A security researcher speaking at the Chaos Computer Congress in Hamburg demonstrated a hack that rewrites an Intel Mac’s firmware using a Thunderbolt device with attack code in an option ROM. Known as Thunderstrike, the proof of concept presented by Trammel Hudson infects the Apple Extensible Firmware Interface (EFI) in a way he claims cannot be detected, nor removed by reinstalling OS X.
Since the boot ROM is independent of the operating system, reinstallation of OS X will not remove it. Nor does it depend on anything stored on the disk, so replacing the harddrive has no effect. A hardware in-system-programming device is the only way to restore the stock firmware.
Apple has already implemented an intended fix in the latest Mac mini and iMac with Retina display, which Hudson says will soon be available for other Macs, but appears at this stage to provide only partial protection…
Once installed, the firmware cannot be removed since it replaces Apple’s public RSA key, which means that further firmware updates will be denied unless signed by the attacker’s private key. The hacked firmware can also replicate by copying itself to option ROMs in other Thunderbolt devices connected to the compromised Mac during a restart. Those devices remain functional, making it impossible to know that they have been modified.
The good news is that the attack method requires physical access to your Mac, and Hudson is not aware of any Mac firmware bootkits in the wild. He notes that there is no way to be sure, however.
It was previously suggested that the NSA used similar attack methods, physically intercepting shipments to install bootkits before computers reach their buyers. Once out in the wild, the hacked firmware could be easily spread by something as seemingly innocuous as a Thunderbolt monitor in a hotel business center.
The slides from Hudson’s presentation are available on Flickr, and a video is now available. Hudson says that he has been in contact with Apple regarding EFI vulnerabilities, and that his slides provide sufficient ‘pseudo-code’ to allow others to verify the hack without making it too easy for others to exploit.
The presentation follows an earlier one in which the hacker who last year used lifted fingerprints to fool Touch ID suggested that it may be possible to repeat the attack using only a photograph of a finger.