[Update: Apple’s OS X Yosemite 10.10.2 Update (see "," 27 January 2015) does prevent the current proof-of-concept Thunderstrike attack from being able to rewrite the boot ROM, but . -Adam]
Researcher and hobbyist Trammell Hudson has demonstrated. Dubbed Thunderstrike, the Thunderbolt-based attack is limited to situations where an attacker has physical access to a Mac and enough time to run it through a reboot and firmware installation cycle. Apple has partially addressed the vulnerability in recently released hardware (the iMac with Retina 5K display and the new Mac mini) and will be rolling out fixes to older hardware in the future.
Two aspects of the Thunderstrike proof-of-concept make it particularly serious. The first and most obvious is that most Macs remain vulnerable, and no antivirus software can help since Thunderstrike completely circumvents the operating system. Second, were Thunderstrike to be used to install malicious code, it would be hidden in a part of the system inaccessible to the user (the boot ROM, which is really a rewritable EEPROM chip) and would persist even if the boot drive were swapped out.
On the plus side, Thunderstrike is just a proof-of-concept right now — the demo shows only that an attack is possible, and doesn’t maliciously modify the boot ROM. Plus, it’s currently specific to particular Macs. But as Hudson notes, weaponization and targeting additional Mac models would be within the means of a dedicated attacker, which is why Apple is taking Thunderstrike seriously.
How Thunderstrike Works -- The deep details of the Thunderstrike attack are extremely complex, so I’ll stick to covering it at a high level. Macs, like all computers, have firmware that swings into action when you push the power button, booting up the computer, loading the operating system, initializing hardware, and performing other functions. Some technologies, such as FireWire and Thunderbolt, interact with this firmware at an extremely low level, below Mac OS X itself, for feature and performance reasons.
The Thunderstrike proof-of-concept takes advantage of this trust to replace the contents of the Mac’s boot ROM with the attacker’s own code, effectively embedding it into the Mac’s hardware and making it impossible to remove using standard techniques. The attack works because Apple relies on software checks to confirm the firmware is valid, and Hudson developed techniques to circumvent those checks (and even replace the encryption key).
To take over a Mac, the attacker needs physical access. He then plugs in Thunderstrike-enabled hardware — a modified Thunderbolt-to-Ethernet dongle in the demo — and reboots the Mac, triggering the process that replaces the firmware with malicious code. That’s it.
Hardware attacks like this aren’t new. There are actually a number of ways to leverage physical hardware access to compromise a computer. For example, FireWire supports something called Direct Memory Access (DMA) which has, at times, allowed attackers to plug into the FireWire port and directly read and manipulate memory (this fact was used in the famous FireStarter hack at MacHack a dozen years ago — see “,” 1 July 2002). I even once designed an attack against my Commodore 128 by reprogramming the firmware on my external floppy disk drive; luckily, it seems my 14-year-old self lacked the technical skills to make it work, leaving the world safe.
Most of these sorts of hardware attacks are limited in the sense that they modify memory or the operating system, not the boot firmware, which is one of the most difficult parts of a computer to fix. Firmware malware may not be common, but it’s such a concern that some of my enterprise clients bring only disposable hardware when traveling to certain countries.
Thunderstrike is particularly interesting because of Hudson’s innovative techniques and because the basics of the attack may lend themselves to combinations with other techniques that could circumvent Apple’s current round of fixes.
Who Thunderstrike Could Affect -- While all Macs are technically vulnerable to the Thunderstrike attack, few TidBITS readers face any immediate risk. The attack is highly targeted — someone needs both physical access to your Mac and time to reboot it and reinstall the firmware. On top of that, it isn’t like everyone is walking around with maliciously modified Thunderbolt dongles. This focuses the risk on three situations:
International business travelers who may be attacked when giving up physical control of their Macs at customs, or when leaving their computers in hotel rooms in potentially hostile areas. My security work means I fall into this group, so I have taken some extreme precautions over the years to prevent this sort of physical attack.
Unattended Macs at kiosks or in computer labs.
Anyone in a hostile living situation.
There’s also always the chance an attack could be aimed at retail hardware somewhere in the supply chain, as we’ve seen with malware on digital photo frames, but this is likely a low risk since Apple is already closing the vulnerability.
Aside from updating your Mac when firmware updates appear, your best defense is to maintain physical control of your computer at all times. This might sound extreme, but there are places I travel where I won’t even bring my Mac for fear of it being compromised while crossing the border. Again, almost no one reading this article is at risk.
Firmware attacks have existed for many years, and if recent security conference agendas are any indication, we’re likely to see more of them in the future. Fortunately, they are self-limiting due to the need for physical access, but for those at risk, they remain extremely concerning.