Slashdot Mirror
First OSX Bootkit Revealed
Trailrunner7 writes A vulnerability at the heart of Apple's Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac. The research is the work of a reverse engineering hobbyist and security researcher named Trammel Hudson, who gave a talk at the recent 31C3 event in Hamburg, Germany, during which he described an attack he called Thunderstrike. Thunderstrike is a Mac OS X bootkit delivered either through direct access to the Apple hardware (at the manufacturer or in transport), or via a Thunderbolt-connected peripheral device; the latter attack vector exposes vulnerable systems to Evil Maid attacks, or state-sponsored attacks where laptops are confiscated and examined in airports or border crossings, for example.
Hudson's bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple's RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker's key. The attack also disables the loading of further Option ROMs, closing that window of opportunity.
Hudson's bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple's RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker's key. The attack also disables the loading of further Option ROMs, closing that window of opportunity.
Then so can Apple.
From their reaction pushing out an automatically installed security patch for the recent NTP vulnerability, I'm hoping that Apple will furnish a patch before this ever becomes more than a Blackhat proof of concept.
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
Sorry to reply to myself, but after reading the full details on this vulnerability it's not like the previous Thunderbolt exploits I've seen, and my prior advice may not be sufficient protection.
It uses a string of vulnerabilities to flash itself into the firmware using Diagnostic Mode, which exists outside the protection of FileVault. To fully secure yourself you probably need to set a firmware password... not as easy as turning on FileVault, but it should only take a couple minutes on a modern Mac: instructions
Hopefully Apple will take steps to close the vulnerabilities but it's not likely to affect many people; it requires prolonged physical access to the machine, multiple reboots and connection of hardware, and finally the cooperation of the user (logging in again) for the attacker to steal any useful information. Virtually any machine could be compromised under the same circumstances.
How can I believe you when you tell me what I don't want to hear?