Serious Intel Boot Guard Exploit Leaves Unpatched PCs Vulnerable To Firmware Attacks
According to Trammell Hudson, CVE-2020-8705, or “Sleep Attack,” occurs when Intel x86 computers enter the sleep state called “S3.” The sleep state turns off the CPU but keeps the DRAM powered, so the CPU state must be restored upon receiving a wake command. When this process starts, the firmware realizes that the DRAM still has power, and some bits of code are skipped, specifically the code checking part of the firmware.
Since the code checking is skipped, the attacker must do an Indiana Jones-style swap of the normal firmware code and their own code. After this happens, they essentially have code execution and can walk through and disable protections or look for anything interesting. While this code execution path would be difficult as it requires physical access to the device, there are some possible ways for it to happen. Hudson describes a “adversarial agency” taking a laptop and extracting data without a password required. The agency could also install a rootkit for future use should they need it. Here's one described scenario:
While the possible attack methods are a little “tin-foily,” they are not outside the realm of possibility with this security exploit. To prevent an “adversarial agency” from taking control of a device, users need to patch their systems and make sure random people do not gain access to their devices. After all, the user is the first line of defense for a computer. For more info on CVE-2020-8705 click here, and be on the lookout for updates from your PC OEM or motherboard manufacturer for BIOS updates to help squash this exploit.
One example is when clearing customs at an airport. Most travelers close their laptop during descent and allow it to enter S3 sleep. If the device is taken by the adversarial agency upon landing, the disk encryption keys are still in memory. The adversary can remove the bottom cover and attach an in-system flash emulator like the spispy to the flash chip. They can wake the machine and provide it with their firmware via the spispy. This firmware can scan memory to locate the OS lock screen process and disable it, and then allow the system to resume normally. Now they have access to the unlocked device and its secrets, with no need to compel the owner to provide a password.