According to researcher Trammell Hudson is possible to bypass the control that uses Apple EFI (Extensible Firmware Interface) firmware updates. This can add an attacker with physical access of malicious code to the firmware on the ROM of the motherboard, creating a new class of firmware boat kits for Macbooks. The firmware is not cryptographically checked during boot, so the malicious code from the beginning has full control over the system.
Hudson developed a "proof of concept" bootkit Apple's public RSA key in replacing the firmware and prevents attempts to replace the malicious code. Since the boot firmware is independent of the operating system, the bootkit continues after a reinstallation of the operating system to exist. Replacing the hard drive also has no effect. Only through a programming device, the original firmware can be restored.
The researcher notes that can be adjusted by the bootkit and can spread further as the firmware of other Thunderbolt devices. "Although the two year old Thunderbolt firmware leak that this attack used a firmware patch to remedy is the bigger problem of Apple's EFI firmware security and secure booting without solving difficult trusted hardware." Hudson will during his presentation at the CCC conference give more details.
No comments:
Post a Comment