ESET researchers recently discovered the first-ever known cyberattack conducted via a UEFI rootkit. We sat down with Jean-Ian Boutin, the ESET senior malware researcher who led the research, and asked a few questions to shed more light on his team's discovery and its consequences.
In your white paper, you claim to have discovered the first-ever UEFI rootkit in the wild. Can you explain your discovery in layman’s terms?
First, let me explain what firmware is. Firmware is executed by the computer as soon as you turn on, or boot, your machine. It is responsible for performing all the early work required to launch the operating system. UEFI is a standard that is meant to replace the proprietary and older BIOS implementation. UEFI defines a standardized interface between the OS and the firmware implementation, allowing for better compatibility and portability between them.
Placing malicious code in such early stages of the boot process ensures exceptional persistence and control over the computer, so it has always been a target of interest for threat actors. Bootkits—threats actively trying to hijack the computer’s boot process—have been a known threat for a long time. Now that UEFI firmware is widely deployed, it is becoming more and more attractive for threat actors to target its various implementations.
So what we have here is an absolute risk, you say?
Well, the overall risk always depends both on consequences and likelihood. As for the consequences, yes, they are severe.
As for the likelihood, it's more complicated. To install a UEFI rootkit, one has to modify the UEFI firmware present on the system. This code is located in SPI flash memory. It is possible to legitimately rewrite this memory content in order to perform a firmware update, but writing to it illegitimately is far more difficult, as several mechanisms are available to prevent an attacker from writing to this flash memory. However, as these write protections need to be configured by many firmware vendors, some may not do so correctly.
Which opens the door to malicious actors, right?
Yes, there are different ways to update the firmware image maliciously. The easiest way is when you have physical access to the system. However, getting direct access to a system is not always possible. That is why being able to use malicious software to do the work is so much more powerful.
In the case we discovered, the threat actor possibly used a software tool to patch the target system's firmware. This tool contained a UEFI rootkit that we later detected in the wild, which is, to our knowledge, the first public description of such an attack.
This discovery can also help put pressure on hardware vendors and third-party firmware developers to use all available security measures to lock down their products’ SPI flash memory.
What does your discovery mean for users?
UEFI rootkits have long been feared because malicious firmware modifications are difficult to detect and are also extremely persistent as they survive operating system reinstall and hard disk replacement.
Due to their dangerous nature, UEFI rootkits have been an exciting topic at security conferences. Moreover, two UEFI rootkits became known via two unrelated data leaks, from the company Hacking Team, a provider of hacking tools for governments and their agencies, and, reportedly, from the CIA.
However, until our discovery, there were no documented cases of UEFI rootkits detected in the wild. In other words, none was ever known to have been used in a real attack. This case can now be used as a real-world example to put pressure on firmware manufacturers to improve the security of their products.
What are the options for those who find themselves targeted by this attack?
For the sake of completeness, I must mention that you can buy a specialized tamper-proof computer. For the vast majority of users, such a solution would be overkill, something like wearing a bulletproof vest all the time, or not using a computer at all.
If we leave aside these non-realistic solutions, there are still some security measures that provide nearly complete security from firmware-targeting attacks. Let me repeat that the attack we discovered was enabled by a poor implementation of UEFI security mechanisms. LoJax’s methods would not have worked against properly configured UEFI firmware.
The security measures can be divided into preventive and reactive ones. As for prevention, it’s important to make sure that your firmware is up to date and well configured. There are specialized firmware security assessment tools like CHIPSEC you can use. Also, visit your motherboard manufacturer website to make sure you have the latest available firmware version installed on your system.
As for reactive measures, we recommend scanning the firmware with a UEFI scanner to detect malicious modifications (see link below). Another reactive option to protect against tampering of the SPI flash memory is to use a hardware-based root of trust which protects a system from a malicious firmware update by refusing to boot it if the UEFI firmware is not correctly signed with a suitable signing key. Intel Boot Guard, which has been available starting with the Haswell family of Intel processors introduced in 2013, is a good example of such technology.
Interested in trying ESET's UEFI scanner? Access it now with a free ESET 30-day trial for home users or business users.
For more information about protection against threats, read about ESET UEFI Scanner and other ESET technologies here.