If you think your Mac is a lot more secure than a PC, you’re not alone — but you may not be as correct as you thought. Kim Zetter reports for Wired that even though most people think that a Mac’s firmware is a lot more locked-down than a PC’s, two researchers have found that several known vulnerabilities that affect top PC makers’ firmware can also hit the firmware of Macs. And for the first time, they have designed a proof-of-concept worm that would enable a firmware attack to spread automatically from MacBook to MacBook, even if they aren’t networked.
The attack would enable a hacker to remotely target computers with malware that would both go undetected by security scanners and would afford the attacker a persistent hold on a system, even when it undergoes firmware and operating system updates. Because firmware updates require the assistance of the existing firmware to install, any malware in the firmware could block updates from being installed or write itself to a new update. Zetter reports that the only way to eliminate malware that’s embedded in a computer’s main firmware would be to re-flash the chip that contains the firmware.
Xeno Kovah, one of the researchers who designed the worm, told Wired that the attack is “really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware.” Kovah adds, “For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”
The research was conducted by Kovah, who owns firmware security consultancy LegbaCore, and Trammell Hudson, a security engineer with Two Sigma Investments. Zetter reports that this is the kind of attack that intelligence agencies, like the NSA, covet. Documents released by Edward Snowden, coupled with research from Kaspersky Lab, indicate that the NSA has already developed sophisticated techniques for hacking firmware.
A computer’s firmware is the software that boots the computer and launches its operating system. It’s possible to infect the firmware with malware because most companies don’t cryptographically sign the firmware embedded in their systems or firmware updates, and don’t include authentication functions that would prevent anything but legitimate, signed firmware from being installed on the system. Malware hidden in the firmware operates below the level where security products operate, which leaves it undetected. There’s also no easy way for users to examine the firmware to determine whether it’s been infected, and because the firmware goes untouched even if the operating system is wiped and reinstalled, firmware that is infected can remain infected even through serious attempts to eradicate the malicious code.
Last year, Kovah and Corey Kallenberg, his partner at Legbacore, uncovered firmware vulnerabilities that affected 80% of PCs that they examined — including ones from Dell, HP, Lenovo, and Samsung. The vulnerabilities allowed the researchers to reflash the firmware to plant malicious code. When they investigated if the same vulnerabilities applied to Apple firmware, they found that five out of six did. In the case of at least one vulnerability, there were protections that Apple could have implemented, but didn’t, to prevent an attacker from updating the Mac code. The researchers notified Apple, which has already fully patched one vulnerability and partially patched another. Three remain unmatched.
Using the vulnerabilities, the researchers created a proof-of-concept worm they call Thunderstrike 2. It can spread between Macs undetected, infects the firmware in just seconds, and the attack can be carried out remotely. It spreads by infecting the option ROM on peripheral devices; the malware could first compromise a MacBook via a phishing email and a malicious website, and then infect any peripherals connected to the computer, like a Thunderbolt Ethernet adapter. The worm would spread to any other computer where the peripheral is connected. Zetter reports that one way for attackers to infect computers would be sell infected Ethernet adapters on eBay, or infect them in a factory.
Currently, no security products check the option ROM on Ethernet adapters and other devices, so attackers could move a worm between machines. At an upcoming talk at the Black Hat security conference, the researchers plan to release some tools that will enable users to check the option ROM on their devices, but the tools aren’t able to check the boot flash firmware on machines.
Hardware makers could guard against firmware attacks by cryptographically signing their firmware and firmware updates, and adding authentication capabilities to enable devices to verify these signatures. They could also add a write-protect switch, which would prevent unauthorized parties from flashing the firmware. But Zetter notes that though these measures would guard against low-level hackers, well-resourced attackers could still steal a hardware maker’s master key in order to sign the malicious code and bypass the protections.
Another precaution could involve hardware makers giving users the ability to read their machine’s firmware to see if it’s changed since installation. But Zetter says that’s less likely, reporting that “hardware makers aren’t implementing these changes because it would require re-architecting systems, and in the absence of users demanding more security for their firmware, hardware makers aren’t likely to make the changes on their own.”