Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters

Posted by Soulskill on from the publicity-fixes-bugs dept.

BIOS4breakfast writes: Wired reports that later this week at BlackHat and Defcon, Trammell Hudson will show the Thunderstrike 2 update to his Thunderstrike attack on Mac firmware (previously covered on Slashdot). Trammell teamed up with Xeno Kovah and Corey Kallenberg from LegbaCore, who have previously shown numerous exploits for PC firmware. They found multiple vulnerabilities that were already publicly disclosed were still present in Mac firmware. This allows a remote attacker to break into the Mac over the network, and infect its firmware. The infected firmware can then infect Apple Thunderbolt to Ethernet adapters' PCI Option ROM. And then those adapters can infect the firmware of any Mac they are plugged into — hence creating the self-propagating Thunderstrike 2 "firmworm." Unlike worms like Stuxnet, it never exists on the filesystem, it only ever lives in firmware (which no one ever checks.) A video showing the proof of concept attack is posted on YouTube.

22 of 119 comments (clear)

  1. Maybe someday by fustakrakich · · Score: 2

    They will make a chip that can only be written to one time. They can call it, "read only". What a concept!

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:Maybe someday by grim4593 · · Score: 3, Insightful

      If the chips are read only they would not be able to receive security updates (not that manufacturers issue ROM updates most of the time...). It would be a mess the first time a firmware security hole was found that couldn't be patched.

    2. Re:Maybe someday by fustakrakich · · Score: 5, Informative

      I vaguely remember the day when chips were socketed, exactly for that inevitability. Updates are more expensive that way, but it all depends on how secure you want to be. Remote updates will never, ever be secure. It is nothing but a perpetual cat and mouse game.

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:Maybe someday by simcop2387 · · Score: 5, Insightful

      I like the flash chip with a hardware switch/jumper to enable writing to it. You've got the hardware read only protection but you can update it without replacing anything socketed.

    4. Re:Maybe someday by BronsCon · · Score: 2

      You must have missed the point that flash chips, used in this application, can never be secure. It is precisely due to the use of flash chips that this exploit is even possible; can't overwrite a ROM. At the very least, there needs to be a physical switch that enables writing, and the system should refuse to boot into anything but the firmware update screen if that switch is in the "write" position. Better yet, have the switch only function to set the value of a gate and latch that value so that toggling the switch with the system powered up does nothing. The gate's only input would be the switch and it would only read on power-up. Then, the user doesn't even have the option of accidentally enabling write mode once the system is booted, which would protect against exploits such as this, even in cases where the user flips the switch after booting.

      Doesn't protect against someone with physical access, but it does change the game to require the attacker, and not just the attacking device, to have physical access or, at the very least, convince the user that there is a firmware update so they're likely to boot into write mode. Of course, write mode could disable all ports except for one USB port and only support USB disk devices on that port.

      That wouldn't be perfectly secure, of course, but it'd sure be more effort than mailing your victim a new ROM chip in official looking packaging with instructions printed on forged letterhead. Yes, that's right, even the physical socketed chip solution isn't secure if you think outside the box.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    5. Re:Maybe someday by Anonymous Coward · · Score: 2, Interesting

      I prefer a slightly simpler approach—give the chip a command whose sole purpose is to prevent future firmware updates. During normal driver initialization, set the flag. When you power off the computer, the flag gets cleared. Any update to the firmware requires you to install the new firmware in a particular location on disk, where the driver can wait to set the flag, then verify the firmware signature (with access to a full security stack, Internet access for pulling down CRLs, etc.) before installing it during the next boot.

      After all, if you can't protect against someone with physical access rebooting, then there's no reason to have the physical switch at all.

    6. Re:Maybe someday by Anonymous Coward · · Score: 2, Interesting

      There don't need to be security updates to the firmware. The ROM firmware only needs to do just enough to receive the operational firmware. All these devices run the firmware from RAM anyway. The device can provide that firmware to the host from flash memory, but should not load and start it on its own. This way the host is always in control of the firmware and can make sure that the firmware has not been tampered with.

    7. Re:Maybe someday by Lumpy · · Score: 2

      Pull Write Enable line to ground and the best hackers in the world cant change anything on the chip.

      --
      Do not look at laser with remaining good eye.
    8. Re:Maybe someday by LordKronos · · Score: 4, Informative

      I like the flash chip with a hardware switch/jumper to enable writing to it. You've got the hardware read only protection but you can update it without replacing anything socketed.

      Correct...except I think it needs to be clarified that the jumper or switch is actually a physical cutoff that would prevent flashing. You need to make this distinction, because I'm pretty sure I've seen hardware jumpers that just toggle a bit in the bios/firmware config, thus telling the bios whether or not to allow it, and if the bios/firmware is hacked, the physical jumper is not actually a physical obstacle.

    9. Re:Maybe someday by techno-vampire · · Score: 2

      I can remember when there was a jumper that had to be properly set to allow firmware updates. I doubt they cost as much as a penny, and they couldn't get flipped by accident.

      --
      Good, inexpensive web hosting
    10. Re:Maybe someday by Anonymous Coward · · Score: 2, Interesting

      It used to be that every computer had one of these DIP switches on the motherboard. Need to flash the BIOS? Flip the switch physically, boot the machine to the MS-DOS floppy, let it do its reads/writes/verifies, then flip the DIP switch back.

      I'm pretty sure it was cost that did away with that physical safeguard, replacing it a signature algorithm. I first saw this in the mid 1990s where one major brand of computers has a "password" in the BIOS flash mechanism, that if it wasn't part of the upload, the machine wouldn't accept the code.

      However, now, it has become a vector for permanent infection. Flash a SSD, motherboard, CPU, video card, keyboard, mouse, or any one of the tons of subsystems, and malware can become a permanent part of the computer. The closest thing I see to this is LoJack for Laptops which, if a BIOS setting is selected (and one set, it is there for good), it will always reload that program no matter what, when Windows is installed. Now, do the exact same thing, except with some ransomware, remote access Trojan. If the malware can access the iLO functions of most machines, it will have keyboard and monitor access for screen-scraping regardless of OS on the box, and has the ability to reformat/reinstall the OS at anytime.

      So, what is the fix for modern computers? Can't really do a DIP switch or else Joe Sixpack will cut himself on the inside of the computer case and sue.

      The fix is likely two fold:

      1: The first something like a bootloader, which is something well tested, hardened against attack, and so on. It would be a v1.0 edition and burned into ROM. Yes, it can't be updated... but we had programmers deal with non-updatable code in the past. In fact, all PS1 games were architected and coded to never, ever need an update. It would be expensive, but this amount of code is relatively small, so it can be built secure.

      This would be something that comes up with a certain key combination, and perhaps flashes a certain light pattern or color that the normal OS could never do (like a red LED instead of the normal blue /white one) This shows the user that they are in a "trusted" part of the computer, nothing else is running, nothing else can be run. From there, one can stick a SD card or a USB flash drive in a slot where the firmware to be upgraded is stashed and update from that, which would be signed, and if for some reason the core signing key was compromised, the device maker could have a manual challenge/response system to override it.

      Another part of this would be the ability to revert to a "last known good" configuration as well as a burned in ROM. No, going back to a v1.0 BIOS isn't great for security, but it allows the machine to be up and running. Similar with storing 1-2 previous firmware versions that are signed.

      The key is to have this feature be something that has to be done physically at the computer, and show the user in some telltale way that a fake OS isn't mimicking this screen. Of course, this "bootloader" would have to be extremely bug free at the outset, as it really couldn't be upgraded.

      Of course, nothing is perfect. There is a need for remote upgrades in the enterprise, so having to go manually pop up a special menu on every single blade and server isn't going to cut it. This could be addressed via the standard iLO functionality on a management network.

    11. Re:Maybe someday by mlts · · Score: 2

      I'm reminded of the "frozen" state with hard drives where the only time one can set or erase a password with them is just after boot, and before the OS loads.

      Maybe this should be passed to other devices as well? UEFI or the BIOS passes the same "freeze" command to all devices on the machine, which makes them ignore any requests for firmware updates until the machine is powered off. This way, upgrades are doable, but it takes the user doing something specific to do them.

      As an added bonus, the upgrades would be doable via iLO, so this would be a hair-puller for the enterprise.

    12. Re:Maybe someday by Agripa · · Score: 2

      It used to be that every computer had one of these DIP switches on the motherboard. Need to flash the BIOS? Flip the switch physically, boot the machine to the MS-DOS floppy, let it do its reads/writes/verifies, then flip the DIP switch back.

      I'm pretty sure it was cost that did away with that physical safeguard, replacing it a signature algorithm. I first saw this in the mid 1990s where one major brand of computers has a "password" in the BIOS flash mechanism, that if it wasn't part of the upload, the machine wouldn't accept the code.

      The reason a switch was originally available is because the Flash memory required a high voltage programming supply and it was best to leave this off or disconnected when not needed. When it became practical, the high voltage programming supply was generated on the chip using a charge pump and controlled by the write command so there was no longer any need for an external switch.

  2. "Firmworm" by xxxJonBoyxxx · · Score: 4, Insightful

    >> "Firmworm"

    You did NOT just introduce that to the Internet.

    >> Rule 34

    Oh yeah...I guess it's the reason we have Internet in the first place.

  3. Re:In other words... by Sponge+Bath · · Score: 4, Insightful

    So, in other words, the user has to be a complete moron in order for this attack to work.

    Human stupidity is the hacker's greatest tool. The entire staff does not have to be stupid, just a few to get things rolling.

  4. Re:Obligatory by TooManyNames · · Score: 2

    Worms are basically a subset of viruses. They are self-replicating malware, just like typical viruses, but don't rely on a human action, such as installation of an infected application.

    Assuming that your post wasn't intended as a joke (the dubious claim of viral invulnerability leads me to think it was a joke), how exactly is vulnerability to something like the worm mentioned okay to brush off (claiming mis-classification is a tactic to steer conversation away from the subject discussed)?

    --
    "Is not a sentence" is not a sentence. Well damn.
  5. strongest attack vector in existence by SethJohnson · · Score: 2

    I know there are still a small percentage of people out there that still click on every email link they get, but I would hope that phishing is a dying art and not much would ever come of this. I know that most of the people I supported would not be this amazingly stupid, nor would many in the entire company.

    If you work in an IT capacity, I suggest you rethink architecting your security profile based on trusting users not to click on links sending them to websites hosting malicious exploit code.

    You might have the smartest CS graduates working in your organization. Each one of them has a computer-inexperienced relative whose had their email compromised in one way or another. From those compromised email accounts, messages are sent to your coworkers that can contain solicitations to view content hosted on a remote website. The possibility of your teammates following those links is especially high. Once the exploit code has hit the desktop OS, it's inside your network. If you have vulnerable routers, the attackers can use the beachhead of the first compromised desktop machine to change the DNS settings on the network router. Now, every single user in the organization is vulnerable to being redirected from "www.google.com" to "www.exploitsite.com" while they still only see the friendly google search page in their browsers when they try to do a search.

    Don't trust the end users. They're the weakest member of your corporate security.

    --
    $5 / month hosted VPS on linux = awesome!
  6. Re:So, the actual attack surface is vanishingly sm by Fire_Wraith · · Score: 2

    Yeah, because no one ever falls for social engineering, so it's totally not anything to worry about.

  7. Re:So, the actual attack surface is vanishingly sm by Anonymous Coward · · Score: 2, Insightful

    All current MacBook Pros (for the past few years actually) do not have built-in ethernet but would require either a Thunderbolt or USB adapter.

    Also, what about Thunderbolt displays, especially in an office "hotel" situation where one shows up and grabs an empty spot to plug in? This is pretty common enough behavior.

  8. Re:Obligatory by Noah+Haders · · Score: 2

    Because the worst pieces of software are antivirus programs, but macs are not vulnerable to the types of malware that antivirus software could protect against. Nobody said that macs are immune to viruses, just as they are not immune to water damage, theft or if you throw them off your roof (although there's a cool video on YouTube where a MacBook Air fell out of a two-seater airplane, but was still functional when it was found on the ground).

  9. Re:Obligatory by ArcadeMan · · Score: 2

    Although there's a cool video on YouTube where a MacBook Air fell out of a two-seater airplane, but was still functional when it was found on the ground.

    Well, duh. Why do you think it's called MacBook Air?

    --
    Get free satoshi (Bitcoin) and Dogecoins
  10. Re:Obligatory by macs4all · · Score: 2

    Because this is a brand-new Class of malware.

    What is, Thunderstrike 2 or what I was referring to, Flashback? Because Flashback looks like a trojan installed via a Java flaw.

    Thunderstrike. I was apparently not reading closely.

    However, Thunderstrike (and I believe Thunderstrike 2) has already been patched months ago by Apple, in their OS X 10.10.2 Update. Also, apparently Macs sold after mid-2014 are immune.

    By the way, there is a far more sinister fact that is completely glossed over here on Slashdot: These same vulnerabilities were first found in the UEFI firmware on "Windows/Linux" PCs. The "researchers" just wanted some notoriety; so, when they found the same vulnerability in Macs, they decided to develop a proof-of-concept for that platform and crow about it to the world. And BTW, "Option ROMs" are certainly not unique to Apple-compatible peripherals. Far from it. So, even if you don't use OS X, this exploit, or one very similar to it, can be coming to a computer on your desktop.