New Apple Macs Vulnerable to Thunderstrike Bootkit via Thunderbolt
Back in 2011, Apple introduced Thunderbolt, a new I/O technology co-developed with Intel that promised speeds way faster than existing technologies like USB and FireWire. Since then, Thunderbolt has come standard on all Macs, enabling support for high-performance peripherals like Apple’s Thunderbolt Display.
However, security researcher Trammell Hudson has discovered a vulnerability in Apple’s EFI that can allow a malicious Thunderbolt device to flash its own code to the boot ROM (read-only memory). This type of low-level malware, called a “bootkit,” would be very difficult to remove or even detect. Hudson has developed a proof of concept bootkit called “Thunderstrike,” and will demonstrate it at the 31C3 conference on December 29th.
Thunderstrike: Another Thunderbolt Vulnerability
Thunderstrike requires physical access to the computer, since it uses Thunderbolt as the attack vector. The vulnerability allows for persistent firmware modifications into the EFI boot ROM. Since the malware would operate at such a low, near-hardware level, reinstalling OS X would not remove the bootkit. Replacing the hard drive wouldn’t work either. Furthermore, once installed, the bootkit could be nearly impossible to detect.
“There are neither hardware nor software cryptographic checks at boot time of firmware validity, so once the malicious code has been flashed to the ROM, it controls the system from the very first instruction. It could use SMM, virtualization and other techniques to hide from attempts to detect it.”
Hudson’s proof of concept also replaces Apple’s public RSA key in the ROM. This means that the bootkit could deny firmware updates from Apple, as only updates signed with the bootkit’s private key would be accepted. The bootkit can also record the password entered to decrypt an encrypted boot volume, which can be used by the attacker to gain access into a FileVault-protected hard drive. What’s even more alarming is that Thunderstrike relies in part on an unpatched Thunderbolt vulnerability known for two years.
What Can Mac Owners Do About Thunderstrike Right Now? Not Much.
Encrypting the hard drive obviously has no effect, since the malware wouldn’t be on the hard drive anyway. Macs also support firmware passwords, which prevent the computer from booting into a drive other than the one preinstalled in the computer, booting into single user mode, booting into target disk mode, or resetting the PRAM without a password. However, the Option ROM on the rogue Thunderbolt device is loaded before the firmware password is checked, so a firmware password is no help either. In fact, once the bootkit is installed, it can clear the firmware password. Interestingly, the same technique of installing Thunderstrike can’t be used to replace the modified boot ROM with a clean copy since Hudson’s proof of concept patches the vulnerability as part of replacing the boot ROM.
“A machine infected by the proof-of-concept is no longer vulnerable to itself.”
So at this point, it seems like the best Mac owners can do is watch out for who has physical access to their computers (or smash the Thunderbolt ports if you’re really paranoid). That being said, there are currently no known Mac bootkits “in the wild” aside from Thunderstrike. And since Thunderstrike is mainly a proof of concept, it doesn’t do anything particularly malicious other than changing the firmware lock screen logo.
“While the two year old Thunderbolt Option ROM vulnerability that this attack uses can be closed with a few byte patch to the firmware, the larger issue of Apple’s EFI firmware security and secure booting without trusted hardware is more difficult to fix.”
More details regarding Thunderstrike will be presented at 31C3.
Images from Shutterstock and Trammel Hudson.