Table of Contents
Backdoors in your processor? You don't say…
Abstract: We found a backdoor in Intel processors made in the 2000s, ranging from Coppermine to the early Sandy Bridge microarchitectures. The backdoor is triggered by writing a sequence of secret constants to the memory. These constants seem to be unique for a given microarchitecture and can be recovered using a side-channel attack. The backdoor can be well triggered remotely over the network and once exploited, it leads to the full system compromise.
Introduction
While optimizing a certain memory-bound computation, we have found that once a while, an uncached memory request takes significantly (about three times) longer. Strangely, this behavior seemed to be dependent on value (32-bit) on a certain offset of the requested memory page.
Analysis
We ran a second test. We set the given offset to that magic value and iterated through every possible value of the rest of the 32-bit words in the memory page. We found a second combination of offset and a magic value, which, once set, causes the memory page to take even longer to be retrieved.
Interested, whether this process can lead to a page which would take millenia to process, we fixed these two magic values and ran the test again. Upon reaching a certain value, the process performing the test crashed.
Exploitation
Further investigation revealed that the process is crashing due to illegal instruction. Hypothesizing, whether this crash is exploitable, we filled the whole page with JMPs to our shellcode, set these three magic constants and voila, it got executed.
Filling the memory page with desired content can be done e.g. by preparing a crafted “noisy” PNG image with these values as a decompressed RGBA code, sending them as a key material during SSL/SSH handshake or even as fragmented packets which the victim needs to reassemble in memory. The attacker needs to guess alignment of data, which can be either guessed or measured provided that the victim system details are known.
Further details
We believe that the initial lag of the page load is caused by triggering a microcode exception by stumbling upon that magic value. The exception probably checks the next location for the next magic constant in the chain, and once all three constraints are met, it drops privileges to RING0 and jumps to that page.
We were unable to confirm this vulnerability in new processors. It is unknown to us whether Intel ceased to include it, used a 64-bit “magic” constant (which we are unable to find using exhaustive search) or changed the behavior to for example check RSA signature (mirror) of the payload to be executed.
Timeline
- Mar 2013: anomaly discovered
- May 2013: behavior reversed, PoC code written, NSA Litoměřice premium partners notified about the vulnerability
- Jun 2013: ready-to-launch exploits against popular services and operating systems available in GlobalEye proprietary 0day feed
- Aug 2014: vendor notified about the vulnerability, denies
- Dec 2014: this disclosure
Conclusion
Although completely fake, our report demonstrates a backdoor that is trivial to implement in hardware (a single 64-bit comparator), hard to detect and provided that signed payload is used impossible to misuse by attacker even if the principle is discovered. We recommend using auditable open designs instead of magic blackbox processors made by foreign intelligence agencies.
Remarks
Some people objected that Intel is a solid company that would not risk its business and reputation by including a backdoor in their product (they have largely busted this in 2017-2018 with their response to recently disclosed ME and Meltdown/Spectre bugs). The following extensive list of big solid companies should help you to decide about the validity of such argument. Please also note what happened to these companies because of their backdoor (hint: basically nothing).
- Cisco, Linksys, NetGear, Cisco again and again and again and again and again and again and again and again and again.