CSCE 790 Computer Systems Security Firmware Security Professor - - PowerPoint PPT Presentation

csce 790 computer systems security firmware security
SMART_READER_LITE
LIVE PREVIEW

CSCE 790 Computer Systems Security Firmware Security Professor - - PowerPoint PPT Presentation

Dec 23, 2023 126 likes •305 views

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020 Previous Class Virus vs. Worm vs. Trojan Drive-by download Botnet Rootkit CSCE 790 Computer Systems Security 2 Trojan vs. Virus

slide-1
SLIDE 1

CSCE 790
 Computer Systems Security
 
 Firmware Security

Professor Qiang Zeng Spring 2020

slide-2
SLIDE 2

Previous Class

  • Virus vs. Worm vs. Trojan
  • Drive-by download
  • Botnet
  • Rootkit

CSCE 790 – Computer Systems Security 2

slide-3
SLIDE 3

Trojan vs. Virus vs. Worm

CSCE 790 – Computer Systems Security 3

Trojan Virus Worm Self-replicated N Y Y Self-contained Y N Y Relying on exploitation

  • f vulnerabilities

N Maybe (e.g., scripting viruses) Y

slide-4
SLIDE 4

Previous Class

CSCE 790 – Computer Systems Security 4

It is possible that an experienced attacker may combine the techniques of viruses and worms (called blended attack). Could you find a concrete example among the famous worm attacks? For example, Melissa (1998) sends itself through emailing, which is the behavior of worms; besides, it also infects local documents by copying itself into them, which is the behavior of viruses There are many such examples that combine worms and viruses: Nimda, Conficker, Stuxnet

slide-5
SLIDE 5

Previous Class

CSCE 790 – Computer Systems Security 5

Does a drive-by download attack always succeed when you open a malicious webpage?

  • No. If there are no vulnerabilities in your browser, drive-by

downloads cannot succeed. By design the scripting code (e.g., Javascript code) should not cause harms; it relies on exploiting vulnerabilities of browsers to gain extra privileges to download and install malware. So it is important to keep your browser up to date

slide-6
SLIDE 6

Previous Class

CSCE 790 – Computer Systems Security 6

Describe the main components in a classic botnet structure

(1) Botmaster (2) C&C Servers (3) Bots

slide-7
SLIDE 7

Normal Software (optional) Firmware Hardware

Firmware

  • Firmware: special software that is embedded in

a hardware device and directly communicates with the device

  • Almost all electronics devices run firmware

– Examples: printers, mobile phones, routers, USB drives, medical implants, TV, cars, and traffic lights

CSCE 790 – Computer Systems Security 7

slide-8
SLIDE 8

Firmware Characteristics

  • Firmware is typically stored on non-volatile

memory, such as EEROM (Electrically Erasable Programmable Read-Only Memory)

  • Firmware update (called flashing) is typically

rare, and the update process is not foolproof (you may brick it)

– E.g., DVD player companies may release new firmware to support new formats of discs. But few would got to update a DVD player – It means that a bug in a device’s firmware may persist during the lifetime of the device

CSCE 790 – Computer Systems Security 8

slide-9
SLIDE 9

Attack measures

  • Instead of exploiting a bug in firmware, however,

most current hack cases modify firmware to launch attacks

  • Two cases:

– Attack firmware in USB drives – Attack firmware in cars

CSCE 790 – Computer Systems Security 9

slide-10
SLIDE 10

Case 1: BadUSB [Blackhat2014]

CSCE 790 – Computer Systems Security 10

slide-11
SLIDE 11

No effective defenses from USB attacks exist

CSCE 790 – Computer Systems Security 11

slide-12
SLIDE 12

Case 2: Remote Exploitation of Cars [BlackHat’15]

  • Threat:

– Remotely (e.g., from PA to CA) control a 2013-2015 Jeep, Ram, or Dodge

  • Impact:

– Fiat Chrysler recalled 1.4 million cars (07/2015) – Sprint changed its network firewall policy

CSCE 790 – Computer Systems Security 12

slide-13
SLIDE 13

Terms and Architecture

  • Terms:

– CAN: Controller Area Network. A message bus in vehicle for inter-component communication – ECU: Electronic Control Unit. Each is an embedded system. E.g., engine ECU, transmission ECU, airbag ECU, ABS ECU – Head unit: multimedia system

CSCE 790 – Computer Systems Security 13

Head unit/ OMAP chip/ UConnect WiFi Cellular V850/ IOC

CAN bus

Engine ECU Transmission ECU ABS ECU Steering ECU

slide-14
SLIDE 14

Attack Procedure

1. Establish network connection with victim car: either guess WiFi password, or scan cars connected to the Sprint cellular network 2. Port scanning and find a vulnerable service listening at some port 3. Exploit the service to login the computer for the head unit 4. Command the head unit to “update” the firmware at V850 5. Now you can send messages to the ECUs to control the car

CSCE 790 – Computer Systems Security 14

Head unit/ OMAP chip/ UConnect WiFi Cellular V850/ IOC

CAN bus

Engine ECU Transmission ECU ABS ECU Steering ECU

slide-15
SLIDE 15

Talk by Miller and Valasek

  • https://youtu.be/OobLb1McxnI

CSCE 790 – Computer Systems Security 15

slide-16
SLIDE 16

References

  • “BadUSB — On accessories that turn evil”, K

Nohl, et al. BlackHat’14

  • “Remote Exploitation of An Unaltered Passenger

Vehicle”, C Miller and C Valasek. BlackHat’15

CSCE 790 – Computer Systems Security 16