Most consumer tech manufacturers figure that once a hacker can physically access a device, there’s not much left that can be done to defend it. But a group of researchers known as the Exploitee.rs say that giving up too soon leaves devices susceptible to hardware attacks that can lead to bigger problems. Hardware hack techniques, like a flash memory attack they developed, can facilitate the discovery of software bugs that not only expose the one hacked device, but every other unit of that model.
The group, which includes the hackers Zenofex, 0x00string, and maximus64_, presented their flash memory hack this week at the Black Hat security conference in Las Vegas. On Saturday, they built on it at DefCon by presenting 22 zero-day (previously undisclosed) exploits in a range of consumer products—mainly home automation and Internet of Things devices—a number of which they discovered using that hack.
“We [wanted] to get this technique into the hands of more people, because there are so many more devices out there that nobody’s looking at,” that have the susceptible type of flash memory, says CJ Heres, a hardware hacker in the Exploitee.rs group. “And manufacturers are still releasing things using this. It’s still a very prevalent flash type.”
Tinker, Hacker, Solder, Spy
On many devices, all it takes to access everything stored on the flash memory chip is a $10 SD card reader, some wire, and some soldering experience. The researchers focus on a type of memory called eMMC flash, because they can access it cheaply and easily by connecting to just five pins (electrical connections). By soldering five wires to the chip—a command line, a clock line, a data line, a power line, and a ground—they can get read/write access that lets them exfiltrate data and start reprogramming to eventually control the whole device.
This process could theoretically work on any digital device that uses flash memory, but most types would require interfacing with more pins than eMMC does, and many necessitate specialized readers and protocols to gain access. “For the most common types of memory, most people don’t want to open things up, solder to them, do all that kind of stuff, because it’s kind of a giant mess,” Heres says. “But with eMMC you can do it with five wires. Of course, the soldering is a little difficult, but totally doable. It’s not 40 or 50 wires.”
Some data recovery services already use that method to help customers retrieve their information from broken devices, but it isn’t widely known.
Once the five wires are in place on the flash memory chip, the researchers found that they could easily connect them to virtually any cheap and widely available SD card reader, because eMMC flash is a sort of cousin of SD cards, and uses similar protocols. As a result, once you hook the eMMC flash to the SD card reader, you can plug into a computer like normal. From there, a hacker can take copies of the operating system, firmware, and software of the chip, and start looking for software vulnerabilities in the code.
In a Flash
It might all sound a bit niche, but eMMC flash is used in many cell phones, tablets, set top boxes, televisions, smart home devices like refrigerators, and even automotive tech. Heres notes, for example, that the Samsung Galaxy S2, S3, S4, and S5 all used eMMC flash, totaling about 125 million units sold among those models. And the zero-day vulnerabilities the group presented exist in some well-known devices, like the Amazon Tap, VIZIO’s P60UI smart TV, and the Cujo smart firewall.
Exploitee.rs often works with companies to do official disclosures and encourage patching, but for DefCon the group took the controversial step of first announcing their vulnerabilities live on stage; many of the companies have not yet had an opportunity to respond or patch the flaws. “We will be releasing all the vulnerabilities during the presentation as 0days to give attendees the ability to go home and unlock their hardware prior to patches being released,” the group wrote.
Often most of a devices’s high-level software is encrypted and secure, Heres says, but by analyzing the firmware (the fundamental code layer that coordinates the hardware and the software) the researchers often find undisclosed backdoors or other bugs with their flash technique. And some systems don’t encrypt thoroughly enough, enabling the group to go through most or all of the data stored in the memory to find even more holes.
“Getting that information out alone usually informs enough to give us the insight to find another bug, because instead of looking at a black box you have a bunch of data,” Heres says. “Most manufacturers think if you have physical access it’s game over, but that’s just more of a reason to push for encrypted data and encryption as a whole, because if these things are encrypted it makes it a lot harder [for an attacker].”
Physical access is still a difficult thing to defend against, but manufacturers can make it more difficult for attackers to find generalizable flaws by taking more steps to lock down flash memory, from making the chips harder to physically interface with, to comprehensively encrypting software on the chip. This round of vulnerabilities has caught them by surprise; the next one shouldn’t.