Apple's Mac EFI found vulnerable to bootkit attack via rogue Thunderbolt devices



  • Reply 21 of 22
    Marvin wrote: »
    For this to be a problem on a wide scale would really require someone to install the rogue firmware on products they were selling and then try to sell enough rogue products to be able to get a suitable target. People buying cheap Thunderbolt devices are probably not going to be suitable targets. Apple might be able to do some damage limitation by limiting what external IO firmware code can do to the rest of the system.

    OT: It would be great if there was a non-profit or government organization that would independently test random CE devices from various models from vendors and retailers to check for a suite of known vulnerabilities out of the box. This TB issue isn't really one to check for until there is a patch in place to make sure the next shipping models have it installed, but there are plenty of OS-level and higher security issues we see popping up in places, like major retailers, where one should expect backdoors, viruses, and other malware not to be installed. A 21st century Consumer Reports, so to speak.
  • Reply 22 of 22

    Originally Posted by jkichline View Post


    Because there are so many rogue Thunderbolt devices out there in the wild. If you're dumb enough to buy some cheap, Thunderbolt device without any certifications, then you probably deserve to get hacked.


    Actually, there are plenty of cheap devices out there that plug into Thunderbolt devices, since it shares the same physical connector with Mini DisplayPort. And while someone might scoff at getting an uncertified Thunderbolt device, most people wouldn't really give much thought to a cheap Mini DisplayPort to VGA adapter for that occasional time they need to connect to a projector.  Also most people wouldn't give much thought to using the adapter that was already plugged into that projector either.


    Once you start going down that path, it's not hard to imagine someone crafting up a display adapter that uses Thunderbolt instead of MDP and is capable of exploiting whatever machine is connected up to it.  Someone even more clever could probably even make it so that it works with MDP ports as well (without the exploit functionality) making it even harder to tell what's going on.


    Now do I expect that I will run into something like this on my machines? Probably not. But depending on what industry you work in, you might want to be careful about plugging in random display adapters or other Thunderbolt devices into your Macs until Apple and/or Intel address this issue. The rest of us will probably never have to worry about this.

Sign In or Register to comment.