Slashdot Mirror

← Back to Stories (view on slashdot.org)

First OSX Bootkit Revealed

Posted by samzenpus on from the protect-ya-neck dept.

Trailrunner7 writes A vulnerability at the heart of Apple's Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac. The research is the work of a reverse engineering hobbyist and security researcher named Trammel Hudson, who gave a talk at the recent 31C3 event in Hamburg, Germany, during which he described an attack he called Thunderstrike. Thunderstrike is a Mac OS X bootkit delivered either through direct access to the Apple hardware (at the manufacturer or in transport), or via a Thunderbolt-connected peripheral device; the latter attack vector exposes vulnerable systems to Evil Maid attacks, or state-sponsored attacks where laptops are confiscated and examined in airports or border crossings, for example.

Hudson's bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple's RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker's key. The attack also disables the loading of further Option ROMs, closing that window of opportunity.

17 of 135 comments (clear)

  1. If the rootkit can close the hole by phayes · · Score: 5, Interesting

    Then so can Apple.

    From their reaction pushing out an automatically installed security patch for the recent NTP vulnerability, I'm hoping that Apple will furnish a patch before this ever becomes more than a Blackhat proof of concept.

    --
    Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    1. Re:If the rootkit can close the hole by c · · Score: 5, Insightful

      Then so can Apple.

      More usefully, it sounds like the owner of the machine itself can patch it such that any Option ROMs need to be signed with their own private key rather than Apple's.

      --
      Log in or piss off.
    2. Re:If the rootkit can close the hole by sjames · · Score: 2

      The vulnerability only exists when the machine is booting in a special flash mode. Otherwise, the flash chip is locked making writes impossible until a reset happens before the option ROMS get run.

      So only flash mode needs to disable the option ROMs. A normal boot can use them without risk of a re-flash.

    3. Re:If the rootkit can close the hole by phayes · · Score: 3, Insightful

      If you would take the time to actually read TFA (yeah I know, heresy), you'd know that Apple has already addressed the vulnerability in recent minis & iMacs so the window is already closing.

      Added to that, you need the exploit (which is closely held at present) & physical access to the Mac. This rootkit is extremely unlikely to be a problem for anyone.

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
  2. Thunderbolt seems inherently insecure by mattventura · · Score: 4, Insightful

    From what I understand, thunderbolt is essentially an external PCIe interface. That's inherently insecure. It was bad enough that Firewire gave devices DMA access, but with PCIe it will probably be 10x worse.

    1. Re:Thunderbolt seems inherently insecure by Anonymous Coward · · Score: 2, Insightful

      And how is that any different from the PCMCIA / CardBus slots of the past? They were basically direct attachments to the peripheral bus too, but I guess back then nobody cared about these kinds of attacks, and it wasn't predominantly Apple using those expansions.

    2. Re:Thunderbolt seems inherently insecure by mattventura · · Score: 2

      It's no different than doing the exact same thing over Firewire, but it's a lot easier to hide an exploit in plain sight. When you exploit over something like Firewire or Thunderbolt, it could be a simple "Hey, can I charge my iPhone?". I remember an old exploit that you could do using one of the ancient Firewire iPods. That's a lot different than "Hey, can I plug this random card into your computer?" when you want to do it over CardBus or ExpressCard.

  3. Turn on FileVault by pushing-robot · · Score: 4, Informative

    FileVault 2 disables DMA over FireWire/Thunderbolt when no user is logged in or the machine is locked.

    If you want an extra layer of security, execute this command:

    sudo pmset -a destroyfvkeyonstandby 1 hibernatemode 25

    ...and your Mac will erase its decryption key from RAM every time it goes to sleep.

    --
    How can I believe you when you tell me what I don't want to hear?
    1. Re:Turn on FileVault by DaHat · · Score: 3, Insightful

      You now know about this issue and can do it to your Macs... and that of your family & friends... but what about all of those people who do not have a person like you? How do they get the fix?

      Short of a mandatory update that is pushed down even on devices that opt out of automatic updates... how do you propose to push such a change?

      So yes... too late. If the device leaves the factory in an insecure state, a significant number of units are basically guarenteed to remain that way until they are decommissioned years from now.

      --
      Help Brendan pay off his student loans
    2. Re:Turn on FileVault by pushing-robot · · Score: 5, Interesting

      Sorry to reply to myself, but after reading the full details on this vulnerability it's not like the previous Thunderbolt exploits I've seen, and my prior advice may not be sufficient protection.

      It uses a string of vulnerabilities to flash itself into the firmware using Diagnostic Mode, which exists outside the protection of FileVault. To fully secure yourself you probably need to set a firmware password... not as easy as turning on FileVault, but it should only take a couple minutes on a modern Mac: instructions

      Hopefully Apple will take steps to close the vulnerabilities but it's not likely to affect many people; it requires prolonged physical access to the machine, multiple reboots and connection of hardware, and finally the cooperation of the user (logging in again) for the attacker to steal any useful information. Virtually any machine could be compromised under the same circumstances.

      --
      How can I believe you when you tell me what I don't want to hear?
  4. Re: Apple=Best? by Anonymous Coward · · Score: 2, Insightful

    Are you going to go all "no mainstream Scotsman" on us now?

  5. Re:Apple=Best? by OrangeTide · · Score: 2

    Wasn't everything Apple supposed to be the best?

    To be the best, you only have to make sure everyone else is worse than you.

    --
    “Common sense is not so common.” — Voltaire
  6. Not news by fyngyrz · · Score: 4, Insightful

    Physical access to your machine (and/or you) can result in any number of compromises. This has been true since day one; it'll remain true well into the indefinite future (in fact, I see nothing at all coming down the pike that would ameliorate this in any way. I'm just allowing for the possibility.)

    --
    I've fallen off your lawn, and I can't get up.
  7. More than that by SuperKendall · · Score: 2, Insightful

    It doesn't require someone having physical access to a system, it requires the user to connect a compromised Thunderbolt accessory

    A compromised Thunderbolt accessory connected WHILE they are also booting during a firmware update.

    Hope you got a lot of patience because I've not done that in years...

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  8. Re: Apple=Best? by Em+Adespoton · · Score: 3, Funny

    Are you going to go all "no mainstream Scotsman" on us now?

    No *true* mainstream Scotsman anyway.

    But we all know that Apple Macintosh isn't a true Scotsman's name....

  9. Re: My kid does magic tricks... by Sez+Zero · · Score: 3, Insightful

    We have several new Mac laptops at work. They don't have an Ethernet port, so all of them are connected via Thunderbolt to Ethernet adapters. All the time. It seems like Ethernet or DVI adapters would be a great vector for this attack.

  10. It's called WireLurker, and it's already here... by Press2ToContinue · · Score: 2

    ...infecting macs through innocent chargers and other USB devices, mostly acquired from China.

      http://www.engadget.com/2014/11/06/apple-malware/

    --
    Sent from my ENIAC