Read It Twice! A Mass-Storage-Based TOCTTOU Attack
نویسندگان
چکیده
Consumer electronics and embedded devices often allow the installation of applications and firmware upgrades from user-provided mass-storage devices. To protect the integrity of these devices and the associated electronic markets, the software packages are protected by cryptographic signatures. The software installation code assumes that files on attached mass-storage devices cannot change while the storage device is connected. The software installation is therefore not bound to the file integrity check, thus laying the foundations for a time-of-check-to-time-of-use (TOCTTOU) attack. This work presents a TOCTTOU attack via externally attached mass-storage devices. The attack is based on emulating a mass-storage device to observe and alter file access from the consumer device. The TOCTTOU attack is executed by providing different file content to the check and installation code of the target device, respectively. The presented attack effectively bypasses the file content inspection, resulting in the execution of rogue code on the device.
منابع مشابه
File-based Race Condition Attacks on Multiprocessors Are Practical Threat
TOCTTOU (Time-of-Check-to-Time-of-Use) attacks exploit race conditions in file systems. Although TOCTTOU attacks have been known for 30 years, they have been considered “low risk” due to their typically low probability of success, which depends on fortuitous interleaving between the attacker and victim processes. For example, recent discovery of TOCTTOU vulnerability in vi showed a success rate...
متن کاملModeling and preventing TOCTTOU vulnerabilities in Unix-style file systems
TOCTTOU (Time-of-Check-To-Time-Of-Use) is a file-based race condition in Unix-style systems and characterized by a pair of file object access by a vulnerable program: a check operation establishes certain condition about the file object (e.g., the file exists), followed by a use operation that assumes that the established condition still holds. Due to the lack of support for transactions in Uni...
متن کاملPortably Solving File TOCTTOU Races with Hardness Amplification
The file-system API of contemporary systems makes programs vulnerable to TOCTTOU (time of check to time of use) race conditions. Existing solutions either help users to detect these problems (by pinpointing their locations in the code), or prevent the problem altogether (by modifying the kernel or its API). The latter alternative is not prevalent, and the former is just the first step: programm...
متن کاملTape Group Parity Protection
We propose a new method of ensuring the redundant storage of information on tertiary storage, especially tape storage. Conventional methods for redundant data storage on tape include mirroring (storing the data twice) and Redundant Arrays of Inexpensive Tapes (RAIT). Mirroring incurs high storage costs, while RAIT is inflexible because special hardware is used and all tapes in a stripe must be ...
متن کاملFixing Races for Fun and Profit: How to Abuse atime
Dean and Hu proposed a probabilistic countermeasure to the classic access(2)/open(2) TOCTTOU race condition in privileged Unix programs [4]. In this paper, we describe an attack that succeeds with very high probability against their countermeasure. We then consider a stronger randomized variant of their defense and show that it, too, is broken. We conclude that access(2) must never be used in p...
متن کامل