Apple's Mac EFI found vulnerable to bootkit attack via rogue Thunderbolt devices
At next week's Chaos Communication Congress in Germany, a researcher will demonstrate a method in which a malicious actor could use a specially-crafted Thunderbolt device to inject a bootkit -- which could survive nearly any attempt to remove it --?into the EFI boot ROM of any Mac with a Thunderbolt port.
The attack, discovered by researcher Trammell Hudson, takes advantage of a years-old flaw in the Thunderbolt Option ROM that was first disclosed in 2012 but is yet to be patched. In addition to writing custom code to the boot ROM, Hudson will also show a method by which the bootkit could replicate itself to any attached Thunderbolt device, giving it the ability to spread across even air-gapped networks.
Because the code lives in a separate ROM on the logic board, such an attack could not be mitigated by reinstalling OS X or even swapping out the hard drive. In the abstract for his presentation, Hudson also notes that he could replace Apple's own cryptographic key with a new one, preventing legitimate firmware updates from being accepted.
"There are neither hardware nor software cryptographic checks at boot time of firmware validity, so once the malicious code has been flashed to the ROM, it controls the system from the very first instruction," he wrote. "It could use SMM and other techniques to hide from attempts to detect it."
Vulnerabilities at such a low level are particularly troubling, as they are difficult to detect and can do significant damage. One previous demonstration of EFI hacking laid out a manner in which full-disk encryption systems such as Apple's FileVault could be bypassed with a bootkit, for instance.
Though Hudson's attack does require physical access, its ability to spread through other Thunderbolt devices makes it nonetheless quite dangerous. Users have a propensity to plug small, shared devices -- such as display adapters -- into their computers with little thought.
Hudson will take the stage to present his findings on Dec. 29 at 6:30 p.m. local time in Hamburg, Germany.
The attack, discovered by researcher Trammell Hudson, takes advantage of a years-old flaw in the Thunderbolt Option ROM that was first disclosed in 2012 but is yet to be patched. In addition to writing custom code to the boot ROM, Hudson will also show a method by which the bootkit could replicate itself to any attached Thunderbolt device, giving it the ability to spread across even air-gapped networks.
Because the code lives in a separate ROM on the logic board, such an attack could not be mitigated by reinstalling OS X or even swapping out the hard drive. In the abstract for his presentation, Hudson also notes that he could replace Apple's own cryptographic key with a new one, preventing legitimate firmware updates from being accepted.
"There are neither hardware nor software cryptographic checks at boot time of firmware validity, so once the malicious code has been flashed to the ROM, it controls the system from the very first instruction," he wrote. "It could use SMM and other techniques to hide from attempts to detect it."
Vulnerabilities at such a low level are particularly troubling, as they are difficult to detect and can do significant damage. One previous demonstration of EFI hacking laid out a manner in which full-disk encryption systems such as Apple's FileVault could be bypassed with a bootkit, for instance.
Though Hudson's attack does require physical access, its ability to spread through other Thunderbolt devices makes it nonetheless quite dangerous. Users have a propensity to plug small, shared devices -- such as display adapters -- into their computers with little thought.
Hudson will take the stage to present his findings on Dec. 29 at 6:30 p.m. local time in Hamburg, Germany.
Comments
2) I'm curious how a drive with an EFI bootkit that is installed after the drive was encrypted.
3) I assume that disabling your TB ports in System Preferences » Network is far too high a layer to be of any help here.
Come on APPLE! This was discovered in 2012 and you haven't fixed it YET???
Yeah, cuz we KNOW there are tons of rogue thunderbolt devices out there... *rolls eyes*
Yeah, cuz we KNOW there are tons of rogue thunderbolt devices out there... *rolls eyes*
Malicious hackers could play on the novelty - "oh look, a Thunderbolt device, never seen one of those before, sure I'll try it out..."
Shut up already.
2) I'm curious how a drive with an EFI bootkit that is installed after the drive was encrypted.
Re: #2. I'm assuming since it can replace the key, it can do pretty much whatever it wants. I.e. put it's own key in place so any security check succeeds because it's your own key. Just my thought.
Come on APPLE! This was discovered in 2012 and you haven't fixed it YET???
Shut up already.
That guy is just being a pr!ck. His prior posts proves that.
Come on APPLE! This was discovered in 2012 and you haven't fixed it YET???
Because there are so many rogue Thunderbolt devices out there in the wild. If you're dumb enough to buy some cheap, Thunderbolt device without any certifications, then you probably deserve to get hacked. I would assume that Apple and Intel requires devices to be certified to be sold and if they are not, they can't be purchased through normal channels. It's the same deal if you use some cheap charger and your phone catches on fire or you get electrocuted. You can't blame the computer or phone manufacturer... only the no-name, white label company with zero accountability, or your ow, dumb self.
"will demonstrate a method in which a malicious actor could use a specially-crafted Thunderbolt device to inject a bootkit"
Cant see Tom Cruise or Charlie Sheen being too interested in crafting a TB device
;-)
Just to be fair, these chips are also used in Windows machines that have Thunderbolt ports, and I assume that the same issues apply.
Well, if a rogue thunderbolt device can change the ROM in such a way that it can protect itself from being removed, then Apple sure can do something similar but legit.
If you're dumb enough to buy some cheap, Thunderbolt device
Good luck!
I'm just hoping all those nice shiny Macs in the photos of North Korea's dear leader in his "war room" have Thunderbolt ports.....
Firewire devices have had similar issues [devices get to DMA to memory in the host computer, what could go wrong?].
The original FW iPod could be equipped with a special OS that would crack any Windows machine within seconds by directly overwriting the relevant memory portion for the login process. DMA has it's risks, that is nothing new and also one of the main reasons computer security also must include physical access security.
If you're dumb enough to buy some cheap, Thunderbolt device without any certifications, then you probably deserve to get hacked.
What good is whole disk encryption if it can be defeated using a Thunderbolt device?
It can't be defeated by the device, it would just be running a keylogger at boot time. You can defeat whole disk encryption the same way if you even login to your computer in sight of a security camera as it can detect which keys you press. That's why Snowden would login to his computer under a cover in his hotel room in case someone had put hidden cameras in there.
The biggest threat with this vulnerability would be one person specifically targeting a computer e.g government security agency intercepting a Thunderbolt device being sent to a suspected criminal, installing the rogue firmware with a keylogger. Then when the criminal is busted and thinks the drives are all locked down, they just decrypt all the drives and convict them. That has happened to a computer hacker who had all his drives encrypted but the feds managed to decrypt all of them.
For this to be a problem on a wide scale would really require someone to install the rogue firmware on products they were selling and then try to sell enough rogue products to be able to get a suitable target. People buying cheap Thunderbolt devices are probably not going to be suitable targets. Apple might be able to do some damage limitation by limiting what external IO firmware code can do to the rest of the system.