 |
 |
Macs vulnerable to firmware rewrites via Thunderbolt, research finds
|
|
|
|
|
MacNN Staff
Join Date: Jul 2012
Status:
Offline
|
|
The firmware on some Macs can be rewritten via a Thunderbolt device loaded with a special replacement ROM, according to Trammel Hudson, a security researcher who spoke at the 31st convention of the Chaos Computer Club, held in Hamburg. The hack is dubbed "Thunderstrike," and reportedly can't be detected once it's installed. More importantly, it can't be removed by reinstalling OS X or replacing a hard drive, since it impacts the boot ROM (which is independent) and replaces Apple's public RSA key, blocking future firmware updates unless the attacker's key is used. It can even copy itself to optional ROMs in other Thunderbolt devices connected to a compromised Mac during a restart.
Apple has already implemented a fix in the 2014 Mac mini and Retina 5K iMac, but this offers only partial protection, and the fix is not yet ready for other Mac models. The primary defenses at the moment are that an attacker requires physical access to a computer, and that there don't appear to be any Mac firmware bootkits in circulation. Organizations like the National Security Agency, though, are believed to sometimes intercept computer shipments and install bootkits for spying on specific targets.
Hudson says he has been talking to Apple about the issue. There is no indication of when other Macs might receive an EFI (Extensible Firmware Interface) update to guard against the malware, but risk of attack is considered to be low for nearly all customers.
(
Last edited by NewsPoster; Dec 31, 2014 at 07:48 AM.
)
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Nov 2008
Status:
Offline
|
|
Oh no, Macs are vulnerable to obscure difficult attacks done in close prolonged personal contact. They are also vulnerable to being replaced with identical units with malware preinstalled as well as vulnerable to attacks with assault rifles, mallets, sledge hammers and the dreaded bucket of mercury attack.
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Status:
Offline
|
|
haha nice comment ElectroTech. This exploit is hardly an issue as it would take a rouge manufacturer with a lot of money to make a fake Thunderbolt device. Currently Thunderbolt devices are only economical for manufacture from large companies like Belkin, Pegasus, etc. However give thunderbolt 5 - 10 more years and perhaps it will be economical for fake Chinese devices to be made. But even then you would likely throw the fake device away after the first use, so no reason to even make such a fake device, ever.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
The point is NOT that somebody is going to build and mass-market faked devices.
The point is that somebody with physical access to a critical machine can simply hack it with a piece of custom hardware, and that this hack is undetectable and cannot be eliminated other than by replacing the machine.
This is a secret service's Dream Come True, and a complete nightmare for IT caring for sensitive government equipment.
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Jul 2006
Status:
Offline
|
|
Burpethead - since most of the rouge manufacturers are in France, this doesn't seem so serious.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top