Apple's Mac EFI found vulnerable to bootkit attack via rogue Thunderbolt devices

Posted:
in Current Mac Hardware edited December 2014
At next week's Chaos Communication Congress in Germany, a researcher will demonstrate a method in which a malicious actor could use a specially-crafted Thunderbolt device to inject a bootkit -- which could survive nearly any attempt to remove it --?into the EFI boot ROM of any Mac with a Thunderbolt port.




The attack, discovered by researcher Trammell Hudson, takes advantage of a years-old flaw in the Thunderbolt Option ROM that was first disclosed in 2012 but is yet to be patched. In addition to writing custom code to the boot ROM, Hudson will also show a method by which the bootkit could replicate itself to any attached Thunderbolt device, giving it the ability to spread across even air-gapped networks.

Because the code lives in a separate ROM on the logic board, such an attack could not be mitigated by reinstalling OS X or even swapping out the hard drive. In the abstract for his presentation, Hudson also notes that he could replace Apple's own cryptographic key with a new one, preventing legitimate firmware updates from being accepted.

"There are neither hardware nor software cryptographic checks at boot time of firmware validity, so once the malicious code has been flashed to the ROM, it controls the system from the very first instruction," he wrote. "It could use SMM and other techniques to hide from attempts to detect it."

Vulnerabilities at such a low level are particularly troubling, as they are difficult to detect and can do significant damage. One previous demonstration of EFI hacking laid out a manner in which full-disk encryption systems such as Apple's FileVault could be bypassed with a bootkit, for instance.

Though Hudson's attack does require physical access, its ability to spread through other Thunderbolt devices makes it nonetheless quite dangerous. Users have a propensity to plug small, shared devices -- such as display adapters -- into their computers with little thought.

Hudson will take the stage to present his findings on Dec. 29 at 6:30 p.m. local time in Hamburg, Germany.
«1

Comments

  • Reply 1 of 22
    I'm glad these guys are finding these strange little back doors so Apple can lock them up with future updates. I'm not too worried about this one since it requires physical access.
  • Reply 2 of 22
    Come on APPLE! This was discovered in 2012 and you haven't fixed it YET???
  • Reply 3 of 22
    1) Chance of being an issue are pretty virtually nonexistent but nonetheless this is still a major vulnerability.

    2) I'm curious how a drive with an EFI bootkit that is installed after the drive was encrypted.

    3) I assume that disabling your TB ports in System Preferences » Network is far too high a layer to be of any help here.
  • Reply 4 of 22
    I sure hope he informed Apple of this before going public.
  • Reply 5 of 22
    rob53rob53 Posts: 3,241member
    This is a thunderbolt ROM issue, which I believe is something Apple buys and doesn't code themselves. It's like the USB issue. Apple can't fix that issue either. Intel is responsible for fixing both and they haven't.
  • Reply 6 of 22
    sflocalsflocal Posts: 6,092member
    Quote:

    Originally Posted by wwelsh39 View Post



    Come on APPLE! This was discovered in 2012 and you haven't fixed it YET???



    Yeah, cuz we KNOW there are tons of rogue thunderbolt devices out there... *rolls eyes*

  • Reply 7 of 22
    crowleycrowley Posts: 10,453member
    Quote:

    Originally Posted by sflocal View Post

     



    Yeah, cuz we KNOW there are tons of rogue thunderbolt devices out there... *rolls eyes*




    Malicious hackers could play on the novelty - "oh look, a Thunderbolt device, never seen one of those before, sure I'll try it out..."

     

    :D

  • Reply 8 of 22
    Originally Posted by wwelsh39 View Post

    Come on APPLE! This was discovered in 2012 and you haven't fixed it YET???

     

    Shut up already.

  • Reply 9 of 22
    Quote:

    Originally Posted by SolipsismY View Post



    2) I'm curious how a drive with an EFI bootkit that is installed after the drive was encrypted.



    Re: #2. I'm assuming since it can replace the key, it can do pretty much whatever it wants. I.e. put it's own key in place so any security check succeeds because it's your own key. Just my thought.

  • Reply 10 of 22
    sflocalsflocal Posts: 6,092member
    Quote:

    Originally Posted by wwelsh39 View Post



    Come on APPLE! This was discovered in 2012 and you haven't fixed it YET???

     

     

    Quote:

    Originally Posted by Tallest Skil View Post

     

     

    Shut up already.




    That guy is just being a pr!ck.  His prior posts proves that.

  • Reply 11 of 22
    jkichlinejkichline Posts: 1,369member
    Quote:

    Originally Posted by wwelsh39 View Post



    Come on APPLE! This was discovered in 2012 and you haven't fixed it YET???



    Because there are so many rogue Thunderbolt devices out there in the wild. If you're dumb enough to buy some cheap, Thunderbolt device without any certifications, then you probably deserve to get hacked. I would assume that Apple and Intel requires devices to be certified to be sold and if they are not, they can't be purchased through normal channels.  It's the same deal if you use some cheap charger and your phone catches on fire or you get electrocuted. You can't blame the computer or phone manufacturer... only the no-name, white label company with zero accountability, or your ow, dumb self.

  • Reply 12 of 22

     "will demonstrate a method in which a malicious actor could use a specially-crafted Thunderbolt device to inject a bootkit"

     

    Cant see Tom Cruise or Charlie Sheen being too interested in crafting a TB device

     

    ;-)

  • Reply 13 of 22
    The only control Apple has over this is to put pressure on Intel to fix the issue. The ROM chip and the code in it is from Intel.

    Just to be fair, these chips are also used in Windows machines that have Thunderbolt ports, and I assume that the same issues apply.
  • Reply 14 of 22
    rob53 wrote: »
    This is a thunderbolt ROM issue, which I believe is something Apple buys and doesn't code themselves. It's like the USB issue. Apple can't fix that issue either. Intel is responsible for fixing both and they haven't.

    Well, if a rogue thunderbolt device can change the ROM in such a way that it can protect itself from being removed, then Apple sure can do something similar but legit.
  • Reply 15 of 22
    crowleycrowley Posts: 10,453member
    Quote:

    Originally Posted by jkichline View Post

     

     If you're dumb enough to buy some cheap, Thunderbolt device


    Good luck!

  • Reply 16 of 22
    jfc1138jfc1138 Posts: 3,090member

    I'm just hoping all those nice shiny Macs in the photos of North Korea's dear leader in his "war room" have Thunderbolt ports.....

  • Reply 17 of 22

    Firewire devices have had similar issues [devices get to DMA to memory in the host computer, what could go wrong?].

  • Reply 18 of 22
    g-newsg-news Posts: 1,107member

    The original FW iPod could be equipped with a special OS that would crack any Windows machine within seconds by directly overwriting the relevant memory portion for the login process. DMA has it's risks, that is nothing new and also one of the main reasons computer security also must include physical access security.

  • Reply 19 of 22
    Quote:

    Originally Posted by jkichline View Post

     

    If you're dumb enough to buy some cheap, Thunderbolt device without any certifications, then you probably deserve to get hacked. 


     

    What good is whole disk encryption if it can be defeated using a Thunderbolt device?

  • Reply 20 of 22
    MarvinMarvin Posts: 15,310moderator
    freediverx wrote: »
    What good is whole disk encryption if it can be defeated using a Thunderbolt device?

    It can't be defeated by the device, it would just be running a keylogger at boot time. You can defeat whole disk encryption the same way if you even login to your computer in sight of a security camera as it can detect which keys you press. That's why Snowden would login to his computer under a cover in his hotel room in case someone had put hidden cameras in there.

    The biggest threat with this vulnerability would be one person specifically targeting a computer e.g government security agency intercepting a Thunderbolt device being sent to a suspected criminal, installing the rogue firmware with a keylogger. Then when the criminal is busted and thinks the drives are all locked down, they just decrypt all the drives and convict them. That has happened to a computer hacker who had all his drives encrypted but the feds managed to decrypt all of them.

    For this to be a problem on a wide scale would really require someone to install the rogue firmware on products they were selling and then try to sell enough rogue products to be able to get a suitable target. People buying cheap Thunderbolt devices are probably not going to be suitable targets. Apple might be able to do some damage limitation by limiting what external IO firmware code can do to the rest of the system.
Sign In or Register to comment.