Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks

Overview

The Replay Protected Memory Block (RPMB) protocol found in several storage specifications does not securely protect against replay attacks. An attacker with physical access can deceive a trusted component about the status of an RPBM write command or the content of an RPMB area.

Description

The RPMB protocol “…enables a device to store data in a small, specific area that is authenticated and protected against replay attack.” RPMB is most commonly found in mobile phones and tablets using flash storage technology such as eMMC, UFS, and NVMe. The RPMB protocol allows an attacker to replay stale write failure messages and write commands, leading to state confusion between a trusted component and the contents of an RPMB area. Additional details are available in Replay Attack Vulnerabilities in RPMB Protocol Applications.

Impact

An attacker with physical access to a device can cause a mismatch between the write state or contents of the RPMB area and a trusted component of the device. These mismatches can lead to the trusted component believing a write command failed when in fact it succeeded, or the trusted component believing that certain content was written when in fact different content (unmodified by the attacker) was written. Further implications depend on the specific device and use of RPMB. At least one affected vendor has confirmed that denial of service

Solution

Please see the Vendor Information section below. Further vendor information is available in Replay Attack Vulnerabilities in RPMB Protocol Applications.

Acknowledgements

Rotem Sela and Brian Mastenbrook of Western Digital identified this vulnerability. Western Digital coordinated its disclosure with the affected vendors. Thanks Western Digital PSIRT!

This document was written by Eric Hatleback.

Vendor Information

231329

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Google Affected

Updated: 2020-11-10 CVE-2020-0436	Affected
CVE-2020-12355	Not Affected CVE-2020-13799

Vendor Statement

We have not received a statement from the vendor.

Intel Affected

Updated: 2020-11-10 CVE-2020-0436	Not Affected
CVE-2020-12355	Affected CVE-2020-13799

Vendor Statement

We have not received a statement from the vendor.

MediaTek Affected

Updated: 2020-11-10 CVE-2020-0436	Not Affected
CVE-2020-12355	Not Affected CVE-2020-13799

Vendor Statement

We have not received a statement from the vendor.

Western Digital Technologies Not Affected

Notified: 2020-11-05 Updated: 2020-11-16 CVE-2020-0436	Not Affected
CVE-2020-12355	Not Affected CVE-2020-13799

Vendor Statement

We have not received a statement from the vendor.

References

• <https://www.westerndigital.com/support/productsecurity/wdc-20008-replay-attack-vulnerabilities-rpmb-protocol-applications&gt;
• <https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-replay-protected-memory-block-protocol-vulernabilities.pdf&gt;
• <https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-emmc-security.pdf&gt;
• <https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html&gt;

Other Information

CVE IDs:	CVE-2020-0436 CVE-2020-12355 CVE-2020-13799
Date Public:	2020-11-10 Date First Published: