-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-035 Product: Surface Mouse Manufacturer: Microsoft Affected Version(s): WS3-00002 Tested Version(s): WS3-00002 Vulnerability Type: Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-07-31 Solution Date: - Public Disclosure: 2019-10-10 CVE Reference: Not assigned yet Author of Advisory: Matthias Deeg (SySS GmbH) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: Microsoft Surface Mouse is a Bluetooth Low Energy (LE) mouse. The manufacturer describes the product as follows (see [1]): "Sculpted for your hand and designed for an elegantly simple work space, Mouse is the perfect partner to your docked Surface and Keyboard. It was designed to match the sleek aesthetic and exceptional performance of your Surface. The metal scroll wheel feels solid under your finger, and the shape of the body fits perfectly in your hand." Due to the insufficient protection of the flash memory of the mouse, an attacker with physical access has read and write access to the firmware and the used cryptographic key. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Mouse can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC [2] as the flash memory is not protected by the offered readback protection feature. Thus, an attacker with physical access to the mouse can simply read and write the nRF51822 flash memory contents and either extract the cryptographic key (Bluetooth LE Long Term Key), for instance to perform further attacks against the wireless communication, or modify the firmware. However, even if the readback protection of the nRF51822 was enabled, an attacker would be able to read and write the flash memory contents by bypassing the security feature as described in [3] and [4] with slightly more effort. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): SySS GmbH could successfully read the nRF51822 flash memory contents of the Microsoft Surface Mouse via the SWD interface using a SEGGER J-Link PRO [5] debug probe in combination with SEGGER J-Link Commander and extract the currently used cryptographic key (Long Term Key). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: According to Microsoft, the reported security issue does not meet the bar for servicing via a security update [6]. The described security issue may be fixed in future versions of the product. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2019-07-31: Vulnerability reported to manufacturer 2019-08-01: Microsoft confirms receipt of security advisory 2019-08-06: Microsoft responds that the reported issue does not meet the bar for servicing via a security update 2019-10-10: Public release of SySS security advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Product website for Microsoft Surface Mouse https://www.microsoft.com/en-us/store/d/surface-mouse/8qbtdr3q4rpw [2] nRF51822 Product Specification v3.1 https://infocenter.nordicsemi.com/pdf/nRF51822_PS_v3.1.pdf [3] Kris Brosch, Include Security, Firmware dumping technique for an ARM Cortex-M0 SoC, 2015 https://blog.includesecurity.com/2015/11/NordicSemi-ARM-SoC-Firmware-dumping-technique.html [4] Andrew Tierney, Pen Test Partners, NRF51822 code readout protection bypass - a how-to, 2018 https://www.pentestpartners.com/security-blog/nrf51822-code-readout-protection-bypass-a-how-to/ [5] Product website for Segger J-Link PRO https://www.segger.com/products/debug-probes/j-link/models/j-link-pro/ [6] Microsoft Vulnerability Severity Classification for Windows https://aka.ms/windowsbugbar [7] SySS Security Advisory SYSS-2019-035 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-035.txt [8] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAl2dwIIACgkQ2aS/ajSt TasRjg//frPEnvmBaMNuASaKCD4ZWqqIf0YCTbgz8RGogjhhF1zwPTr28LZ4ZLoD bclnPLKkmpDvRmKnQKRaxzKnzVB+WmV/ebT26Y4lTPoHT6EeBcVuTGoEM5mjoQ/8 W1a8Yo/PXnPCOJ3MCSc+fAPCkRrQRJJ91rcU3UCubIwS6NNAVtfZqcaBo+sKPdVD 1UflnpJxomzf0ls0bXfAdAMC5AOM10yOwGkABiIOujEdZN70iSvlUaUfu7yIbIL3 qAoCWl/EqBVt89Dqj7yspElOVTklVqj/iMkQKdcz0uaQtfJslnWAptgyiUz5aCF1 o1hYFpOAqH5O7cMHk2jrAxH/LMSX1mNB2RvCrWCoEA1K8tbI9oL1kYH0moWPjeoq PRjznP1qyDC5KyxsDo5m+momVsLVarErLqN4fzplB8MNGxqAFyEfxnEC6N0qNxjq O360sWcwOsupwQMHVM0fuwUPURzBEH3Lz/xVBd6fPE9ty2e2jVo4AYOJPh4PEvky D1s3Mv391P2s9JVewqzgXss6RwPHb9Mf3e+6FhqPhjLfQ+lM2lpt/kPkDJFX0zGD H5Z2RMG68gj188zzrh25zkWJvKeFp68dcBu++axKrIxeTQrH5aRo7FvtOLKnI/ch Ei/RTaylMZpYtHzf7tJcgf0pnOeJySx3kxvy1OHJPWrvvqIw3as= =V4eO -----END PGP SIGNATURE-----