x
advertisement
Filtered By: Scitech
SciTech

Macs are hackable via Thunderbolt port, says researcher






Think your shiny new MacBook is safe from attacks? Think again: a researcher has found a way to infiltrate Macs using the ubiquitous Thunderbolt port.
 
Researcher Trammell Hudson presented his findings on the hack, dubbed Thunderstrike, at the Chaos Computer Congress in Hamburg.
 
Hudson, in a lengthy blog post, said there is a "significant firmware vulnerability" in Apple's EFI firmware.
 
Such a vulnerability not only allows untrusted code to be written to the boot ROM, it can also resist attempts to remove it.
 
"It turns out that the Thunderbolt port gives us a way to get code running when the system boots. Thunderbolt brings the PCIe bus to the outside world and at boot time the EFI firmware asks attached devices if they have any Option ROMs to be run," he said.
 
But he said a Thunderbolt device that has been flashed with the exploit plugged in and the system booted can allow the attacker's code to hook any EFI or OS functions.
 
An attacker can "do things like bypass firmware passwords, log keystrokes, install kernel backdoors, etc.," he said.
 
Hudson also said option ROMs can circumvent flash security by triggering recovery mode boots with signed firmware, then causing the untrusted code to be written to the ROM.
 
"And the attacker now controls the signing keys on future firmware updates, preventing any software attempts to remove them. The Thunderstrike POC also disables Option ROMs, so it can’t be removed by a similar technique," he said.
 
But Hudson noted pre-Thunderbolt devices are not affected by Thunderstrike, nor Apple machines that contain mask ROMs.
 
Preventing Thunderstrike
 
Hudson said Apple has a partial fix that has started shipping in the new Mac Mini's and iMac Retinas.
 
"Their fix is to not load Option ROMs during firmware updates, which is effective against the current proof-of-concept," he said.
 
Still, Hudson said this is not a complete fix as option ROMs are still loaded on normal boots. — Joel Locsin/TJD, GMA News
Tags: apple, applemacintosh, applemacbook, cybersecurity
Most Popular