Skip to main content

Security researcher rewrites Mac firmware over Thunderbolt, says most Intel Thunderbolt Macs vulnerable

A security researcher speaking at the Chaos Computer Congress in Hamburg demonstrated a hack that rewrites an Intel Mac’s firmware using a Thunderbolt device with attack code in an option ROM. Known as Thunderstrike, the proof of concept presented by Trammel Hudson infects the Apple Extensible Firmware Interface (EFI) in a way he claims cannot be detected, nor removed by reinstalling OS X.

Since the boot ROM is independent of the operating system, reinstallation of OS X will not remove it. Nor does it depend on anything stored on the disk, so replacing the harddrive has no effect. A hardware in-system-programming device is the only way to restore the stock firmware.

Apple has already implemented an intended fix in the latest Mac mini and iMac with Retina display, which Hudson says will soon be available for other Macs, but appears at this stage to provide only partial protection… 

Once installed, the firmware cannot be removed since it replaces Apple’s public RSA key, which means that further firmware updates will be denied unless signed by the attacker’s private key. The hacked firmware can also replicate by copying itself to option ROMs in other Thunderbolt devices connected to the compromised Mac during a restart. Those devices remain functional, making it impossible to know that they have been modified.

The good news is that the attack method requires physical access to your Mac, and Hudson is not aware of any Mac firmware bootkits in the wild. He notes that there is no way to be sure, however.

It was previously suggested that the NSA used similar attack methods, physically intercepting shipments to install bootkits before computers reach their buyers. Once out in the wild, the hacked firmware could be easily spread by something as seemingly innocuous as a Thunderbolt monitor in a hotel business center.

The slides from Hudson’s presentation are available on Flickr, and a video is now available. Hudson says that he has been in contact with Apple regarding EFI vulnerabilities, and that his slides provide sufficient ‘pseudo-code’ to allow others to verify the hack without making it too easy for others to exploit.

The presentation follows an earlier one in which the hacker who last year used lifted fingerprints to fool Touch ID suggested that it may be possible to repeat the attack using only a photograph of a finger.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Sumocat (@SumocatS) - 9 years ago

    Don’t know why Hudson would contact Apple about this vulnerability. EFI and Thunderbolt are both Intel technologies.

    • drhalftone - 9 years ago

      Dear Ben, Now this is news because it affects a lot of us in the Mac community. And the reason to contact Apple is because Apple has something to lose since its their computers that are going to be jacked. And Apple co-developed Thunderbolt with Intel.

      • Edison Wrzosek - 9 years ago

        “Apple co-developed Thunderbolt with Intel” <- Bingo! Intel already knew about this vulnerability a YEAR ago and didn't lift a finger to fix it until someone actually went after Apple systems, where most Thunderbolt goes. This vulnerability ALSO encompasses Wintel systems / motherboard makers like ASUS and Gigabyte, but they're not getting any media attention in any of this…

        This was already reported a few days ago on another news site, and was confirmed that Intel knew about the flaw for a long time but didn't take it seriously. Now Apple is basically forcing Intel to get off their behind and get cracking.

        This exploit is, I believe, in the same severity class as a recent USB controller chip exploit where malicious code can be injected right into the USB device, even a mouse, and cannot be detected, nor removed, by any known method.

        I fear we're now looking down the barrel of a new generation of attack vector that will be utilized by hackers to an increasing extent. I've told a few people not to share their USB devices with anyone, and they just laughed…

  2. eldernorm - 9 years ago

    While I see this a legit news and an important issue for Apple to review. I also see it (and the USB break with similar software) as a need to not buy cheap Chinese hardware. Yes it is cheaper, but the security used by those chinese shops is non-existant and the option to take some money from the bad guys to put the malware on USB and thunderbolt units is there.

    Actually I am expecting some enterprising US person to come out with a USB and thunderbold reader tool which can attach to the USB or thunderbolt device and verify if there is bad code out there. Could be a great device to have if you use a lot of USB or thunderbolt devices.

  3. Michael Weisberg - 9 years ago

    Is this not just another reason why you should add a firmware password on your device…especially a MBP. Unless I am mistaken if you have set a firmware password and try to boot to any other device but the HD, then you have to enter in that password before you can do anything. Does this vulnerability get around the firmware password?

    • Ben Lovejoy - 9 years ago

      Unfortunately, yes – this gets loaded first.

      • Michael Weisberg - 9 years ago

        Well that sucks. Silly scenario…what if my HD is encrypted and turned off. Since the person has to have physical access in order to do this…does the encryption pose any sort of problem for this?

      • Ben Lovejoy - 9 years ago

        Encryption is no protection – all that is needed is to insert a compromised Thunderbolt device during boot. The damage is already done by the point of reaching the login prompt.

      • Michael Weisberg - 9 years ago

        Well now you really are a kill joy.

  4. varera (@real_varera) - 9 years ago

    OK, so if I do not use external thunderbolt devices that do not belong to me, I am safe. Thanks.

    • Spino - 9 years ago

      I’m afraid you are not: if you leave your MacBook PRO (for example) alone for 5 minutes, someone could plug in a specially crafted thunderbolt device, reboot your MacBook (pressing power button for 10 seconds) and reboot in recovery mode. Once you are back you see your login prompt, re-login and notice ANYTHING… but your ROM got corrupted… and as far as I understood, your MB would then start trying to infect others… so, bad news, no matter whether you even use any Thunderbolt device

  5. Ervin Page - 9 years ago

    I’d think that having an “OpenFirmware” password set–the Mac won’t even boot (including from an external connection)–which should provide protection against this threat for now.

    • Edison Wrzosek - 9 years ago

      Unfortunately that’s not the case, as this vulnerability is in the Thunderbolt ROM itself. Components like this get scanned and initialized during the machines’ POST cycle, even before the main EFI comes up. And the attack targets that vulnerability to sneak into the system. This is a very sophisticated attack, to say the least.

  6. Edison Wrzosek - 9 years ago

    Apple should re-engineer their EFI startup cycle, and prevent ANY external components, such as USB, Thunderbolt, Firewire from initializing their ROM’s until EFI has started and activated security protections…

  7. eldernorm - 9 years ago

    I have to ask. There should be some way to create a device that you would plug a suspect USB or thunderbolt unit into and have it check for the USB or thunderbolt trying to change the BIOS. Any thoughts if this is possible and any suggested sources who might be able to develop such a device???

  8. Brian - 9 years ago

    This is almost as theoretical as the mythic ‘take a photo of my fingerprint from across the room’ hubris. I don’t believe it for a minute, and it’s quite irrelevant. I only have one thunderbolt adapter and it’s from Apple.

  9. Wowww. That’s creepy.

  10. Kawaii Gardiner - 9 years ago

    “Apple has already implemented an intended fix in the latest Mac mini and iMac with Retina display, which Hudson says will soon be available for other Macs, but appears at this stage to provide only partial protection…”

    So does that mean that the fix is already included in the Mac mini and iMac 5K that is already shipping? Also, regarding the ‘will soon be available for other Macs’ – is that based on speculation by Hudson or actually Apple saying to Hudson that there is a fix in the works?

    • Air Burt - 9 years ago

      If Apple already has firmware out that fixes it, it’s a logical conclusion that it will come to other Macs. Only comment Apple really needs to confirm is how soon.

    • Ben Lovejoy - 9 years ago

      Already shipping and advised by Apple is my understanding, but at this stage it appears unclear how much of a fix it really is.

      • Kawaii Gardiner - 9 years ago

        Would something like ‘Secure Boot’ which Microsoft employs deal with such a security vulnerability? if so then it probably requires something more intensive than just a firmware update because it might also require making changes to the operating system as well.

      • Air Burt - 9 years ago

        This has nothing to do with the OS. This infects the computer during the boot up POST sequence. Unless Secure Boot starts before the POST check, that does no good. This requires a firmware/ROM update to close the vulnerability in Thunderbolt during boot.

      • Kawaii Gardiner - 9 years ago

        Air Burt, where in the post did I say anything about the OS other than saying if Apple released a firmware update that implemented secure pot that it would also require Apple to update OS X to make it secureboot compatible.

      • Kawaii Gardiner - 9 years ago

        *secureboot

  11. Computer_Whiz123 - 9 years ago

    Uh oh

  12. Tim Pritlove - 9 years ago

    It ‘s the “Chaos Communication Congress” not “Chaos Computer Congress”. See http://en.wikipedia.org/wiki/Chaos_Communication_Congress

  13. I know I’ll likely be labeled a conspiracist but I don’t for one second believe that this is by chance on the part of the hardware manufactures involved, including Apple. This exploit gives an opportunity for others to take advantage of it, but I believe all systems have the ability for spyware to be loaded before all other security measures are loaded and in place. I believe Snowden merely exposed just the tip of the iceberg and it would not surprise me if this exploit was by design rather than an oversight.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear