Mitigating Stagefright Attacks with the ARM Performance Monitoring Unit
Last summer, Stagefright became a household name after security researcher Joshua Drake highlighted vulnerabilities in the multimedia engine in Android that goes by the same name. His BlackHat USA talk last August set off a gold rush amongst bug hunters. Android security bulletins continue to be filled with libstagefright and mediaserver vulnerabilities each month, as depicted in the chart below. This high volume of bug fixes in Android is both comforting and alarming.
Vulnerability discovery, disclosures, and patch management remain an integral part of improving the security of platforms such as Android. However, exploit mitigations can also increase the level of difficulty for exploitation by forcing the attacker to adapt their techniques. At Endgame, our Vulnerability Research & Prevention (VR&P) team is actively pursuing both models in order to help defend against exploitation. As an example of the latter approach, this post discusses how the performance monitoring unit (PMU) of certain ARM cores can be utilized to perform system-call monitoring. This hardware-assisted technique adds minimal performance overhead, avoids any requirement for patching the kernel, and offers a unique way to perform integrity checks on system-calls such as for ROP detection.
Hardware-Assisted Exploit Prevention
Over the past year, our VR&P team has been investigating an emerging area of exploit mitigation – the use of performance counters for hardware-assisted security solutions. Our exciting research on hardware-assisted control-flow integrity on the Intel architecture will be presented later this summer at BlackHat USA 2016. As a mobile security researcher at heart, I became curious about the applicability of our approach to the ARM architecture almost immediately upon starting our x86 research.
As it turns out, Intel x86 isn’t the only architecture that can count. ARM cores can count too! In fact, a performance monitoring unit (PMU) is quite common on many modern CPU architectures. I covered the adventures of reading ARM processor manuals [1,2] and researching performance counters on various ARM chipsets during my talk at REcon 2016 last week in Montreal, Canada titled “Hardware-Assisted Rootkits & Instrumentation: ARM Edition”. Much of my talk focused on using the PMU to enable instrumentation tools on ARM and discussing some offense-oriented use-cases such as rootkits. However, as with most findings in the InfoSec field, capabilities can often be utilized for either offensive or defensive purposes.
Much like the Intel PMU, the ARM PMU includes support for a number of general counters, architectural events, and a performance monitoring interrupt feature to signify a counter overflow. However, something interesting surfaced in the ARM reference manuals: the PMU on several Cortex-A and other custom ARM cores is able to count exceptions for each of the ARM exception vectors individually. By configuring hardware performance counters to overflow on every instance of the event, it is then possible to effectively trap each of these events via performance monitoring interrupt. The Supervisor Call (SVC) exception vector is utilized by many operating systems, including Android, to handle system calls. Trapping SVC instructions offers many interesting use-cases both for offense or defense.
EMET and Anti-ROP
Code reuse attacks such as Return-Oriented Programming (ROP) have been a staple of the attacker arsenal over the past decade. As such, anti-ROP products have become widespread in the PC market stemming from Microsoft’s BlueHat competition in 2012. Microsoft’s EMET (Enhanced Mitigation Experience Toolkit)  was one of the initial byproducts of the competition as it integrated many of the ROP detection techniques presented by one of the contestant winners. Since EMET launched, many third-party security vendors have added similar anti-ROP detections to their products.
One of the primary weaknesses in EMET and similar tools is that they rely on injecting code into each user-mode process that it protects. First, this actually increases the attack surface for code-reuse attacks given that it adds code and data to the process being attacked. Moreover, EMET bypasses have emerged that actually disarm protections by reusing injected code within EMET.dll. A second key challenge to user-mode anti-ROP protection is the fact that integrity checks are typically introduced by hooking critical API’s. ROP chains could jump past function prologues to avoid a hook point, and hooking every possible API is reminiscent of the old-fashioned arcade game Whac-a-Mole.
Anti-ROP integrity checks from the kernel have not been explored as often in Windows products likely due to kernel patch protection. However, being able to trap SVC instructions (system calls) on the ARM architecture without modifying the Exception Vector Table (EVT) or any portion of a kernel image opens up new possibilities. As a fun application of this ARM PMU research, I decided to implement an anti-ROP prototype loadable kernel module for Android without requiring any modifications to the running kernel by trapping all SVC instructions using only performance monitoring interrupts. The performance overhead of this solution was less than 5% on Android, and can monitor all system calls system-wide.
I put this prototype to the test by using it against the very popular libstagefright attack vector in Android. Thus, I pulled pieces of Stagefright exploit proof-of-concepts from Mark Brand of Project Zero and NorthBit’s Metaphor on CVE-2015-3864. Both ROP chains utilize the same stack pivot, and the pivot was easily detected on the mprotect or mmap calls. The video below depicts the outcome of the test.
While this is just a proof-of-concept, it hopefully demonstrates the potential for extending hardware-assisted exploit prevention techniques to the ARM architecture. Slides from my RECon talk can be found here. Be sure to check out our talk at BlackHat USA later this summer where our team will discuss and demonstrate our PMU research on the Intel architecture in order to detect and prevent control-flow hijacks in real-time.
- ARM, ARM Architecture Reference Manual: ARMv7-A and ARMv7-R edition.
- ARM, ARM Architecture Reference Manual: ARMv8, for ARMv8-A architecture profile.
- Microsoft, Enhanced Mitigation Experience Toolkit 5.5 User’s Guide, Jan 2016