First OSX Bootkit Revealed

← Back to Stories (view on slashdot.org)

Posted by samzenpus on Thursday January 8, 2015 @10:32AM from the protect-ya-neck dept.

Trailrunner7 writes A vulnerability at the heart of Apple's Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac. The research is the work of a reverse engineering hobbyist and security researcher named Trammel Hudson, who gave a talk at the recent 31C3 event in Hamburg, Germany, during which he described an attack he called Thunderstrike. Thunderstrike is a Mac OS X bootkit delivered either through direct access to the Apple hardware (at the manufacturer or in transport), or via a Thunderbolt-connected peripheral device; the latter attack vector exposes vulnerable systems to Evil Maid attacks, or state-sponsored attacks where laptops are confiscated and examined in airports or border crossings, for example.

Hudson's bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple's RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker's key. The attack also disables the loading of further Option ROMs, closing that window of opportunity.

86 of 135 comments (clear)

Min score:

Reason:

Sort:

If the rootkit can close the hole by phayes · 2015-01-08 10:38 · Score: 5, Interesting

Then so can Apple.
From their reaction pushing out an automatically installed security patch for the recent NTP vulnerability, I'm hoping that Apple will furnish a patch before this ever becomes more than a Blackhat proof of concept.

--
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
1. Re:If the rootkit can close the hole by c · 2015-01-08 10:52 · Score: 5, Insightful
  
  Then so can Apple.
  More usefully, it sounds like the owner of the machine itself can patch it such that any Option ROMs need to be signed with their own private key rather than Apple's.
  
  --
  Log in or piss off.
2. Re:If the rootkit can close the hole by _merlin · 2015-01-08 13:20 · Score: 1
  
  If you stop option ROMs from loading, you can say goodbye to using external SAS adaptors, bootable NICs, etc. It might be OK if all you ever plug in is external displays, but you'd lose all sorts of functionality.
3. Re:If the rootkit can close the hole by rthille · 2015-01-08 13:35 · Score: 1
  
  Only if they (Apple) patch it before the machine is rooted.
  
  --
  Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
4. Re:If the rootkit can close the hole by rthille · 2015-01-08 13:36 · Score: 1
  
  You just stop option ROMs from loading when you're patching the firmware.
  
  --
  Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
5. Re:If the rootkit can close the hole by sjames · 2015-01-08 20:38 · Score: 2
  
  The vulnerability only exists when the machine is booting in a special flash mode. Otherwise, the flash chip is locked making writes impossible until a reset happens before the option ROMS get run.
  So only flash mode needs to disable the option ROMs. A normal boot can use them without risk of a re-flash.
6. Re:If the rootkit can close the hole by phayes · 2015-01-08 22:28 · Score: 3, Insightful
  
  If you would take the time to actually read TFA (yeah I know, heresy), you'd know that Apple has already addressed the vulnerability in recent minis & iMacs so the window is already closing.
  Added to that, you need the exploit (which is closely held at present) & physical access to the Mac. This rootkit is extremely unlikely to be a problem for anyone.
  
  --
  Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
7. Re:If the rootkit can close the hole by c · 2015-01-13 02:51 · Score: 1
  
  If you stop option ROMs from loading, you can say goodbye to using external ...
  Would it really be so terrible if the owner of the hardware could decide whether or not their device supported that kind of thing, or even which specific things it supported?
  
  --
  Log in or piss off.
8. Re:If the rootkit can close the hole by rthille · 2015-01-13 11:07 · Score: 1
  
  I'd actually read the article before it hit slashdot.
  Interestingly, why have they only patched it on recent hardware, when a software update (IIRC) could roll it out to most/all hardware?
  
  --
  Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
Thunderbolt seems inherently insecure by mattventura · 2015-01-08 10:40 · Score: 4, Insightful

From what I understand, thunderbolt is essentially an external PCIe interface. That's inherently insecure. It was bad enough that Firewire gave devices DMA access, but with PCIe it will probably be 10x worse.
1. Re:Thunderbolt seems inherently insecure by DaHat · 2015-01-08 10:54 · Score: 1
  
  Correct... and yes, yes it is: https://www.youtube.com/watch?...
  At least on a PC (which lacks Thunderbolt), opening the PC is required to exploit that vector... though there are still others... and many of them work without the need for any driver support.
  
  --
  Help Brendan pay off his student loans
2. Re:Thunderbolt seems inherently insecure by Carewolf · 2015-01-08 12:01 · Score: 1
  
  From what I understand, thunderbolt is essentially an external PCIe interface. That's inherently insecure. It was bad enough that Firewire gave devices DMA access, but with PCIe it will probably be 10x worse.
  Not bad for a desktop (assuming you don't encrypt your disks either), but a terrible idea on a laptop, and especially if you support encryption out the box. What is the point of encryption when you give even faster access to unencrypted memory with a convinient external port?
3. Re:Thunderbolt seems inherently insecure by Anonymous Coward · 2015-01-08 12:07 · Score: 2, Insightful
  
  And how is that any different from the PCMCIA / CardBus slots of the past? They were basically direct attachments to the peripheral bus too, but I guess back then nobody cared about these kinds of attacks, and it wasn't predominantly Apple using those expansions.
4. Re:Thunderbolt seems inherently insecure by mattventura · 2015-01-08 12:17 · Score: 1
  
  On a desktop, I don't think it would be a problem. If you had a rather standard encryption scheme where you enter your passphrase on boot, it wouldn't be exploitable because someone would have to shut down the machine, stick a PCIe card in, and then boot again, thus losing the encryption key until it is entered again. It's just that laptops tend to have to have more exploitable interfaces that support hotplugging (like ExpressCard and Thunderbolt) whereas a desktop at most might have Firewire.
  
  I'm surprised nobody has engineered a DMA exploit over SATA, considering it's hotpluggable and rather ubiquitous.
5. Re:Thunderbolt seems inherently insecure by mattventura · 2015-01-08 12:23 · Score: 2
  
  It's no different than doing the exact same thing over Firewire, but it's a lot easier to hide an exploit in plain sight. When you exploit over something like Firewire or Thunderbolt, it could be a simple "Hey, can I charge my iPhone?". I remember an old exploit that you could do using one of the ancient Firewire iPods. That's a lot different than "Hey, can I plug this random card into your computer?" when you want to do it over CardBus or ExpressCard.
6. Re:Thunderbolt seems inherently insecure by Lumpy · 2015-01-08 13:08 · Score: 1
  
  No not really. I can modify the Bios from the OS on most PC motherboards.
  
  --
  Do not look at laser with remaining good eye.
7. Re:Thunderbolt seems inherently insecure by Anonymous Coward · 2015-01-08 19:36 · Score: 1
  
  Apple now uses IOMMU to protect against DMA attacks. With it a Thunderbolt device cannot access memory it hasn't been granted. I believe Microsoft does the same with Window now as well.
8. Re:Thunderbolt seems inherently insecure by sjames · 2015-01-08 20:50 · Score: 1
  
  IIRC, a SATA drive cannot initiate a DMA.
9. Re:Thunderbolt seems inherently insecure by sjames · 2015-01-08 20:55 · Score: 1
  
  It's been done.
  Some machines have a hardware jumper that must be set to allow flashing the BIOS. They all should.
Turn on FileVault by pushing-robot · 2015-01-08 10:49 · Score: 4, Informative

FileVault 2 disables DMA over FireWire/Thunderbolt when no user is logged in or the machine is locked.
If you want an extra layer of security, execute this command:
sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25
...and your Mac will erase its decryption key from RAM every time it goes to sleep.

--
How can I believe you when you tell me what I don't want to hear?
1. Re:Turn on FileVault by DaHat · 2015-01-08 10:55 · Score: 1
  
  Is FileVault 2 enabled out of the box? If not... it's too late for most users.
  
  --
  Help Brendan pay off his student loans
2. Re:Turn on FileVault by vux984 · 2015-01-08 11:01 · Score: 1
  
  And what about when the machine is unlocked?
3. Re:Turn on FileVault by DaHat · 2015-01-08 11:01 · Score: 3, Insightful
  
  You now know about this issue and can do it to your Macs... and that of your family & friends... but what about all of those people who do not have a person like you? How do they get the fix?
  Short of a mandatory update that is pushed down even on devices that opt out of automatic updates... how do you propose to push such a change?
  So yes... too late. If the device leaves the factory in an insecure state, a significant number of units are basically guarenteed to remain that way until they are decommissioned years from now.
  
  --
  Help Brendan pay off his student loans
4. Re:Turn on FileVault by pushing-robot · 2015-01-08 11:08 · Score: 1
  
  During the Mac OOBE it prompts you to turn it on.
  And if you *don't* encrypt your hard drive or set a firmware password, it's not like anyone with physical access needs a fancy thunderbolt bootkit to compromise your PC.
  
  --
  How can I believe you when you tell me what I don't want to hear?
5. Re:Turn on FileVault by pushing-robot · 2015-01-08 11:34 · Score: 5, Interesting
  
  Sorry to reply to myself, but after reading the full details on this vulnerability it's not like the previous Thunderbolt exploits I've seen, and my prior advice may not be sufficient protection.
  It uses a string of vulnerabilities to flash itself into the firmware using Diagnostic Mode, which exists outside the protection of FileVault. To fully secure yourself you probably need to set a firmware password... not as easy as turning on FileVault, but it should only take a couple minutes on a modern Mac: instructions
  Hopefully Apple will take steps to close the vulnerabilities but it's not likely to affect many people; it requires prolonged physical access to the machine, multiple reboots and connection of hardware, and finally the cooperation of the user (logging in again) for the attacker to steal any useful information. Virtually any machine could be compromised under the same circumstances.
  
  --
  How can I believe you when you tell me what I don't want to hear?
6. Re:Turn on FileVault by pushing-robot · 2015-01-08 11:49 · Score: 1
  
  Then the attacker types cp -R / /Volumes/NSA\ Data\ VacuumTM/
  
  --
  How can I believe you when you tell me what I don't want to hear?
7. Re:Turn on FileVault by l0ungeb0y · 2015-01-08 12:07 · Score: 1
  
  Thank god I enabled FileVault on my shiny new MBP the day I got it. I'll research your recommended CLI command -- but from what I can make of it, it looks good.
8. Re:Turn on FileVault by Em+Adespoton · 2015-01-08 12:44 · Score: 1
  
  You now know about this issue and can do it to your Macs... and that of your family & friends... but what about all of those people who do not have a person like you? How do they get the fix?
  Short of a mandatory update that is pushed down even on devices that opt out of automatic updates... how do you propose to push such a change?
  So yes... too late. If the device leaves the factory in an insecure state, a significant number of units are basically guarenteed to remain that way until they are decommissioned years from now.
  You don't seem to understand The Apple Way. Apple users in general don't disable automatic updates.
  However, on Macs, some security updates are pushed to the systems as you describe. And beyond that, Apple has XProtect, which can push out-of-band updates even faster. This can be a headache for rolling macs out to the enterprise, as Apple sometimes (rarely) pushes fixes that local IT isn't prepared for.
  Added to that, automatic updates are rarely avoided by Mac users.
  Who these things will really affect are the users who went to EOL on a previous OS version (10.6 mostly, as 10.7+ users should all have no problems updating through to 10.10) that no longer receives security updates. 10.4-10.6 users for example are left having to install the ntpd patch via MacPorts because Apple hasn't published a security patch for them (although they've provided the source to do it yourself). The firmware issue is much less of a problem to fix for anyone who *turns off* automatic updates.
9. Re:Turn on FileVault by AHuxley · 2015-01-08 12:56 · Score: 1
  
  Once control over a computer is lost, any actions during daily use can be networked.
  The users computer loads some extra new software and is now more networked. A wide open path with access to load and then update any software.
  Any use of any data stored or encrypted is then opened to any new logging or spyware installed as the user would do during normal use. New logging or spyware installed with the same everyday accounts and applications in use. Antivirus or an outgoing software firewall would just be told to allow a new spyware application.
  Once any encrypted data is opened and worked on, every action and change can be sent out.
  Would a user notice? Would a third party software firewall offer a strong alert to a flow out of data from an application it was told was safe?
  
  --
  Domestic spying is now "Benign Information Gathering"
10. Re:Turn on FileVault by bugnuts · 2015-01-08 21:56 · Score: 1
  
  One of the big issues is recently "I'm going to scan your computer" stops at the border.
  They can simply attached a thunderbolt drive and completely own your computer and there's not a thing you can do.
11. Re:Turn on FileVault by vux984 · 2015-01-09 07:01 · Score: 1
  
  You simply take out your sidearm and shoot them as they sneak up and attempt to plug their Thunderbolt hacking gadget in
  And what if the thunderbolt hacking gadget is the external hard drive you ordered, that was modified before you received it?
Re: Apple=Best? by Anonymous Coward · 2015-01-08 10:57 · Score: 2, Insightful

Are you going to go all "no mainstream Scotsman" on us now?
Installed, yes by SuperKendall · 2015-01-08 10:59 · Score: 1

As noted it's as simple as enabling it.
Most users will not, but then most also do not need to worry about someone physically capturing the system and installing malware then returning it...

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:Installed, yes by exomondo · 2015-01-08 14:18 · Score: 1
  
  As noted it's as simple as enabling it.
  How does filevault protect you from this? Filevault is fine once the OS is loaded but this attack occurs long before that.
2. Re: Installed, yes by iluvcapra · 2015-01-09 02:53 · Score: 1
  
  FileVault adds a bunch of secondary behaviors not related to the system drive. The advertised feature is system drive encryption, but it's effectively a "paranoia" mode for Macs.
  When you're running FileVault, if no one is logged in, the machine will refuse to communicate with ANY attached external device, over thunderbolt or USB or anything else, but for one "main" display and the keyboard and mouse. Also the machine shuts itself down if it's left unattended with no one logged in for more than a few minutes. With FV enabled the machine takes on. bunch of hardware behaviors that essentially treat the entire external environment as hostile territory, until someone authenitcates.
  
  --
  Don't blame me, I voted for Baltar.
3. Re: Installed, yes by exomondo · 2015-01-11 10:37 · Score: 1
  
  When you're running FileVault, if no one is logged in, the machine will refuse to communicate with ANY attached external device, over thunderbolt or USB or anything else, but for one "main" display and the keyboard and mouse.
  No, this attack happens before FileVault starts running.
4. Re: Installed, yes by iluvcapra · 2015-01-12 13:24 · Score: 1
  
  If you turn on FileVault 2, the power-on and boot behavior of the system is also changed. External USB and Thunderbolt devices aren't mapped into the system until a valid user logs in. When the Mac boots to the login screen, only the keyboard, mouse, and the "main" display ports work; plugging stuff into the USB ports on the grey login screen doesn't work, they don't light up, the system doesn't access them, try it some time!
  So, if a stranger has physical access to your machine, they won't be able to get a hacked Thunderbolt adapter to be recognized by the system just by turning it on, they'll have to have a login password as well. If you install a hacked Thunderbolt adapter and let it be connected during a firmware update, while you're logged in, you're screwed.
  
  --
  Don't blame me, I voted for Baltar.
5. Re: Installed, yes by exomondo · 2015-01-12 14:00 · Score: 1
  
  If you turn on FileVault 2, the power-on and boot behavior of the system is also changed.
  Ok, I haven't been able to find the information on that, but what I did see is that performance degradation is in the 20-30% range, which would dissuade most people from using it.
  
  If you install a hacked Thunderbolt adapter and let it be connected during a firmware update, while you're logged in, you're screwed.
  Yeah i'd imagine that would be a fairly easy thing to do, swap out a legitimate one for a hacked one, users would be wary about plugging in USB sticks but probably not so much about port adapters.
Not as bad as I initially thought by dbraden · 2015-01-08 10:59 · Score: 1

I know it's dangerous to base opinions on summaries, but the summary says "during recovery mode boots". So, at least it doesn't seem to be as bad as autorunning files on a usb stick, which used to be pretty common.
It is certainly a serious vulnerability, but considering the number of times I've done a recovery mode boot, I'm not overly concerned about it.
1. Re:Not as bad as I initially thought by david_thornley · 2015-01-09 06:42 · Score: 1
  
  One early attack on Macs (back in the days of MacOS 6 or 7 or so), included having a WDEF trojan on a floppy disk. Insert it into the machine, the OS draws the window to show the disk, looks for WDEF resources in the usual order, finds the WDEF on the floppy, and executes the arbitrary code contained in that WDEF resource to draw the window (and do anything else that was in the WDEF). The original WDEF virus was actually pretty harmless on the OS it was developed on, but had bad effects with later OSes.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Re:Transient skills by halivar · 2015-01-08 11:03 · Score: 1

When you learn the skills needed for this level of hacking, you get to keep those skills. It's like asking a chef why he bothers preparing food when it's just going to get eaten. There are a lot of good reasons: it's fun, it hones skill, and if you're really good you advance your entire profession, and when you've done it enough you pass on your knowledge to your sous chef.
"Firmware"? by fustakrakich · 2015-01-08 11:06 · Score: 1

Looks like it's better to call it limpware if it's so soft and easy to reprogram.

--
“He’s not deformed, he’s just drunk!”
1. Re:"Firmware"? by Lab+Rat+Jason · 2015-01-08 11:14 · Score: 1
  
  So you're asking for "resoluteware?"
  
  --
  Which has more power: the hammer, or the anvil?
2. Re:"Firmware"? by fustakrakich · 2015-01-08 11:47 · Score: 1
  
  I was always wondering what happened to good old fashion ROM in a socket. If you want an upgrade, a chip can be FedExed* to you
  *Google isn't the only word to be 'verb-alized'
  
  --
  “He’s not deformed, he’s just drunk!”
3. Re:"Firmware"? by Noah+Haders · 2015-01-08 11:58 · Score: 1
  
  he's asking for turgidware
4. Re:"Firmware"? by Jeremi · 2015-01-08 13:57 · Score: 1
  
  I was always wondering what happened to good old fashion ROM in a socket. If you want an upgrade, a chip can be FedExed* to you
  Upgrading that way is a little bit more difficult now that Apple glues their computer cases together. :^P
  
  --
  
  I don't care if it's 90,000 hectares. That lake was not my doing.
5. Re:"Firmware"? by kybred · 2015-01-08 17:14 · Score: 1
  
  I was always wondering what happened to good old fashion ROM in a socket. If you want an upgrade, a chip can be FedExed* to you
  *Google isn't the only word to be 'verb-alized'
  Any noun can be verbed. :-)
Re:very impressive by fustakrakich · 2015-01-08 11:09 · Score: 1

I'm really curious what this hedge fund does that they need to do this kind of hardcore security research.
They need more bots to do those super fast trades

--
“He’s not deformed, he’s just drunk!”
Re:Apple=Best? by OrangeTide · 2015-01-08 12:00 · Score: 2

Wasn't everything Apple supposed to be the best?
To be the best, you only have to make sure everyone else is worse than you.

--
“Common sense is not so common.” — Voltaire
Re:Transient skills by Noah+Haders · 2015-01-08 12:12 · Score: 1

also you can get paid to do it.
Not news by fyngyrz · 2015-01-08 12:17 · Score: 4, Insightful

Physical access to your machine (and/or you) can result in any number of compromises. This has been true since day one; it'll remain true well into the indefinite future (in fact, I see nothing at all coming down the pike that would ameliorate this in any way. I'm just allowing for the possibility.)

--
I've fallen off your lawn, and I can't get up.
1. Re:Not news by Aighearach · 2015-01-08 14:15 · Score: 1
  
  Like in the book Interface by Neal Stephenson and George Jewsbury
2. Re: Not news by fyngyrz · 2015-01-09 05:58 · Score: 1
  
  Exactly. You can also do anything you want as far as installing keyloggers and other future-action compromises.
  If you require security for your data, then you need two things:
  o Sufficient physical security (what that actually means depends on who you're defending against)
  o Complete WAN network isolation combined with zero-executable transfer protocols. No scripts, macros, apps, nothing.
  Without these things, it is simply not possible to assure security.
  
  --
  I've fallen off your lawn, and I can't get up.
More than that by SuperKendall · 2015-01-08 12:21 · Score: 2, Insightful

It doesn't require someone having physical access to a system, it requires the user to connect a compromised Thunderbolt accessory
A compromised Thunderbolt accessory connected WHILE they are also booting during a firmware update.
Hope you got a lot of patience because I've not done that in years...

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:More than that by Anonymous Coward · 2015-01-08 14:15 · Score: 1
  
  A compromised Thunderbolt accessory connected WHILE they are also booting during a firmware update.
  No, it just needs to be connected when they reboot. That is why this is an effective evil maid style attack, all you need to do is plug in the compromised thunderbolt device and reboot.
2. Re:More than that by david_thornley · 2015-01-09 06:35 · Score: 1
  
  I have two possible reactions to an evil maid attack.
  Usually, I don't care about them, because they're unlikely, and represent too low a risk (probability times damage) to worry about.
  When I do care about them, I assume that there is an evil maid attack, whether or not I know about it, and consider any system somebody else has had unsupervised physical access to permanently insecure.
  In neither case am I all that bothered by known evil maid attacks.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Re: Apple=Best? by Em+Adespoton · 2015-01-08 12:37 · Score: 3, Funny

Are you going to go all "no mainstream Scotsman" on us now?
No *true* mainstream Scotsman anyway.
But we all know that Apple Macintosh isn't a true Scotsman's name....
Re:Hardware needs a factory-reset button by Em+Adespoton · 2015-01-08 12:47 · Score: 1

Unless you're going to factory-reset every time you leave you machine unattended it won't actually help you avoid this, it will only help you recovery once you detect it.
Actually, it would be worse: the attacker could factory-reset your machine and then apply the attack, making any applied patches useless.
Makes me glad I run a vintage 8 core mac pro 2,1 by jerryjnormandin · 2015-01-08 12:48 · Score: 1

I modified the boot.efi to allow my old mac pro 2,1 to run Mavericks. I'm glad I never upgraded. My old mac with 32gb of ram is plenty fast enough.. make -j 20... all I have to say is wow this baby can compile code fast. I also have an NVIDIA GTX 560 graphics card and a vintage GT120 for boot selection. I picked another mac pro 8 core 2,1 on ebay and built up a 32gb8 core Linux beast running linux on bare mac metal. Now that I see thunderbolt is full of security holes I bet the next generation if macs will be locked down. I will never purchased locked down hardware.
Re:fsck them all by Trax3001BBS · 2015-01-08 12:56 · Score: 1

Fsck all those people that are the reason we can't have (keep) any nice things.
I had someone come in and take my Motorola XOOM tablet, it was rooted, and 4.2 thanks to hackers who did what Motorola said wasn't possible.
I found who took it so called 911, an officer called me asking what I wanted him to do about it, I said to shoot em.
It was taken as it was meant to of been, and they checked it out, still no word.
Re:very impressive by _merlin · 2015-01-08 13:24 · Score: 1

Hedge funds employ lots of tech people. Someone has to write trading strategies, systems for getting generated orders to the brokers/exchanges, systems for assigning trades to accounts, and the glue that holds it all together. They also need an army of IT operations, support and security staff to keep the beast running.
My kid does magic tricks... by sootman · 2015-01-08 13:54 · Score: 1

... that involve me turning around for up to 30 seconds. It's cute. The lesson here is, if you let your machine out of your sight for a while, don't be surprised if it comes back rooted. Isn't rule #1 of computer security always "If you don't have physical security, you don't have security"?
What exactly is the vector here? Give someone a thunderbolt hard drive and hope they plug it in and hope they run a firmware update while the drive is connected? Oh no, this could affect potentially dozens of people per decade! Outside of very targeted attacks, who will get hit by this? And if you think you are targeted, the solution is simple: don't have anything but the power cord plugged in when updating firmware. (Which is how you are supposed to do it anyway.)
This isn't exactly a drive-by download.

--
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
1. Re: My kid does magic tricks... by Sez+Zero · 2015-01-08 14:11 · Score: 3, Insightful
  
  We have several new Mac laptops at work. They don't have an Ethernet port, so all of them are connected via Thunderbolt to Ethernet adapters. All the time. It seems like Ethernet or DVI adapters would be a great vector for this attack.
2. Re:My kid does magic tricks... by Shados · 2015-01-08 16:44 · Score: 1
  
  Ever worked in an office, and one day someone reports their expensive headphones got stolen by the cleaning staff? Then _IF_ you are lucky, someone looked at the security tapes and found them out? Usually the camera's not pointing in that direction though...
  Now, thats easy to see on camera, someone running away with something big. Someone clipping a tiny little device to a lap-top thats barely in sight, while cleaning? Even rewatching the security tape 10x, you may not notice it. You also may not realize the computer got owned until after the security tapes got rolled over.
  Someone picking a lap-top, flipping it over, opening it up, and messing in it...thats easy to see, but this isn't. Thats the big difference to me.
3. Re:My kid does magic tricks... by jones_supa · 2015-01-08 18:06 · Score: 1
  
  My kid does magic tricks... that involve me turning around for up to 30 seconds. It's cute. The lesson here is, if you let your machine out of your sight for a while, don't be surprised if it comes back rooted. Isn't rule #1 of computer security always "If you don't have physical security, you don't have security"?
  It's not that simple. There's multiple aspects in physical security too.
  I bet that if your operating system was password-locked, it would take more than 30 seconds for your kid to mess with the data.
  Because if this was a company, that extra time would also have given the security guards more time to arrive at the scene.
4. Re:My kid does magic tricks... by david_thornley · 2015-01-09 06:47 · Score: 1
  
  If the building has security insufficient to catch somebody stealing my headphones, it's insufficient to keep their computers secure. Companies set their own levels of security, and frequently just trust the cleaning staff or plant-watering service or whatever.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Re:fsck them all by Zontar+The+Mindless · 2015-01-08 14:42 · Score: 1

FSFS it's to HAVE been. What have they started teaching in lieu of English in US schools?

--
Il n'y a pas de Planet B.
It's called WireLurker, and it's already here... by Press2ToContinue · 2015-01-08 14:44 · Score: 2

...infecting macs through innocent chargers and other USB devices, mostly acquired from China.
http://www.engadget.com/2014/11/06/apple-malware/

--
Sent from my ENIAC
Re:I though we *wanted* an open boot process by mlts · 2015-01-08 16:21 · Score: 1

I like how UEFI is now on x86 machines. Ships enabled, but easily turned off if you have any technical knowledge. Some BIOS config tools even put up a warning to help ward off "dancing bunny" attacks.
Maybe Apple should see about TPMs. On most machines, they ship disabled, but easily turned on. If FileVault 2 used a TPM, this would not just provide resistance to evil maid attacks, but would stop brute force password guess attacks in their tracks, since the key decoding the VEK would be stashed in the TPM. Of course, if that is lost, there are other mechanisms for recovery (the number string Apple tells you to stash in a secure place.) TPMs would also do a decent job at securing local KeyRing storage, so credentials stored there would be well protected from compromise, even if FileVault isn't used, as the TPM would hold that data, not the OS.
Re:Hardware needs a factory-reset button by mlts · 2015-01-08 16:36 · Score: 1

What I've wondered about is something that was present on Compaqs back in 1993-1994 -- an "enable flash" jumper.
Having this would put a kibosh on flashing option ROMs without the user knowing. Of course, there is always the dancing bunny attack, where a pr0n site asks a user to follow some detailed instructions before downloading a codec, or a dodgy device from China won't work unless the user follows directions (including flipping that jumper and disabling signature enforcement.) However, a master switch would be a significant security boost.
With modern PCs, it wouldn't be a jumper/switch per se, but would be something done from a BIOS level app. This utility would be something a user would almost never use, but would be available just in case someone is doing development work. This way, option ROMs that are signed can be used without issue, but unsigned Trojans would be stopped cold. This mechanism also gives the user the ability to purge all loaded option ROMs and restore back to a default, should their machine get nailed.
A (usually inactive) bootkit ships on many laptops by caseih · 2015-01-08 16:51 · Score: 1

The firmware has always been a possible vector for infecting a computer with malware, and we know the NSA has done it for years. This OS X bootkit shows one method of getting the malware into the firmware. I'm sure on many PCs the NSA could just flash a new BIOS, probably with the full support and help of the firmware manufacturers.
It surprised me to learn that laptops from popular manufacturers like Lenovo ship with a piece of BIOS-based malware called Lojack. Used as a method of theft prevention, once activated it can infect a fresh install of Windows with tracking software. Was quite an eye opener to me.
Certainly in this post-Snowden era, I certainly trust my devices a lot less. Every little device is a computer these days with its own firmware. Who knows what runs there. A brave new world indeed. Looks like writing passwords down on paper is probably the most secure thing after all.
Re:How is it not the best in this case? by gl4ss · 2015-01-08 17:00 · Score: 1

being able to do it remote or "just by plugging in an usb stick" requires the machine to be up and running.
big difference.

--
world was created 5 seconds before this post as it is.
Re:A (usually inactive) bootkit ships on many lapt by jones_supa · 2015-01-08 18:12 · Score: 1

It surprised me to learn that laptops from popular manufacturers like Lenovo ship with a piece of BIOS-based malware called Lojack. Used as a method of theft prevention, once activated it can infect a fresh install of Windows with tracking software.
Even if it performs "sneaky stuff" I wouldn't call it malware as it is designed to help the real owner of the laptop in case of theft.
Re:fsck them all by jones_supa · 2015-01-08 19:14 · Score: 1

It was taken as it was meant to of been
Heh. So far I have only seen "should have" being replaced with "should of", but "to of" is certainly a new one. :)
Hackintoshes are safe right? :) by Torp · 2015-01-08 20:39 · Score: 1

As they don't usually have Thunderbolt, or if they do they boot differently.

--
I apologize for the lack of a signature.
Re:Still wrong by sjames · 2015-01-08 20:43 · Score: 1

Yes, it is. The option rom checks for firmware update mode. If it isn't in update mode, it sets update mode and resets the machine. POOF, you are now booting during a firmware update.
Re:fsck them all by Trax3001BBS · 2015-01-08 20:56 · Score: 1

FSFS it's to HAVE been. What have they started teaching in lieu of English in US schools?

Too old to care, let alone change.
Re:Not impressed. by Jarik+C-Bol · 2015-01-08 23:21 · Score: 1

Exactly. Physical access to the machine and all bets are off when it comes to security.

--
I've decided to Diversify my Holdings. I've divided my cash between my left and right pockets, instead of all in one.
Re:Hardware needs a factory-reset button by davidwr · 2015-01-09 04:14 · Score: 1

it will only help you recovery once you detect it.
Bingo. No more "once it's compromised, it's always compromised" and no more "corrupt the BIOS to brick the device" attacks.
Also, buyers of used merchandise can assure themselves that the BIOS is the factory BIOS, not one that a previous owner installed.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Re:Hardware needs a factory-reset button by davidwr · 2015-01-09 04:41 · Score: 1

Actually, it would be worse: the attacker could factory-reset your machine and then apply the attack, making any applied patches useless.
1) The attacker would have to have physical access to the device to do the factory reset. Either that or trick the user into getting out the screwdriver.
2) Applying a subsequent factory-reset would remove any malware installed by the attacker. Data loss would result, but at least you wouldn't have a permanently-compromised machine.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Re:Hardware needs a factory-reset button by Em+Adespoton · 2015-01-09 05:17 · Score: 1

Actually, it would be worse: the attacker could factory-reset your machine and then apply the attack, making any applied patches useless.
1) The attacker would have to have physical access to the device to do the factory reset. Either that or trick the user into getting out the screwdriver.
2) Applying a subsequent factory-reset would remove any malware installed by the attacker. Data loss would result, but at least you wouldn't have a permanently-compromised machine.
1) The attacker already needs physical access to the device to perform this attack.
2) As someone else said, unless you factory reset each time you use your computer, this is useless (as you won't know if the malware is installed until you perform a reset). After a reset, you would of course have to apply all the patches again before you could use your system safely.
Re:Transient skills by disambiguated · 2015-01-09 06:23 · Score: 1

so much work put into finding and exploiting one tiny little thing that, like you said, is destined to be patched
And yet all that work is the reason it's destined to be patched.
You misunderstand the purpose by davidwr · 2015-01-09 07:28 · Score: 1

The purpose of a factory reset is not to give 100% protection. It is not to mitigate all of the damage caused by the attack. It is to provide a way to rescue the hardware once the threat has been identified and means of re-infection have been gotten rid of. In other words, it's to save the cost of buying replacement hardware for a box that would otherwise be deemed "never to be trusted again."
Here are two examples:
1) A rouge employee tampers with a USB/Firewire/Thunderbolt device and uses that to infect Macs (or PCs, or phones, or whatever). The employee is discovered and shown the door and all potentially-infectious devices which cannot be factory-reset have been destroyed or removed from use. Those which can be factory-reset are reset and updated from known-good sources.
2) I buy a used piece of equipment. I want to know with certainty that there is no malware on it. I do a factory-reset and update it from known-good sources.
Also, the concept of a factory-reset is not specific to recovering from against hardware/peripheral-based attacks. It also helps recover from software-based attacks (including remote attacks) that take advantage of bugs to replace the "main" firmware with their own. In this case, the recovery is a two-step process:
* Do a factory reset
* Update to a version of the "real" firmware that does not have any known exploits
It also has the limitation that it does not protect against exploits (including remote exploits) that will be discovered in the future.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
1. Re:You misunderstand the purpose by Em+Adespoton · 2015-01-09 09:54 · Score: 1
  
  I understand the purpose... the problem is that it opens up an attack surface such that you can't trust your hardware anymore.
  Now one thing that WOULD be useful in this specific situation is to have the flashing code separate from the EEPROM data itself, such that you can't swap out the signing key and lock out the original manufacturer from re-flashing the device. This would mean that a manual re-flash would always be possible. But a simple software or hardware-based "factory reset" runs afoul of the "who watches the watchers" conundrum -- now you need to worry about the default code that is tucked away somewhere (hopefully on ROM, but that'd be expensive).
  so in case 1): you may have a point, except it's probably cheaper to just replace the equipment. In case 2, you're no further ahead -- how do you know the factory-reset hasn't been tampered with?
2. Re:You misunderstand the purpose by davidwr · 2015-01-10 18:22 · Score: 1
  
  how do you know the factory-reset hasn't been tampered with?
  Because if it could be tampered with, then it wouldn't be a factory-reset procedure, at least not in the sense that I'm talking about.
  Go back to my original comment and look for the word "immutable". I used it several times. If the "factory reset" signal is present (e.g. a jumper pin is set or a button is depressed during power-on) then the first code that gets executed is the "firmware-loading firmware" which was factory-installed and non-overwriteable. This code wipes out the existing "real firmware" and over-writes it with a known-good factory-installed non-overwritable "factory reset backup firmware copy" or, if the manufacturer was short on space to store an extra copy of the firmware, it over-writes it with code found at a factory-determined location that is under the user's control (the modern equivalent of "X bytes starting at sector 0 of floppy disk A").
  Suppose an evil user installs bad firmware using the factory reset procedure. Fine. Now the next user repeats the factory-reset procedure and overwrites the evil firmware with firmware that he (the current user) trusts and all is well.
  Oh, and if the buyer can't trust the vendor to provide non-harmful "firmware-loading firmware" and a good path to get his preferred version of the firmware installed (either directly through a factory reset or from a factory reset followed by a normal firmware update) then he's buying from the wrong vendor.
  
  --
  Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Re:Transient skills by disambiguated · 2015-01-09 14:46 · Score: 1

the level of effort to actually generate an exploit that works regularly is the point of diminishing returns
You would think so, but experience has shown that without a working proof of concept exploit, software vendors dismiss the vulnerability as theoretical, downplay the severity, or outright ignore it. Sometimes they even ignore vulnerabilities with working exploits, if it isn't actually being exploited in the wild (that anyone knows about). And a working exploit is useful for testing your own systems.