Thunderstrike Proof-of-Concept Attack Serious, but Limited
[Update: Apple’s OS X Yosemite 10.10.2 Update (see “Apple Releases OS X 10.10.2, iOS 8.1.3, and Apple TV 7.0.3,” 27 January 2015) does prevent the current proof-of-concept Thunderstrike attack from being able to rewrite the boot ROM, but pre-Yosemite Macs remain vulnerable. -Adam]
Researcher and hobbyist Trammell Hudson has demonstrated an extremely serious, and fascinating, hardware attack against Macs. Dubbed Thunderstrike, the Thunderbolt-based attack is limited to situations where an attacker has physical access to a Mac and enough time to run it through a reboot and firmware installation cycle. Apple has partially addressed the vulnerability in recently released hardware (the iMac with Retina 5K display and the new Mac mini) and will be rolling out fixes to older hardware in the future.
Two aspects of the Thunderstrike proof-of-concept make it particularly serious. The first and most obvious is that most Macs remain vulnerable, and no antivirus software can help since Thunderstrike completely circumvents the operating system. Second, were Thunderstrike to be used to install malicious code, it would be hidden in a part of the system inaccessible to the user (the boot ROM, which is really a rewritable EEPROM chip) and would persist even if the boot drive were swapped out.
On the plus side, Thunderstrike is just a proof-of-concept right now — the demo shows only that an attack is possible, and doesn’t maliciously modify the boot ROM. Plus, it’s currently specific to particular Macs. But as Hudson notes, weaponization and targeting additional Mac models would be within the means of a dedicated attacker, which is why Apple is taking Thunderstrike seriously.
How Thunderstrike Works — The deep details of the Thunderstrike attack are extremely complex, so I’ll stick to covering it at a high level. Macs, like all computers, have firmware that swings into action when you push the power button, booting up the computer, loading the operating system, initializing hardware, and performing other functions. Some technologies, such as FireWire and Thunderbolt, interact with this firmware at an extremely low level, below Mac OS X itself, for feature and performance reasons.
The Thunderstrike proof-of-concept takes advantage of this trust to replace the contents of the Mac’s boot ROM with the attacker’s own code, effectively embedding it into the Mac’s hardware and making it impossible to remove using standard techniques. The attack works because Apple relies on software checks to confirm the firmware is valid, and Hudson developed techniques to circumvent those checks (and even replace the encryption key).
To take over a Mac, the attacker needs physical access. He then plugs in Thunderstrike-enabled hardware — a modified Thunderbolt-to-Ethernet dongle in the demo — and reboots the Mac, triggering the process that replaces the firmware with malicious code. That’s it.
Hardware attacks like this aren’t new. There are actually a number of ways to leverage physical hardware access to compromise a computer. For example, FireWire supports something called Direct Memory Access (DMA) which has, at times, allowed attackers to plug into the FireWire port and directly read and manipulate memory (this fact was used in the famous FireStarter hack at MacHack a dozen years ago — see “The MacHax Best Hack Contest 2002,” 1 July 2002). I even once designed an attack against my Commodore 128 by reprogramming the firmware on my external floppy disk drive; luckily, it seems my 14-year-old self lacked the technical skills to make it work, leaving the world safe.
Most of these sorts of hardware attacks are limited in the sense that they modify memory or the operating system, not the boot firmware, which is one of the most difficult parts of a computer to fix. Firmware malware may not be common, but it’s such a concern that some of my enterprise clients bring only disposable hardware when traveling to certain countries.
Thunderstrike is particularly interesting because of Hudson’s innovative techniques and because the basics of the attack may lend themselves to combinations with other techniques that could circumvent Apple’s current round of fixes.
Who Thunderstrike Could Affect — While all Macs are technically vulnerable to the Thunderstrike attack, few TidBITS readers face any immediate risk. The attack is highly targeted — someone needs both physical access to your Mac and time to reboot it and reinstall the firmware. On top of that, it isn’t like everyone is walking around with maliciously modified Thunderbolt dongles. This focuses the risk on three situations:
- International business travelers who may be attacked when giving up physical control of their Macs at customs, or when leaving their computers in hotel rooms in potentially hostile areas. My security work means I fall into this group, so I have taken some extreme precautions over the years to prevent this sort of physical attack.
- Unattended Macs at kiosks or in computer labs.
-
Anyone in a hostile living situation.
There’s also always the chance an attack could be aimed at retail hardware somewhere in the supply chain, as we’ve seen with malware on digital photo frames, but this is likely a low risk since Apple is already closing the vulnerability.
Aside from updating your Mac when firmware updates appear, your best defense is to maintain physical control of your computer at all times. This might sound extreme, but there are places I travel where I won’t even bring my Mac for fear of it being compromised while crossing the border. Again, almost no one reading this article is at risk.
Firmware attacks have existed for many years, and if recent security conference agendas are any indication, we’re likely to see more of them in the future. Fortunately, they are self-limiting due to the need for physical access, but for those at risk, they remain extremely concerning.
When I decided to get rid of my PC, I assumed Mac products were safe and were not vulnerable to hacks, viruses, or becoming slow. I use detoxmymac so this should keep me clean from the Thunderstrike malware. All these hackings lately are quite scary!
No, there's no software that can protect from Thunderstrike-type attacks because they happen at a level lower than the operating system. As a result, detoxymymac and all other antivirus software is completely ineffective.
If the problem is caused by a thunderbolt device, couldn't it just as easily be remedied by software running on a thunderbolt device?
In theory, yes, but it's not a likely approach. Someone (Apple seems unlikely) would have to come up with a specific Thunderbolt dongle that would reinstall the proper boot ROM code using the same vulnerability. Apple's desire is undoubtedly to tweak the firmware to close the hole to begin with.
Actually, in theory no. Once you have malicious firmware, it can resist attempts to replace it, such as claiming to have been updated, but discard the update.
A good point, and yet another reason why this countermeasure is unlikely.
This article concerns me because it sounds similar to what I have been experiencing. Within about 5 to 10 minutes after starting my computer, my computer restarts on it's own. Then I get a message saying there was a problem. I allow it to restart and then report it to Apple. Does this problem seem related to Thunderstrike?
No, as worrying as I'm sure that it, it's highly unlikely to be related to Thunderstrike in any way, since Thunderstrike is just a proof-of-concept attack that just came out. If you were a high-level corporate or government target, I would encourage some forensic investigation of your Mac, but it's far more probable that you're seeing a problem related to failing hardware, such as a bad memory DIMM or other heat-related issue. Your computer is warming up in that first 5-10 minutes, and if that causes a connection to expand and lose connectivity, that could cause the crashes and reboots, although at that point, you'd expect another reboot nearly immediately after the first one, since the heat problem is still present.
It's also entirely possible that it could be a software problem - try setting up and logging in to a different account to see if that makes a difference, or boot from an external hard disk. If either of those works, you know the problem is not related to hardware, but to some software on the disk.
Does having a firmware password set provide any protection?
No, according to Hudson, that doesn't help at all.
One attack vector that occurs to me is the sale of low-priced third-party Thunderbolt adapters. Surely a company could start selling a 99p Thunderbolt ethernet adapter that infects the target Mac. They could make up the loss on the adapter through key logging. Such an adapter would be attractive to someone on eBay trying to avoid Apple's pricing, and difficult to detect.
Yes, that seems like a plausible approach; the question would be if they could figure out a way to monetize such an approach while remaining sufficiently anonymous to avoid being shut down by authorities. That seems much harder, especially if eBay or the like is required as a distributor.
It seems overall that this is an Intel chipset vulnerability, correct? Though the most common target would be the Mac using the Thunderbolt vector, since few PCs have Thunderbolt.
On, say, a current MacBook Pro with Retina, what could a firmware takeover accomplish? How big is the eeprom? Let's assume the MPB is FileVaulted and turned off when the bad guy gets it. The new firmware could access keystrokes, but could it transparently send them somewhere? Is there enough room to build an OS that looks enough like the normal firmware a user wouldn't notice, and also have a network stack? Or does there need to be malware inserted at the OS level, too, for this to really work?
It's hard to know, but this is how Trammell Hudson ended his talk:
"It controls the system from the very first instruction, which allows it to log keystrokes, including disk encryption keys, place backdoors into the OS X kernel and bypass firmware passwords. It can't be removed by software since it controls the signing keys and update routines. Reinstallation of OS X won't remove it. Replacing the SSD won't remove it since there is nothing stored on the drive.
"It could also be very stealthy and hide in system management mode, through virtualization or possibly in the Management Engine (although there is lots of work to be done there). It can spread virally through shared Thunderbolt devices and infect new ones that it encounters."
OS X Yosemite 10.10.2 Update hardens 2013 Macs against Thunderstrike, but pre-Yosemite Mac remain vulnerable. See https://trmm.net/Thunderstrike_FAQ#Is_Thunderstrike_fixed_in_10.10.2.3F
Regarding firmware hacks in general - is there a viable straight-forward way to check if a Mac's firmware has been modified? This type of issue makes me not want to buy used Mac machines...
I think the likelihood of anyone having the technical chops to modify firmware and then sell a used Mac as a way of stealing information from a random buyer is so low that it's not worth worrying about.