Highly persistent Mac OS X firmware bootkits can be installed on Apple computers, giving attackers full control of the device, a researcher has warned.
At the Chaos Communication Congress (31C3) that took place in Germany in late December, researcher Trammell Hudson demonstrated the capabilities of an experimental piece of malware that can be installed on the EFI (Extensible Firmware Interface) boot read-only memory (ROM) of Apple MacBooks through the Thunderbolt port.
Dubbed “Thunderstrike” by the expert, the bootkit can be installed within minutes by an attacker who has physical access to the targeted device (i.e. an “evil maid” attack). The threat is also capable of copying itself to Thunderbolt devices connected to the initially infected machine, which enables it to easily spread to other computers.
Thunderstrike doesn’t have a malicious payload, but the researcher says a weaponized version of the bootkit would be highly dangerous. First of all, it would be difficult to detect because there are no systems in place for identifying firmware rootkits on OS X. Furthermore, the malware is stealthy because it can hide by leveraging the system management mode (SMM).
In addition to being difficult to detect, the bootkit is difficult to remove. Reinstalling OS X doesn’t help because the threat is independent of the operating system, and replacing the hard drive is useless because none of the malware’s components are stored on it. Attempts to replace the firmware by using regular methods are made ineffective by Thunderstrike since it changes the RSA public keys in the boot ROM. Hudson noted that firmware passwords do not prevent this type of attack.
Once installed, the bootkit controls the system from the first instruction, which enables it to inject backdoors into the OS X kernel, log keystrokes, and perform other malicious tasks on behalf of its master.
The experimental OS X firmware bootkit developed by Hudson has been successfully tested on MacBooks, but it also works on Mac Mini and iMac with Retina display devices.
Hudson says he’s not aware of any such Mac OS X firmware bootkits in the wild.
“Apple has a partial fix that they have started shipping in the new Mac Mini’s and iMac Retinas, and they plan to release it for older Macs soon as a firmware update. Their fix is to not load Option ROMs during firmware updates, which is effective against the current proof-of-concept,” the expert said.
“However… it is not a complete fix. Option ROMs are still loaded on normal boots, allowing snare’s 2012 attack to continue working. Older Macs are subject to downgrade attacks by ’updating’ to a vulnerable firmware version,” he noted.
Hudson is not the only one who presented firmware attacks at the 31C3 security conference. Researchers Rafal Wojtczuk and Corey Kallenberg disclosed several serious UEFI vulnerabilities affecting various vendors.
Additional technical details on the Thunderstrike OS X firmware bootkit are available on Hudson’s blog.