25 March 2019
Briefly, some crew of attackers—I suspect an intelligence agency; more on that below—has managed to abuse ASUS' update channel and private signing key to distribute bogus patches. These patches checked the victims' MAC address; machines on the this list (about 600 of them) downloaded the malware payload from a bogus website that masqueraded as belonging to ASUS.
The reason this is so bad is that trust in the update channel is utterly vital. All software is at least potentially buggy, and some of those bugs will be security holes. For this reason, virtually all software is shipped with a built-in update mechanism. Indeed, on consumer versions of Windows 10 patching is automatic, and while this poses some risks, overall it has almost certainly signficantly improved the security of the Internet: most penetrations exploit known holes, holes for which patches exist but have not been installed.
Now we have an attack that points out the danger of malicious updates. If this scares people away from patching their systems, it will hurt the entire Internet, possibly in a disastrous way. Did the people who planned this operation take this risk into account?
I once blogged that
In cyberattacks, there are no accepted rules… The world knows, more or less, what is acceptable behavior in the physical world: what constitutes an act of war, what is spying, what you can do about these, etc. Do the same rules apply in cyberspace?ShadowHammer is norm-destroying—or rather, it would be, if such norms existed.
Ten years ago, the New York Times reported on a plan to hack Saddam Hussein's bank accounts. They refrained because of the possible consequences and side-effects:
“We are deeply concerned about the second- and third-order effects of certain types of computer network operations, as well as about laws of war that require attacks be proportional to the threat,” said one senior officer.Whoever launched this attack was either not worried about such issues—or felt that the payoff was worth it.
This officer, who like others spoke on the condition of anonymity because of the classified nature of the work, also acknowledged that these concerns had restrained the military from carrying out a number of proposed missions. “In some ways, we are self-deterred today because we really haven’t answered that yet in the world of cyber,” the officer said.
I am convinced that this attack was launched by some country's intelligence service. I say this for three reasons: it abuses a very sensitive channel, it shows very selective targeting, and the targeting is based on information—MAC addresses—that aren't that widely available.
The nature of the channel is the first clue. Code-signing keys are precious commodities. While one would hope that a company the size of ASUS would use a hardware security model to protect its keys, at the very least they would be expected to have strong defenses around them. This isn't the first time that code-signing keys have been abused—Stuxnet did it, too—but it's not a common thing. This alone shows the attacker's sophistication.
The highly selective nature of the attack is the next clue. Only ASUS users were affected, and of the estimated 500,000 computers that downloaded the bogus update, the real damage was done to only 600. An ordinary thief, one who wanted bank account logins and passwords, wouldn't bother with this sort of restriction. Also, limiting the number of machines that had the actual malicious payload minimizes the risk of discovery. Any attacker might worry about discovery, but governments really don't want covert operations tied back to them.
Finally, there's the question of how the party behind this attack (and we don't know who it is, though Kaspersky has tied it to the BARIUM APT, which some have linked to China). MAC addresses aren't secret, but they're not trivially available to most parties. They're widely available on-LAN; that might suggest that the attacker already had a toehold in the targets' networks. Under certain circumstances, other LANs within an enterprise can see them, too (DHCP Relay, if you're curious). If any of these machines are laptops that have been used elsewhere, e.g., a hotel or public hotspot, someone who had penetrated that infrasctructure could monitor them. They could be on shipping boxes, or in some vendor database, e.g., inside ASUS—which we already know has been compromised. It's even possible to get them externally, if the victims (a) use IPv6, (b) use stateless IP address configuration, (c) don't use the privacy-enhanced version; and (d) visit the attacker's IPv6 website. In any of these scenarios, you'd also have to link particular MAC addresses to particular targets.
Any or all of these are possible. But they all require significant investment and really good intelligence. To me, this plus the other two clues strongly point to some country's intelligence agency.
So: we have a state actor willing to take signficant risks with the total security of the Internet, in pursuit of an objective that may or may not be that important. This is, shall we say, bad. The question is what the security community should recommend as a response. The answer is not obvious.
"Don't patch" is a horrid idea. As I noted, that's a sure-fire recipe for disaster. In fact, if the ShadowHammerers' goal was to destroy the Internet, this is a pretty good first step, to be followed by attacks on the patch channels of other major vendors. (Hmm: as I write this, I'm installing patches to my phone and tablet…)
Cautious individuals and sites may wish to defer installing patches; indeed, the newest version of Windows 10 appears to permit a deferral of 35 days. That allows time for bugs to be shaken out of the patch, and for confirmation that the update is indeed a real one. (Zetter noted that some ASUS users did wonder about the ShadowHammer patch.) Sometimes, though, you can't wait. Equifax was apparently hit very soon after the vulnerability was announced.
Nor is waiting for a vendor announcement a panacea. A high-end attacker—that is to say, a major intelligence agency—can piggyback malware on an existing patch, possibly by subborning insiders.
A high-end vendor might have an independent patch verification team. It would anonymously download patches, reverse-engineer them, and see if they did what they're supposed to do. Of course, that's expensive, and small IoT vendors may not be able to afford that. Besides, there are many versions of some patches, e.g., for different language packs.
Ultimately, I suspect that there is no single answer. System penetration via bogus updates were predicted 45 years ago in the classic Karger/Schell report on Multics security. (For those following along at home, it's in Section 188.8.131.52.) Caution and auditing by all concerned seems to be the best technical path forward. But policy makers have a role, too. We desperately need international agreements on military norms for cyberspace. These won't be easy to devise nor to enforce, but ultimately, self-restraint may be the best answer.
Update: Juan Andres Guerrero-Saade points out that Flame also abused the update channel. This is quite correct, and I should have been clearer about that. My blog post on Flame, cited above, was written a few days before that aspect of it was described publicly, and I misremembered the attack as spoofing a code-signing certificate à la Stuxnet. Flame was thus just as damaging to vital norms.
Update 2: Matt Blaze has an excellent New York Times op-ed on the importance of patching, despite this incident.