Posts Tagged ‘DefCon32’
[DefCon32] On Your Ocean’s 11 Team, I’m the AI Guy (Technically Girl)
Blending the allure of high-stakes gambles with cutting-edge threats, Harriet Farlow, an AI security specialist, navigates the intersection of adversarial machine learning and casino operations. Targeting Canberra Casino, she exposes frailties in emerging AI integrations for surveillance and monitoring. Her exploits disrupt facial recognition, evade detection, and manipulate gameplay, illustrating broader perils in sectors reliant on such systems.
Harriet’s background spans physics, data science, and government intelligence, culminating in founding ML Security Labs. Her focus: deceiving AI to reveal weaknesses, akin to cyber intrusions but tailored to models’ statistical natures.
Casinos, epitomizing surveillance-heavy environments, increasingly adopt AI for identifying threats and optimizing play. Canberra, though modest, mirrors global trends where a few providers dominate, ripe for widespread impacts.
Adversarial attacks perturb inputs subtly, fooling models without human notice. Harriet employs techniques like fast gradient sign methods, crafting perturbations that reduce classification confidence.
Targeting Facial Recognition
Facial systems, crucial for barring excluded patrons, succumb to perturbations. Harriet generates adversarial examples via libraries like Foolbox, adding noise that misclassifies faces.
Tests show 40.4% success in evading matches, but practical adaptations ensure consistent bypasses. This equates to denial-of-service equivalents in AI, disrupting reliability.
Broader implications span medical diagnostics to autonomous navigation, where minor alterations yield catastrophic errors.
Evading Surveillance and Gameplay Monitoring
Surveillance AI detects anomalies; Harriet’s perturbations obscure actions, mimicking wild exploits.
Gameplay AI monitors for advantages; adversarial inputs confuse chip recognition or behavior analysis, enabling undetected strategies.
Interviews with casino personnel reveal heavy reliance on human oversight, despite AI promises. Only 8% of surveyed organizations secure AI effectively, versus 94% using it.
Lessons from the Inflection Point
Casinos transition to AI amid regulatory voids, amplifying risks. Harriet advocates integrating cyber lessons: robust testing beyond accuracy, incorporating security metrics.
Her findings stress governance: people and processes remain vital, yet overlooked. As societies embrace AI surveillance, vulnerabilities threaten equity and safety.
Harriet’s work urges cross-disciplinary approaches, blending cyber expertise with AI defenses to mitigate emerging dangers.
Links:
EN_DEFCON32MainStageTalks_011_013.md
[DefCon32] The Edges of Surveillance System and Its Supply Chain
As artificial intelligence advances image processing, surveillance technologies proliferate, raising privacy concerns amid rising hacks and illicit collections. Chanin Kim and Myounghun Pak, offensive researchers, probe network video recorders (NVRs), pivotal yet understudied components. Their analysis targets market leaders Hikvision, Dahua, Uniview, and Synology’s Surveillance Station, uncovering vulnerabilities exploitable worldwide and amplifying impacts through OEM supply chains.
Chanin and Myounghun’s journey, spanning four months and yielding a substantial bounty, begins with firmware extraction challenges. They bypass U-Boot mitigations via UART, JTAG, and eMMC methods, extracting systems for scrutiny. HTTP communications and binary analyses reveal flaws, with OEM validations extending reach.
The surge in surveillance, valued at $4.1 billion globally, stems from pandemic demands for monitoring in retail, urban planning, and access control. NVRs store and manage footage from CCTVs and IP cameras, often internet-accessible, making them prime targets.
Limited prior research on NVRs, contrasted with extensive CCTV studies, motivates their focus. Shodan scans reveal over 30,000 exposed devices, echoing past exploits like Mirai botnets leveraging Hikvision RCEs.
Firmware Extraction Methodologies
Extraction proves arduous. Hikvision and Dahua support limited access but restrict root, necessitating alternatives. UART on Hikvision yields shells post-soldering, while Dahua requires JTAG for U-Boot interruption.
Uniview demands eMMC dumping via adapters, bypassing encryptions. Synology’s package simplifies via SSH.
Bypasses include patching U-Boot for boot delays and exploiting environment variables. These enable comprehensive analyses.
Discovered Vulnerabilities and Exploits
Analyses uncover stack overflows, command injections, and credential leaks. Hikvision’s overflows in HTTP handlers allow RCE, while Dahua’s injections in recovery endpoints enable reboots or shells.
Uniview exposes hardcoded credentials and overflows in authentication. Synology suffers overflows in login processes.
Chaining yields scenarios: credential stuffing grants admin, injections open reverses, scanning locates Windows hosts for plugin RCEs, mirroring wild attacks.
Demonstrations automate compromises, shutting devices or commandeering networks.
Supply Chain Ramifications
OEM dynamics amplify risks. Hikvision and Dahua supply rebranded products to Lorex, Luma, Amcrest, and EZVIZ. Similar logics and firmwares mean vulnerabilities propagate.
Purchased devices confirm: four of six Hikvision flaws affect Annke; four of seven Dahua issues impact Swann and Reolink.
CVEs assigned via Korean CNA increase recognized flaws by 61%. Shodan estimates 130,000 Hikvision and 100,000 Dahua units vulnerable.
Recommendations for Defense
Offensive researchers should prioritize HTTP and private protocols beyond studied surfaces. Users avoid external exposures, leveraging vendor DDNS for secure access.
Their findings underscore surveillance’s dual-edged nature, urging robust protections amid expanding deployments.
Links:
[DefCon32] Where’s the Money? Defeating ATM Disk Encryption
In an era where automated teller machines safeguard substantial sums, vulnerabilities in their protective mechanisms pose significant threats. Matt Burch, an independent security researcher specializing in IoT and hardware, unveils critical flaws in Diebold Nixdorf’s Vynamic Security Suite (VSS), the dominant solution in the sector. His investigation, conducted alongside a colleague, exposes six zero-day issues enabling full system compromise within minutes, highlighting systemic risks across financial, gaming, and retail domains.
Matt’s journey stems from a fascination with the surge in ATM crimes, up over 600% recently. Targeting enterprise-grade units holding up to $400,000, he dissects VSS’s full disk encryption, revealing offline code injection and decryption paths. Diebold Nixdorf, one of three primary North American manufacturers with global reach, deploys VSS widely, including in Las Vegas casinos.
ATM architecture divides into a fortified vault for currency and a less secure “top hat” housing computing elements. The vault features robust steel, multi-factor locks, and tamper sensors, while the upper section uses thin metal and vulnerable locks, facilitating entry via simple tools.
VSS integrates endpoint protection, whitelisting, and encryption, yet Matt identifies gaps in its pre-boot authentication (PBA). This layered integrity check, spanning phases, fails to prevent unauthorized access.
Pre-Boot Authentication Vulnerabilities
VSS’s PBA employs a custom Linux-based “Super Sheep” OS for initial validation. Phase one mounts the Windows partition read-only, computing SHA-256 sums for critical files. Successful checks lead to phase two, decrypting and booting Windows.
Matt exploits unencrypted Linux elements, mounting drives offline to inject code. CVE-2023-33204 allows execution via root’s .profile, bypassing sums by targeting non-checked files. Demonstrations show callback shells post-reboot.
Service releases introduce patches, yet recursive flaws emerge. CVE-2023-33205 leverages credential stuffing on weak defaults, enabling admin escalation and command injection.
Recursive Flaws and Persistence
Patches inadvertently create new vectors. Service Release 15 removes directories but overlooks symlinks, leading to CVE-2023-33206. Attackers create traversal links, injecting payloads into root’s directory for execution.
Further updates validate symlinks, yet CVE-2023-40261 strips execute permissions from integrity modules, disabling VSS entirely. This permits arbitrary unsigned binaries, affecting all versions.
Impacts span VSS iterations, with vulnerabilities identified from April to July 2023. Diebold’s responses include end-of-life for older variants and redesigns.
Mitigation and Broader Implications
Defending requires patching to latest releases, enabling security checks to withhold TPM keys, and monitoring physical access. Disabling unused ports and securing drives reduce risks. Alternatives like BitLocker offer robust encryption.
Matt’s findings influence Diebold’s Version 4.4, introducing full Super Sheep encryption. Yet, persistent unencrypted elements suggest ongoing challenges, with likely undiscovered exploits.
This research underscores the need for comprehensive security in high-value systems, where physical and digital safeguards must align.
Links:
[DefCon32] Welcome to DEF CON 32
Amid the vibrant energy of a gathering that has evolved over decades, Jeff Moss, founder of DEF CON, extends a heartfelt invitation to participants, emphasizing the essence of community and shared discovery. Drawing from his experiences since initiating the event 32 years ago, Jeff reflects on its growth from a modest assembly to a sprawling nexus of innovation. His remarks serve as an orientation, guiding attendees through the philosophy that underpins the conference, while encouraging them to forge their own paths in a landscape brimming with possibilities.
Jeff underscores the principle that the event’s value lies in individual contributions, acknowledging the impossibility of experiencing every facet. Early iterations allowed him to witness all activities, yet as attendance swelled, he embraced the reality of missing moments, transforming it into motivation for expanding offerings. This mindset fosters an environment where participants can prioritize personal interests, whether technical pursuits or interpersonal connections.
The structure facilitates meaningful interactions by segmenting the crowd into affinity clusters, such as those focused on automotive exploits or physical barriers. Such divisions enable deeper engagements, turning vast numbers into intimate collaborations. Jeff highlights the encouragement of inquiry, recognizing the specialization driven by technological complexity, which renders no single expert all-knowing.
Origins and Inclusivity
Tracing the roots, Jeff recounts how exclusion from invite-only gatherings inspired an open-door policy, rejecting seasonal naming to avoid constraints. This decision marked a pivotal divergence, prioritizing accessibility over restriction. Growth necessitated strategies to manage scale without diluting intimacy, leading to diverse tracks and villages that cater to niche passions.
The ethos promotes authenticity, allowing attendees to express themselves freely while respecting boundaries. Jeff shares anecdotes illustrating the blend of serendipity and intent that defines encounters, urging newcomers to engage without hesitation.
Global Perspectives and Accountability
Jeff broadens the view to international contexts, noting how varying educational systems influence entry into the field. In some regions, extended periods of exploration nurture creativity, contrasting with structured paths elsewhere. He celebrates the cultural embrace of setbacks as stepping stones, aligning with narratives of resilience.
To ensure trust, a code of conduct governs interactions, applicable universally. Enforcement through transparency reports holds organizers accountable, publicly detailing infractions to validate community standards. This mechanism reinforces integrity, even when confronting uncomfortable truths.
Jeff transitions to highlighting speakers like General Nakasone, whose insights demystify complex topics. Originating from efforts to verify online claims, these sessions connect attendees with authoritative voices, bridging gaps in understanding.
In closing, Jeff invites immersion, promising encounters that enrich beyond expectations.
Links:
[DefCon32] Closing Ceremonies & Awards
As the echoes of innovation and collaboration fade from the halls of the Las Vegas Convention Center, the closing ceremonies of DEF CON 32 encapsulate the spirit of a community that thrives on engagement, resilience, and shared purpose. Hosted by Jeff Moss, known as Dark Tangent, alongside contributors like Mar Williams and representatives from various teams, the event reflects on achievements, honors trailblazers, and charts a course forward. Amid reflections on past giants and celebrations of current triumphs, the gathering underscores the hacker ethos: pushing boundaries while fostering inclusivity and growth.
Jeff opens with a tone of relief and gratitude, acknowledging the unforeseen venue shift that tested the community’s adaptability. What began as a potential setback transformed into a revitalized experience, with attendees praising the spacious layout that evoked the intimacy of earlier conventions. This backdrop sets the stage for a moment of solemnity, where participants pause to honor those who paved the way—mentors, innovators, and unsung heroes whose legacies endure in the collective memory.
The theme of “engage” permeates the proceedings, inspiring initiatives that extend the conference’s impact beyond its annual confines. Jeff highlights two new ventures aimed at channeling the community’s expertise toward societal good and personal advancement. These efforts embody a commitment to proactive involvement, bridging the gap between hacker ingenuity and real-world challenges.
Honoring the Past: A Moment of Reflection
In a poignant start, Jeff calls for silence to remember predecessors whose contributions form the foundation of today’s cybersecurity landscape. This ritual serves as a reminder that progress stems from accumulated wisdom, urging attendees to carry forward the ethos of giving back. The gesture resonates deeply, connecting generations and reinforcing the communal bonds that define DEF CON.
Transitioning to celebration, the ceremonies spotlight individuals and organizations embodying selfless dedication. Jeff presents the Uber Contributor Award to The Prophet, a figure whose decades-long involvement spans writing for 2600 magazine, educating newcomers, and organizing events like Telephreak Challenge and QueerCon. His journey from phreaker to multifaceted influencer exemplifies the transformative power of sustained engagement. The Prophet’s acceptance speech captures the magic of the community, where dreams materialize through collective effort.
Similarly, the Electronic Frontier Foundation (EFF) receives recognition for over two decades of advocacy, raising $130,000 this year alone to support speakers and defend digital rights. Their representative emphasizes EFF’s role in amplifying security research for global benefit, aligning with DEF CON’s mission to empower ethical hacking.
Embracing the Theme: Engagement in Action
The “engage” motif drives discussions on evolving the community’s role in an increasingly complex digital world. Jeff articulates how this concept prompted bold experiments, acknowledging the uncertainties but embracing potential failures as learning opportunities. This mindset reflects the hacker’s adaptability, turning challenges into catalysts for innovation.
Attendees share feedback on the new venue, noting reduced overcrowding and a more relaxed atmosphere reminiscent of DEF CON’s earlier editions. Such observations validate the rapid pivot from the previous location, a decision thrust upon organizers by an unexpected contract termination. Jeff recounts the whirlwind process with humor, crediting quick alliances and the community’s resilience for the seamless transition.
Spotlight on Creativity: The Badge Unveiled
Mar Williams takes the stage to demystify the DEF CON 32 badge, a testament to accessible design and collaborative artistry. Drawing from a concept rooted in inclusivity, Mar aimed to create something approachable for novices while offering depth for experts. Partnering with Raspberry Pi, the badge incorporates layers of interactivity—from loading custom ROMs to developing games via GB Studio.
Acknowledgments flow to the team: Bonnie Finley for 3D modeling and game art, Chris Maltby for plugins and development, Nutmeg for additional game work, Will Tuttle for narrative input, Ada Rose Cannon for character creation, Legion 303 for audio, and others like ICSN for manufacturing. Mar’s vision emphasizes community participation, with the badge’s game dedicating itself to players who engage and make an impact. Challenges like SOS signals and proximity interactions foster connections, while post-conference resources encourage ongoing tinkering.
Triumphs in Competition: Village and Challenge Winners
The ceremonies burst with energy as winners from myriad contests are announced, showcasing the breadth of skills within the community. From the AI Village Capture the Flag, where teams like AI Cyber Challenge victors demonstrate prowess in emerging tech, to the Aviation Village’s high-flying achievements, each victory highlights specialized expertise.
Notable accolades include the AppSec Village’s top performers in secure coding, the Biohacking Village’s innovative health hacks, and the Car Hacking Village’s vehicular exploits. The Cloud Village CTF crowns champions in scalable defenses, while the Crypto & Privacy Village recognizes cryptographic ingenuity. Diversity shines through in the ICS Village’s industrial control triumphs and the IoT Village’s device dissections.
Special mentions go to the Lockpick Village’s dexterity masters, the Misinformation Village’s truth-seekers, and the Packet Hacking Village’s network ninjas. The Password Cracking Contest and Physical Pentest Challenge celebrate brute force and subtle infiltration, respectively. The Policy Village engages in advocacy wins, and the Recon Village excels in intelligence gathering.
Celebrating Hands-On Innovation: More Contest Highlights
The Red Team Village’s strategic simulations yield victors in offensive operations, complemented by the RFID Village’s access control breakthroughs. Rogue Access Point contests reward wireless wizardry, while the Soldering Skills Village honors precise craftsmanship.
The Space Security Village pushes boundaries in orbital defenses, and the Tamper Evident Village masters detection of intrusions. Telecom and Telephreak challenges revive analog artistry, with the Vishing Competition testing social engineering finesse. The Voting Village exposes electoral vulnerabilities, and the WiFi Village dominates spectrum battles.
Wireless CTF and Wordle Hacking rounds out the roster, each contributing to a tapestry of technical mastery and creative problem-solving.
Organizational Gratitude: Behind-the-Scenes Heroes
Jeff extends heartfelt thanks to departments, goons, and volunteers who orchestrated the event amid upheaval. Retiring goons like GMark, Noise, Ira, Estang, Gataca, Duna, The Samorphix, Brick, Wham, Casper receive nods for their service, earning lifetime attendance. New “noons” are welcomed, injecting fresh energy.
Gold badge holders, signifying a decade of dedication, are celebrated for their enduring commitment. This segment underscores the human element sustaining DEF CON’s scale and vibrancy.
Looking Ahead: Community and Continuity
Social channels keep the conversation alive year-round, from Discord movie nights to YouTube archives and Instagram updates. The DEF CON Social Mastodon server offers a moderated space adhering to the code of conduct, providing a haven amid social media fragmentation.
A lighthearted anecdote from Jeff about the badge’s “dark chocolate” Easter egg illustrates serendipitous joy, where proximity triggers whimsical interactions. Such moments encapsulate the conference’s blend of seriousness and play.
Finally, anticipation builds for DEF CON 33, slated for August 7-10 at the same venue. Jeff reflects on the positive reception, affirming the space’s role in reducing FOMO and enhancing connections. With content continually uploaded online, the community remains engaged, ready to disengage only until the next convergence.
Links:
- Jeff Moss on LinkedIn
- The Prophet on LinkedIn
- Mar Williams art website
- Electronic Frontier Foundation website
EN_DEFCON32MainStageTalks_007_010.md
[DefCon32] Counter Deception: Defending Yourself in a World Full of Lies
The digital age promised universal access to knowledge, yet it has evolved into a vast apparatus for misinformation. Tom Cross and Greg Conti examine this paradox, tracing deception’s roots from ancient stratagems to modern cyber threats. Drawing on military doctrines and infosec experiences, they articulate principles for crafting illusions and, crucially, for dismantling them. Their discourse empowers individuals to navigate an ecosystem where truth is obscured, fostering tools and mindsets to reclaim clarity.
Deception, at its essence, conceals reality to gain advantage, influencing decisions or inaction. Historical precedents abound: the Trojan Horse’s cunning infiltration, Civil War quaker guns mimicking artillery, or the Persian Gulf War’s feigned amphibious assault diverting attention from a land offensive. In contemporary conflicts, like Russia’s Ukraine invasion, fabricated narratives such as the “Ghost of Kyiv” bolster morale while masking intentions. These tactics transcend eras, targeting not only laypersons but experts, code, and emerging AI systems.
In cybersecurity, falsehoods manifest at every layer: spoofed signals in the electromagnetic spectrum, false flags in malware attribution, or fabricated personas for network access and influence propagation. Humans fall prey through phishing, typo-squatting, or mimicry, while specialists encounter deceptive metadata or rotating infrastructures. Malware detection evades scrutiny via polymorphism or fileless techniques, and AI succumbs to data poisoning or jailbreaks. Strategically, deception scales from tactical engagements to national objectives, concealing capabilities or projecting alternatives.
Maxims of Effective Deception
Military thinkers have distilled deception into enduring guidelines. Sun Tzu advocated knowing adversaries intimately while veiling one’s own plans, emphasizing preparation and adaptability. Von Clausewitz viewed war—and by extension, conflict—as enveloped in uncertainty, where illusions amplify fog. Modern doctrines, like those from the U.S. Joint Chiefs, outline six tenets: focus on key decision-makers, integration with operations, centralized control for consistency, timeliness to exploit windows, security to prevent leaks, and adaptability to evolving conditions.
These principles manifest in cyber realms. Attackers exploit cognitive biases—confirmation, anchoring, availability—embedding falsehoods in blind spots. Narratives craft compelling stories, leveraging emotions like fear or outrage to propagate. Coordination ensures unified messaging across channels, while adaptability counters defenses. In practice, state actors deploy bot networks for amplification, or cybercriminals use deepfakes for social engineering. Understanding these offensive strategies illuminates defensive countermeasures.
Inverting Principles for Countermeasures
Flipping offensive maxims yields defensive strategies. To counter focus, broaden information sources, triangulating across diverse perspectives to mitigate echo chambers. Against integration, scrutinize contexts: does a claim align with broader evidence? For centralized control, identify coordination patterns—sudden surges in similar messaging signal orchestration.
Timeliness demands vigilance during critical periods, like elections, where rushed judgments invite errors. Security’s inverse promotes transparency, fostering open verification. Adaptability encourages continuous learning, refining discernment amid shifting tactics.
Practically, countering biases involves self-awareness: question assumptions, seek disconfirming evidence. Triangulation cross-references claims against reliable outlets, fact-checkers, or archives. Detecting narratives entails pattern recognition—recurring themes, emotional triggers, or inconsistencies. Tools like reverse image searches or metadata analyzers expose fabrications.
Applying Counter Deception in Digital Ecosystems
The internet’s structure amplifies deceit, yet hackers’ ingenuity can reclaim agency. Social media, often ego-centric, distorts realities through algorithmic funhouse mirrors. Curating expert networks—via follows, endorsements—filters noise, prioritizing credible voices. Protocols for machine-readable endorsements, akin to LinkedIn but open, enable querying endorsed specialists on topics, surfacing informed commentary.
Innovative protocols like backlinks—envisioned by pioneers such as Vannevar Bush, Douglas Engelbart, and Ted Nelson—remain underexplored. These allow viewing inbound references, revealing critiques or extensions. Projects like Xanadu or Hyperscope hint at potentials: annotating documents with trusted overlays, highlighting recent edits for scrutiny. Content moderation challenges stymied widespread adoption, but coupling with decentralized systems like Mastodon offers paths forward.
Large language models (LLMs) present dual edges: prone to hallucinations, yet adept at structuring unstructured data. Dispassionate analysis could unearth omitted facts from narratives, or map expertise by parsing academic sites to link profiles. Defensive tools might flag biases or inconsistencies, augmenting human judgment per Engelbart’s augmentation ethos.
Scaling countermeasures involves education: embedding media literacy in curricula, emphasizing critical inquiry. Resources like Media Literacy Now provide K-12 frameworks, while frameworks like “48 Critical Thinking Questions” prompt probing—who benefits, where’s the origin? Hackers, adept at discerning falsehoods, can prototype tools—feed analyzers, narrative detectors—leveraging open protocols for innovation.
Ultimately, countering deception demands vigilance and creativity. By inverting offensive doctrines, individuals fortify perceptions, transforming the internet from a misinformation conduit into a truth-seeking engine.
Links:
EN_DEFCON32MainStageTalks_006_006.md
[DefCon32] AMDSinkclose – Universal Ring2 Privilege Escalation
In the intricate landscape of hardware security, vulnerabilities often lurk within architectural designs that have persisted for years. Enrique Nissim and Krzysztof Okupski, principal security consultants at IOActive, unravel a profound flaw in AMD processors, dubbed AMDSinkclose. Their exploration reveals how this issue enables attackers to escalate privileges to System Management Mode (SMM), granting unparalleled access to system resources. By dissecting the mechanics of SMM and the processor’s memory handling, they demonstrate exploitation paths that bypass traditional safeguards, affecting a vast array of devices from laptops to servers.
SMM represents one of the most potent execution environments in x86 architectures, offering unrestricted control over I/O devices and memory. It operates stealthily, invisible to operating systems, hypervisors, and security tools like antivirus or endpoint detection systems. During boot, firmware initializes hardware and loads SMM code into a protected memory region called SMRAM. At runtime, the OS can invoke SMM services for tasks such as power management or security checks via System Management Interrupts (SMIs). When an SMI triggers, the processor saves its state in SMRAM, executes the necessary operations, and resumes normal activity. This isolation makes SMM an attractive target for persistence mechanisms, including bootkits or firmware implants.
The duo’s prior research focused on vendor misconfigurations and software flaws in SMM components, yielding tools for vulnerability detection and several CVEs in 2023. However, AMDSinkclose shifts the lens to an inherent processor defect. Unlike Intel systems, where SMM-related Model-Specific Registers (MSRs) are accessible only within SMM, AMD allows ring-0 access to these registers. While an SMM lock bit prevents runtime tampering with key configurations, a critical oversight in the documentation exposes two fields—TClose and AClose—not covered by this lock. TClose, in particular, redirects data accesses in SMM to Memory-Mapped I/O (MMIO) instead of SMRAM, creating a pathway for manipulation.
Architectural Foundations and the Core Vulnerability
At the heart of SMM security lies the memory controller’s role in protecting SMRAM. Firmware configures registers like TSEG Base, TSEG Mask, and SMM Base to overlap and shield this region. The TSEG Mask includes fields for enabling protections, but the unlocked TClose bit allows ring-0 users to set it, altering behavior without violating the lock. When activated, instruction fetches in SMM remain directed to DRAM, but data accesses divert to MMIO. This split enables attackers to control execution by mapping malicious content into the MMIO space.
The feature originated around 2006 to allow SMM code to access I/O devices using SMRAM’s physical addresses, though no vendors appear to utilize it. Documentation warns against leaving TClose set upon SMM exit, as it could misdirect state saves to MMIO. Yet, from ring-0, setting this bit and triggering an SMI causes immediate system instability—freezes or hangs—due to erroneous data handling. This echoes the 2015 Memory Sinkhole attack by Christopher Domas, which remapped the APIC to overlap TSEG, but AMDSinkclose affects the entire TSEG region, amplifying the impact.
Brainstorming exploits, Enrique and Krzysztof considered remapping PCI devices to overlay SMRAM, but initial attempts failed due to hardware restrictions. Instead, they targeted the SMM entry point, a vendor-defined layout typically following EDK2 standards. This includes a core area for support code, per-core SMM bases with entry points at offset 0x8000, and save states at 0xFE00. By setting TClose and invoking an SMI, data reads from these offsets redirect to MMIO, allowing control if an attacker maps a suitable device there.
Exploitation Techniques and Multi-Core Challenges
Exploiting AMDSinkclose requires precise manipulation of the Global Descriptor Table (GDT) and Interrupt Descriptor Table (IDT) within SMM. Upon SMI entry, the processor operates in real mode, loading a GDT from the save state to transition to protected mode. By controlling data fetches via TClose, attackers can supply a malicious GDT, enabling arbitrary code execution. The challenge lies in aligning MMIO mappings with SMM offsets, as direct PCI remapping proved ineffective.
The solution involves leveraging the processor’s address wraparound behavior. In protected mode, addresses exceeding 4GB wrap around, but SMM’s real-mode entry point operates at a lower level where this wraparound can be exploited. By setting the SMM base to a high address like 0xFFFFFFF0, data accesses wrap to low MMIO regions (0x0 to 0xFFF), where integrated devices like the Local APIC reside. This allows overwriting the GDT with controlled content from the APIC’s registers.
Multi-core systems introduce complexity, as all cores enter SMM simultaneously during a broadcast SMI. The exploit must handle concurrent execution, ensuring only one core performs the malicious action while others halt safely. Disabling Simultaneous Multithreading (SMT) simplifies this, but wraparound enables targeting specific cores. Testing on Ryzen laptops confirmed reliability, with code injection succeeding across threads.
Impact on Firmware and Mitigation Strategies
The ramifications extend to firmware persistence. Once in SMM, attackers disable SPI flash protections like ROM Armor, enabling writes to non-volatile storage. Depending on configurations—such as Platform Secure Boot (PSB)—outcomes vary. Fully enabled protections limit writes to variables, potentially breaking Secure Boot by altering keys. Absent PSB, full firmware implants become feasible, resistant to OS reinstalls or updates, as malware can intercept and falsify flash operations.
Research on vendor configurations reveals widespread vulnerabilities: many systems lack ROM Armor or PSB, exposing them to implants. Even with protections, bootkits remain possible, executing pre-OS loader. A fused disable of PSB ensures perpetual vulnerability.
AMD’s microcode update addresses the issue, though coverage may vary. OEMs can patch SMM entry points to detect and halt on TClose activation, integrable into EDK2 or Coreboot. Users might trap MSR accesses via hypervisors. Reported in October 2023, CVE-2023-31315 was assigned, with an advisory published recently. Exploit code is forthcoming, underscoring the need for deepened architectural scrutiny.