Hardware New Apple Macs Vulnerable to Thunderstrike Bootkit via Thunderbolt Published 4 years ago on December 28, 2014 By Neil Sardesai Back in 2011, Apple introduced Thunderbolt, a new I/O technology co-developed with Intel that promised speeds way faster than existing technologies like USB and FireWire. Since then, Thunderbolt has come standard on all Macs, enabling support for high-performance peripherals like Apple’s Thunderbolt Display. However, security researcher Trammell Hudson has discovered a vulnerability in Apple’s EFI that can allow a malicious Thunderbolt device to flash its own code to the boot ROM (read-only memory). This type of low-level malware, called a “bootkit,” would be very difficult to remove or even detect. Hudson has developed a proof of concept bootkit called “Thunderstrike,” and will demonstrate it at the 31C3 conference on December 29th. Also read: Watch A Tiny USB Necklace Called “usbdriveby” Hack Into Your Computer Thunderstrike: Another Thunderbolt Vulnerability Thunderstrike requires physical access to the computer, since it uses Thunderbolt as the attack vector. The vulnerability allows for persistent firmware modifications into the EFI boot ROM. Since the malware would operate at such a low, near-hardware level, reinstalling OS X would not remove the bootkit. Replacing the hard drive wouldn’t work either. Furthermore, once installed, the bootkit could be nearly impossible to detect. “There are neither hardware nor software cryptographic checks at boot time of firmware validity, so once the malicious code has been flashed to the ROM, it controls the system from the very first instruction. It could use SMM, virtualization and other techniques to hide from attempts to detect it.” Hudson’s proof of concept also replaces Apple’s public RSA key in the ROM. This means that the bootkit could deny firmware updates from Apple, as only updates signed with the bootkit’s private key would be accepted. The bootkit can also record the password entered to decrypt an encrypted boot volume, which can be used by the attacker to gain access into a FileVault-protected hard drive. What’s even more alarming is that Thunderstrike relies in part on an unpatched Thunderbolt vulnerability known for two years. What Can Mac Owners Do About Thunderstrike Right Now? Not Much. Encrypting the hard drive obviously has no effect, since the malware wouldn’t be on the hard drive anyway. Macs also support firmware passwords, which prevent the computer from booting into a drive other than the one preinstalled in the computer, booting into single user mode, booting into target disk mode, or resetting the PRAM without a password. However, the Option ROM on the rogue Thunderbolt device is loaded before the firmware password is checked, so a firmware password is no help either. In fact, once the bootkit is installed, it can clear the firmware password. Interestingly, the same technique of installing Thunderstrike can’t be used to replace the modified boot ROM with a clean copy since Hudson’s proof of concept patches the vulnerability as part of replacing the boot ROM. “A machine infected by the proof-of-concept is no longer vulnerable to itself.” So at this point, it seems like the best Mac owners can do is watch out for who has physical access to their computers (or smash the Thunderbolt ports if you’re really paranoid). That being said, there are currently no known Mac bootkits “in the wild” aside from Thunderstrike. And since Thunderstrike is mainly a proof of concept, it doesn’t do anything particularly malicious other than changing the firmware lock screen logo. “While the two year old Thunderbolt Option ROM vulnerability that this attack uses can be closed with a few byte patch to the firmware, the larger issue of Apple’s EFI firmware security and secure booting without trusted hardware is more difficult to fix.” More details regarding Thunderstrike will be presented at 31C3. Images from Shutterstock and Trammel Hudson. Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink. Rate this post: Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (0 votes, average: 0.00 out of 5)You need to be a registered member to rate this. Loading... Neil Sardesai I've always been interested in the latest stuff in science and technology, and I'm currently a freshman undergraduate electrical engineering student at the University of Texas at Austin. Follow @HackedCom Feedback or Requests? Related Topics:AppleEditor's PickThunderbolt IOThunderstrike Up Next 31st Chaos Communication Congress Offers Confirmation, Shocks Don't Miss Ur/Web, A Simple and Powerful Language For Secure Web Applications You may like Pre-Market: Asia Extends Losses as Apple’s Keynote in Focus Pre-Market: Dollar Rallies on Hawkish Fed, Turkish Lira Hits Record Low Apple Earnings Beat Outweighs Trade War Fears as Fed Looms Nasdaq Leads Stocks Lower as Dollar Retreats Before Central Bank Bonanza Tech Titans Bullish on Bitcoin Pre Market: Dollar Up, Stocks Flat as Trump Now Targets OPEC 6 Comments 6 Comments somebody December 28, 2014 at 9:26 am Ha ha! Log in to Reply Timo Bilderberg December 28, 2014 at 9:24 pm Got goxxed Log in to Reply tronspecial December 29, 2014 at 7:58 pm So … why doesn’t “someone” develop a non-malicious version of this, which fixes the vulnerability (as described in the article) without actually breaking anything else? Log in to Reply tronspecial December 29, 2014 at 7:58 pm (and sell it for much profit to paranoid mac owners) Log in to Reply PacketWraith January 2, 2015 at 2:04 pm I hope this doesn’t surprise anyone. I am a Mac guy, I love my mac book pro. But I am in security too, and for years no one would even hear tale of Mac was vulnerable to a host of things. In my mind, this means 2 things. 1. Mac has finally gained enough market share that people are taking the threat seriously. 2. Apple may finally have to pay attention and start fixing these things. Log in to Reply ł January 2, 2015 at 4:04 pm Hello , such treacherous loopholes exist for a precise purpose , no honest company really caring about its customers security properly would leave its users Computer·arseholes that wide open . Please , for your own good , picture now an Apple going All the Way up , from behind »O and maybe there are more ! Log in to Reply You must be logged in to post a comment Login Leave a Reply Cancel replyYou must be logged in to post a comment. Cybersecurity Israeli Researchers Turn Speakers/Headphones Into Eavesdropping Microphones Published 2 years ago on November 24, 2016 By P. H. Madore In the current age, even the most secure software and the best security practices might not be enough to prevent someone from being spied upon. Researchers continue to find novel and inventive ways to gather more data on everyday computer users, and the latest research from Israel’s Ben Gurion University is exceptional in this regard. Using software alone, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici were able to convert a given pair of headphones or speakers into Orwellian microphones beyond the user’s control or ability to patch. Their method [PDF] exploits a flaw in RealTek hardware chips, which are one of the most widely used chips in motherboards around the world. Companies like Dell, HP, and Compaq regularly utilize RealTek’s industry standard audio chips in their products. Beyond that, motherboards sold to consumers wishing to build their own systems often also include the hardware. A simple patch or firmware upgrade will not fix this flaw, making the exploit particularly delightful to intelligence agencies, profit-motivated hackers (think boardroom conference calls), and others. Basically, anywhere a computer has an audio output, which in the case of laptops is everywhere, audio can now be intercepted and then relayed with roughly the same quality as if a microphone itself had been compromised. The images of people like Mark Zuckerberg covering up their webcam and microphone with electrical tape now seem trivial. Jack re-tasking – the process of converting an output jack to either an input or a two-way port – has long been a possibility, but few developers make use of it. Most laptops and desktops will have separate ports for each, while smartphones and the like often require hardware that can do both. But the innovation on the part of Ben Gurion’s researchers involves making any regular output hardware capable of doing as much with only software. They write: The fact that headphones and earphones are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically from output to input, creates a vulnerability which can be abused by hackers. The researchers noticed that the design of most audio input and output hardware was basically identical at the metal, drawing the following illustration for clarification: Source: Ben-Gurion University of the Negev Cyber Security Research Center One saving grace is that the audio output device must be “passive,” or unpowered. This means that if your speakers require power to work, they are not currently able to use these to listen to you. However, the vast majority of laptop speakers and earbuds are, by nature and necessity, passive. The researchers note that while they focused on RealTek codec hardware because of their popularity, other manufacturers also have the ability to retask jacks, which is the heart of the exploit. While this may seem scary at first, it should be noted that, like anything else on your computer, audio input and output are data. They can therefore be encrypted with keys that are local to the machine, and it would seem that this new exploit opens up a new avenue of research for cryptographic researchers to institute audio encryption in the same way that full-disk encryption has become normalized. Here is a demonstration of the method in action: Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink. Rate this post: Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (0 votes, average: 0.00 out of 5)You need to be a registered member to rate this. Loading... P. H. Madore 5 stars on average, based on 2 rated postsP. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link Follow @HackedCom Feedback or Requests? Continue Reading Electronics Chinese Physicists Achieve Record-Breaking Quantum Cryptography Breakthrough Published 2 years ago on November 4, 2016 By Giulio Prisco Researchers at the University of Science and Technology of China and other Chinese labs, with the collaboration of a lab in the US, have implemented a secure quantum protocol known as Measurement-Device-Independent Quantum Key Distribution (MDIQKD), suitable for practical networks and devices, over a distance of 404 km. The breakthrough, which doubles the previous MDIQKD record, opens the door to secure wide area quantum communication networks. (more…) Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink. Rate this post: Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (0 votes, average: 0.00 out of 5)You need to be a registered member to rate this. Loading... Giulio Prisco Giulio Prisco is a freelance writer specialized in science, technology, business and future studies. Follow @HackedCom Feedback or Requests? Continue Reading Electronics Dot: Precision Tracking Hardware Makes Your Smartphones Smarter Published 2 years ago on September 24, 2016 By Rebecca Campbell A team of five Berkeley engineers has developed a new hardware product that utilizes precision location tracking to make smartphone notifications highly intelligent and contextual. In the technology-minded world that we live in it’s nearly impossible to walk down the street without encountering someone on their phone. However, with the amount of information that we store in our phones it can be difficult to filter out what’s important and what’s not. This is where Dot enters the scene. Developed by startup Iota Labs, Dot is a physical push notification that informs your smartphone where you are so that it can determine your patterns and behaviors in the locations that make up your world. This could be your living room, bedroom, place of work, car, or garage. The team behind the creation have made it so that it serves a dual purpose. The first is to provide ultra-precise location data to your smartphone. The second is to permit users to create extensible, interactive interfaces anywhere. Speaking to Hacked, Rahul Ramakrishnan, co-founder of Iota Labs, said that the idea behind Dot came up over a year ago through a combination of two events. The first was when he and a fellow co-founder of Iota Labs were at a restaurant and witnessed a family constantly checking their phones instead of paying attention to each other. He said: Then we watched 2001: A Space Odyssey with Hal 9000 and thought that it would be awesome if there was some sort of personal secretary that streamlines your life and your phone. After getting into the Foundry in October 2015, a startup accelerator on Berkeley’s campus focused on hardware startups, the team at the time were only undergraduate students where they received some funding from the Foundry team to make their idea a possibility. From October to May, the team focused on the product development and from June 2016 they turned their attention to their Kickstarter campaign for an August launch. At the close of their Kickstarter campaign yesterday, the team managed to raise over $115,000 with more than 1,700 backers, and according to Ramakrishnan, nearly 5,000 units have been pre-ordered. He said: Our product is out there and people seem to like [it]. How Does It Work? While the idea behind Dot may not have taken long to design, the execution of it took the team around nine months to make in order to achieve the small size of it. Within the small piece of hardware, though, is a Bluetooth low energy chip and LED. Due to the proximity sensor within the Dot, it can track your location within 200 feet of range of your smartphone as it communicates with iOS and Android apps. According to Ramakrishnan, the Dot acts as a beacon that triggers functions on a smartphone such as notifications or app launching. A smartphone can also communicate to the Dot by turning on the LED to different colors or changing the blink rates, based on what is set on the app. Ramakrishnan added: All of this occurs when you are within range of a Dot and triggers actions on your phone, making it contextual and intelligent. What Does It Do? As most people tend to have different uses for their phone, the team at Dot realized that they needed to ensure that Dot was equipped with an endless amount of applications to fulfil people’s needs. Some of the applications Dot has are: digital post-it notes, which allows you to post a message on a Dot for another person to see when they come in range; smart home control that gives you control over your home devices such as turning a light on or off; contextual app launching that enables the Dot to open up apps on your smartphone that you utilize frequently in certain areas; location notification, which allows a Dot to enable a smartphone to send you updates when you walk into a new area; and LED colour changes, which permits a Dot to track certain reminders based on the color of the dot. The team is hoping that with the use of the Dot it will help to streamline people’s lives by eliminating the clutter that a smartphone provides. Ramakrishnan stated: This will free the user to take action only when it’s readily available based on where they are and what they are doing rather than being overwhelmed with all of their tasks that are on their phone. Not only that, but compared to many things available the Dot is considerably cheaper that adds to the functionality and ease of existing technology. The smart home is dominated by these $200 devices like Philips Hue light bulbs and Nest thermostats that don’t know who you are, where you are, and what you are doing. With just a $25 Dot, all of these questions can be answered and can greatly improve the experience of the smart home without any additional user input. Ramakrishnan added that every notification you receive from Dot means that it’s important. “You don’t have to sort through your notifications any longer. With Dot, we make your smartphone smarter.” The team is expecting to ship Dot’s to their Kickstarter backers in March 2017 with pre-orders still accepted on the website. Featured image and story images from Iota Labs. Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink. Rate this post: Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (0 votes, average: 0.00 out of 5)You need to be a registered member to rate this. Loading... Rebecca Campbell Follow @HackedCom Feedback or Requests? Continue Reading Recent CommentsAceBreakz on Monero Price Analysis: XMR/USD is Stable and Gunning for Potential Gains on “Bulletproofs” Technology Update DayChris G on Crypto Update: Altcoin Market Cap on the Verge of Trend Reversaldavidstewartkim on “The Core of Any Blockchain Project is Decentralization” – Jack Zhang, Lightning BitcoinDaniel Won on ICO Analysis: Dusk NetworkSholaO on ICO Analysis: Dusk Network Tron (TRX) Progressing Faster Than Anyone Predicte... Breakout Imminent Ripple Price Analysis: XRP/USD Subject to Pullback... Trade Recommendation: Stellar NEO Price Leapfrogs Market as Technical Article Co... Trade Recommendation: Ripple Market Update: U.S. Stocks Take the Plunge as Chin... Recent Posts Crypto Update: Coins Extend Losses as Bulls Fail to Show Up October 19, 2018 Selloff Resumes as Italian Budget Crisis Deepens October 19, 2018 A Tale of Two Pumps: PIVX and INS Ecosystem in Coordinated 25% Spikes on Bithumb Listing October 19, 2018 Market Update: U.S. Stocks Take the Plunge as China Selloff Intensifies; Crypto Institutional Lending on the Rise October 18, 2018 ICO Analysis: NODVIX October 18, 2018 Gemini Dollar Approaches Parity with USD After Rocketing Higher Earlier in Week October 18, 2018 Pre-Market Analysis And Chartbook: Stocks Turn Lower as Treasury Yields Eye Multi-Year Highs Again October 18, 2018 Monero Price Analysis: XMR/USD is Stable and Gunning for Potential Gains on “Bulletproofs” Technology Update Day October 18, 2018 NEO Price Leapfrogs Market as Technical Article Competition Underway October 18, 2018 Tron (TRX) Progressing Faster Than Anyone Predicted – Including Justin Sun October 18, 2018 A part of CCN Hacked.com is Neutral and Unbiased Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com. Trending Cryptocurrencies1 week ago Monero vs. ZCash: Privacy Coins Compared Analysis7 days ago Bitcoin Update: 2018 and 2014 Bear Market Comparison Altcoins6 days ago Electroneum’s Benchmark Month Sends ETN Coin Price Up 333% Altcoins1 week ago Bribery on Binance? DigiByte’s Jared Tate Blasts CZ Over DGB Listing Demands Altcoins7 days ago Digitex Futures (DGTX) Cements Top 100 Position with 194% Two-Week Growth Analysis1 week ago Crypto Update: Trade Setups for Bitcoin Cash and 0x Altcoins1 week ago Ripple Price Analysis: XRP/USD at Risk of September Bull Run Being Completely Deflated Bitcoin1 week ago Could Bitcoin Challenge Ethereum?