Tag Archives: sidechannel

2018 Pwnie Awards cast light and shade on infosec winners

The Meltdown and Spectre side-channel attacks that exploit weaknesses in major processors scored the top spot in two of three Pwnie Award categories — Best Privilege Escalation Bug and Most Innovative Research — but missed on the prize for the most overhyped vulnerability.

The Pwnie Awards, a longtime staple of the Black Hat security conference, are often compared to the Academy Awards, but with spray-painted pony statues, fewer movie stars and more questionable prizes for things like Lamest Vendor Response and Most Overhyped Bug.

This year, the Pwnie Award for Most Innovative Research went to the researchers who discovered the Meltdown and Spectre design flaws. That prize goes to “the most interesting and innovative research in the form of a paper, presentation, tool or even a mailing list post,” according to the Pwnie Awards website. The Pwnie Awards website described Meltdown and Spectre in its nomination for most overhyped bug:

Meltdown and Spectre were vulnerabilities in the way branch prediction worked which would allow attackers the ability to read memory. It was pretty awesome and affected most systems. But at some point, they [sic] hype train jumped the tracks a bit. The normally extremely accurate Fox News called it the worst computer bug in history. One of the researchers who discovered it agreed, calling it ‘probably one of the worst CPU bugs ever found.’ Bloomberg agreed, the Verge said it was a catastrophe.

Meltdown and Spectre also got the Pwnie Award for Best Privilege Escalation Bug — a nod toward the seriousness of the flaws, given how unusual it is for a research team to win in more than one category.

Also worthy of honor

Other Pwnie Awards honored more of the best of security research from the past year, including the following:

  • The Pwnie for Best Server-Side Bug went to the Intel Advanced Management Technology remote vulnerability, a flaw which enabled an exploit that could bypass endpoint protections, including the Windows firewall.
  • The Pwnie for Best Client-Side Bug went to researchers Georgi Geshev and Rob Miller, who built an exploit chain against Android that used 11 bugs in six different applications and was referred to by the Pwnie Awards as “The 12 Logic Bug Gifts of Christmas.”
  • Pwnie for Best Cryptographic Attack went to researchers Hanno Böck, Juraj Somorovsky and Craig Young for their work on the Return Of Bleichenbacher’s Oracle Threat, also known as the ROBOT attack.

The Pwnie Awards initially solicited nominations in 16 categories, but awarded prizes only in the eight categories that received the most nominations, including a Lifetime Achievement Award given to Michal Zalewski, also known as lcamtuf, former director of information security engineering at Google and author of the classic hacker field guide, Silence on the Wire.

Lamest Vendor Response and Most Overhyped Bug

Some of the stiffest competition may have been for the booby prizes.

The competition for overhyped bugs has been fierce recently, as contenders continue to commission websites, logos and social media handles for bugs that might be less than compelling. The nominees for this Pwnie Award honor this year included the Meltdown and Spectre vulnerabilities in microprocessors reported in January, as well as the apparent EFAIL vulnerability in end-to-end encryption technology that turned out to be an issue in email clients.

The winner was a not-quite-tongue-in-cheek parody, Holey Beep, complete with website, logo and tracking assignment as CVE-2018-0492. Beep, a Unix command, “does what you’d expect: it beeps,” according to the description from the Holey Beep website. “Beep allows you to control pitch, duration, and repetitions” of the tone.

But it also can give an attacker root on the target system. “Its job is to live inside shell/perl scripts and allow more granularity than one has otherwise. It is controlled completely through command line options. It’s not supposed to be complex, and it isn’t — but it makes system monitoring (or whatever else it gets hacked into) much more informative. Also it gives you root.”

Meanwhile, Bitfi, maker of the Bitfi Wallet, was the late-entry surprise winner of the Pwnie Award for Lamest Vendor Response. Although the Bifi situation played out just days before Black Hat, The Register reported it received thousands of nominations after hackers comprehensively cracked the devices and demonstrated numerous security failures in the design. Bitfi backed off its offer of a six-figure bounty to any hacker who could manage to hack it by standing behind a very narrow definition of what constituted a hack — namely, pulling the private key off of a device that doesn’t store the key.

The well-documented hacks came after Bitfi’s executive chairman, John McAfee, extolled the device as “the world’s first unhackable storage for cryptocurrency and digital assets.”

As Rev. Robert Ballecer put it on Twitter:

TLBleed attack can extract signing keys, but exploit is difficult

An interesting, new side-channel attack abuses the Hyper-Threading feature of Intel chips and can extract signing keys with near-perfect accuracy. But both the researchers and Intel downplayed the danger of the exploit.

Ben Gras, Kaveh Razavi, Herbert Bos and Cristiano Giuffrida, researchers at Vrije Universiteit’s systems and network security group in Amsterdam, said their attack, called TLBleed, takes advantage of the translation lookaside buffer cache of Intel chips. If exploited, TLBleed can allow an attacker to extract the secret 256-bit key used to sign programs, with a success rate of 99.8% on Intel Skylake and Coffee Lake processors and 98.2% accuracy on Broadwell Xeon chips.

However, Gras tweeted that users shouldn’t be too scared of TLBleed, because while it is “a cool attack, TLBleed is not the new Spectre.”

“The OpenBSD [Hyper-Threading] disable has generated interest in TLBleed,” Gras wrote on Twitter. “TLBleed is a new side-channel in that it shows that (a) cache side-channel protection isn’t enough: TLB still leaks information; (b) side-channel safe code that is constant only in the control flow and time but not data flow is unsafe; (c) coarse-grained access patterns leak more than was previously thought.”

Justin Jett, director of audit and compliance for Plixer LLC, a network traffic analysis company based in Kennebunk, Maine, said TLBleed is “fairly dangerous, given that the flaw allows for applications to gain access to sensitive memory information from other applications.” But he noted that exploiting the issue would prove challenging.

“The execution is fairly difficult, because a malicious actor would need to infect a machine that has an application installed that they want to exploit. Once the machine is infected, the malware would need to know when the application was executing code to be able to know which memory block the sensitive information is being stored in. Only then will the malware be able to attempt to retrieve the data,” Jett wrote via email. “This is particularly concerning for applications that generate encryption keys, because the level of security that the application is trying to create could effectively be reduced to zero if an attacker is able to decipher the private key.”

Intel also downplayed the dangers associated with TLBleed; the company has not assigned a CVE number and will not patch it.

“TLBleed uses the translation lookaside buffer, a cache common to many high-performance microprocessors that stores recent address translations from virtual memory to physical memory. Software or software libraries such as Intel Integrated Performance Primitives Cryptography version U3.1 — written to ensure constant execution time and data independent cache traces should be immune to TLBleed,” Intel wrote in a statement via email. “Protecting our customers’ data and ensuring the security of our products is a top priority for Intel, and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.”

Jett noted that even if Intel isn’t planning a patch, it should do more to alert customers to the dangers of TLBleed.

“Intel’s decision to not release a CVE number is odd at best. While Intel doesn’t plan to patch the vulnerability, a CVE number should have been requested so that organizations could be updated on the vulnerability and software developers would know to write their software in a way that may avoid exploitation,” Jett wrote. “Without a CVE number, many organizations will remain unaware of the flaw.”

The researchers plan to release the full paper this week. And, in August, Gras will present on the topic at Black Hat 2018 in Las Vegas.