into several minutes. By drastically reducing the temperature of the memory modules, they were able to reliably recover data up to 10 minutes after removing the RAM chip. Particularly interesting is their research with ECC memory, where they found that machines that support ECC memory tended to wipe RAM upon boot, which is done to avoid errors in the case of uninitialised reads of the memory. Unfortunately this is a characteristic of ECC-enabled machines, and not the memory modules themselves, meaning that ECC memory inserted into non-ECC hardware was still recoverable.

The software developed by the team, presumably with the particular help of Wind River Systems, allowed them to recover the memory dumps in several ways including: over a PXE network boot, which would send the data in UDP packets over the network; using a USB drive to run a small memory-dumping program; or using an EFI bootloader, such as those used on Intel Macs, which also allowed data transfer over netboot.

I highly recommend their paper, particularly the first and last thirds of it, as they are quite legibly written (the middle is mainly about recovering different encryption algorithm keys). It will be interesting to see what kind of innovation will come about in attempts to defend against such attacks. No doubt we will be seeing some papers on that subject soon.

Stop SOPA
WordPress Blog
WordPress Themes