Once thought of as just a theoretical possibility, Unified Extensible Firmware Interface (UEFI) exploits are becoming more common – and their threat is ever increasing. The UEFI specification introduced features to create a robust firmware platform capable of avoiding attacks. However, the certainty of vulnerabilities leaking into any given UEFI implementation provides opportunities to attackers looking to carry out an exploit. The evidence of this growing threat is apparent, as Kaspersky has recently detected the third case of a UEFI firmware-level compromise in the wild called MoonBounce.

Why are UEFI Firmware Exploits so Dangerous?

Before exploring past exploits and possible countermeasures, it is crucial to understand why UEFI exploits are one of the most dangerous types of threats:

• UEFI firmware has elevated access privileges over the operating system (OS) kernel, meaning that any UEFI exploit can alter OS executables and file systems.
• Recovery back to a golden image is also not possible. UEFI images reside in SPI flash, which is non-volatile storage on the motherboard, so recovery from an SSD / HDD format source is not an option.
• In addition, since any malicious code installed in SPI flash cannot be deleted, a reinstall of the OS merely reactivates the exploit.

The Latest Evolution of UEFI Rootkits – MoonBounce

Advanced persistent threat (APT) groups, such as China’s APT41 and Russia’s APT28, have been pioneers in UEFI exploits. In 2018, the first UEFI rootkit detected in the wild was APT28’s LoJax rootkit. In 2020, a suspected Chinese APT leveraged a UEFI rootkit in its MosaicRegressor malware. These two exploits leverage a modified UEFI image that included additional UEFI modules to execute the attack. According to Kaspersky, APT41 created the MoonBounce malware. APT41 carried out its attack not by creating new components but by altering preexisting UEFI components – making it nearly impossible for current security software to detect. Firmware-based rootkit attacks such as this have similar goals of installing a malware loader in user space to communicate with the attacker’s command-and-control (C&C) server and install additional malware. The evolution of BIOS firmware to open designs has only encouraged and empowered rogue actors. Further adding to their arsenal is the move towards an open-source software (OSS) development model for BIOS firmware. This model can potentially give hackers insight into unmitigated vulnerabilities in the OSS or inject malicious code into the projects themselves. Both scenarios provide potential attack vectors vulnerable to subsequent exploitation. UEFI Secure Boot, Intel® Boot Guard and AMD Platform Security Processor (PSP) are advancements to help mitigate UEFI threats, but they have some limitations. These countermeasures can detect when the firmware has been altered but cannot recover the system where the altered firmware resides. This limitation can potentially cause massive downtime spikes to data centers as they manually recover the firmware – if this is even possible. Likewise, Measured Boot with a trusted platform module (TPM) also has its limitations. While remote attestation can detect firmware intrusion, remediation still requires intervention to mitigate an attack.

Protecting a Platform from UEFI Firmware Exploits

Protection from UEFI firmware exploits requires secure bootup. This means the system must start with untampered UEFI/BIOS firmware and trusted baseboard management controller (BMC) firmware (where applicable). The system must also detect run-time exploit attempts and defend against such attacks. Both aspects of platform security require in-depth expertise in BIOS and BMC. AMI has applied its 35 years of deep expertise in BIOS and BMC firmware development to address both requirements and deliver its robust Tektagon™ XFR Platform Firmware Resiliency (PFR) solution. Tektagon XFR provides a Platform Root of Trust (PRoT) for onboard firmware components to detect, protect and, if necessary, recover firmware from unauthorized modification. And by orchestrating a connection between the Root of Trust and other firmware components, Tektagon XFR can deliver advanced features – making the AMI PRoT solution stand out from others. In this instance, Tektagon XFR would simply eradicate the MoonBounce attack from the system. It would detect that the content of the flash had been tampered with during Power On and trigger an automatic recovery from a known good image. To learn more about firmware security with the Tektagon XFR Platform Resiliency Firmware solution, please visit ami.com/tektagon and contact us at ami.com/contact. All trademarks and registered trademarks referenced here are the property of their respective owners in the US and other countries.