MacOS - Menu Úvod EFI Firmware Hacks Thunderstrike 2 Thunderstrike 1
Thunderstrike 1
Thunderstrike is the name for a class of Apple EFI firmware security
vulnerabilities that allow malicious software or Thunderbolt devices to flash
untrusted code to the boot ROM and propagate via shared devices. It was
presented at 31C3. You can read an annotated version of the presentation or
watch the hour long video. The FAQ answers common questions and I've also
cataloged appearances in the media. There is now a no-hardware-required variant,
Thunderstrike 2, which was presented at DefCon 23 / Blackhat 2015.
Overview
Thunderstrike presentation at 31C3
In this presentation we
demonstrate the installation of persistent firmware modifications into the EFI
boot ROM of Apple's popular MacBooks. The bootkit can be easily installed by an
evil-maid via the externally accessible Thunderbolt ports and can survive
reinstallation of OSX as well as hard drive replacements. Once installed, it can
prevent software attempts to remove it and could spread virally across air-gaps
by infecting additional Thunderbolt devices.
Thunderbolt port
It is possible to use a Thunderbolt Option ROM to circumvent
the cryptographic signature checks in Apple's EFI firmware update routines. This
allows an attacker with physical access to the machine to write untrusted code
to the SPI flash ROM on the motherboard and creates a new class of firmware
bootkits for the MacBook systems.
There are neither hardware nor software cryptographic checks at boot time of firmware validity, so once the malicious code has been flashed to the ROM, it controls the system from the very first instruction. It could use SMM, virtualization and other techniques to hide from attempts to detect it.
8-SOIC boot ROM
Our proof of concept bootkit also replaces Apple's public RSA
key in the ROM and prevents software attempts to replace it that are not signed
by the attacker's private key. Since the boot ROM is independent of the
operating system, reinstallation of OS X will not remove it. Nor does it depend
on anything stored on the disk, so replacing the harddrive has no effect. A
hardware in-system-programming device is the only way to restore the stock
firmware.
Thunderstrike lock screen
Additionally, other Thunderbolt devices' Option
ROMs are writable from code that runs during the early boot and the bootkit
could write copies of itself to new Thunderbolt devices. The devices remain
functional, which would allow a stealthy bootkit to spread across air-gap
security perimeters through shared Thunderbolt devices.
While the two year old Thunderbolt Option ROM vulnerability that this attack uses can be closed with a few byte patch to the firmware, the larger issue of Apple's EFI firmware security and secure booting without trusted hardware is more difficult to fix.
FAQ
The Thunderstrike FAQ page has more detailed questions. If your question isn't
answered there, send email to hudson@trmm.net, preferably with PGP and I'll do
my best to add an answer to your questions to the FAQ.