Linked by Thom Holwerda on Thu 1st Jan 2015 13:08 UTC
Privacy, Security, Encryption

This is an annotated version of my 31C3 talk on Thunderstrike, a significant firmware vulnerability in Apple's EFI firmware that allows untrusted code to be written to the boot ROM and can resist attempts to remove it.

Very detailed write-up on this remarkable vulnerability.

Thread beginning with comment 602341
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Bad link
by benjymouse on Fri 2nd Jan 2015 21:21 UTC in reply to "Bad link"
benjymouse
Member since:
2011-08-06

Using secure boot to protect malware from the legitimate OS/user ... ingenious!



There is no Secure Boot (at least, not in the UEFI specification term) involved here. Apple is not using UEFI Secure Boot.

What Apple has is a firmware upgrade procedure that requires the update to be signed using a private key where the public complement is in the computer ROM - so that it can verify firmware upgrades as legitimate (signed) before acting on them.

What this attacks does is that it allows any rogue (or even subverted) thunderbolt device to *replace* the public key. This allows the attacker to perform a (malicious) firmware upgrade at a later point in time, of his choosing. At the same time it effectively *totally* shuts out any Apple issued firmware upgrades as they are no longer signed using the "correct" key.

This is not secure or insecure boot. This is about *completely* taking over the machine. Infection comes from the very firmware, so reinstalling the OS will not help. Firmware upgrades will be rejected. If the attacker is competent enough he can even shut out the thunderbolt vector to avoid anyone using the same vuln to revert the machine.

If anyone figures out a way to program the option ROM of popular thunderbolt devices so that the machine will be reverted on next boot, this could get very nasty.

I have no idea about the penetration of thunderbolt devices. If it's low the vector may only get used for very targeted attacks and not broad trawling.

Reply Parent Score: 4

RE[2]: Bad link
by Alfman on Sat 3rd Jan 2015 00:34 in reply to "RE: Bad link"
Alfman Member since:
2011-01-28

benjymouse,

There is no Secure Boot (at least, not in the UEFI specification term) involved here. Apple is not using UEFI Secure Boot.

What Apple has is a firmware upgrade procedure that requires the update to be signed using a private key where the public complement is in the computer ROM - so that it can verify firmware upgrades as legitimate (signed) before acting on them.


I guess you are right, apple does not use secure boot. Apple is a UEFI member, do you know why they decided to keep using their own mechanism rather than to use secure boot? Their approach seems less secure. In any case it's still ironic that a security mechanism designed to protect the system from malware can be exploited by said malware to protect itself.

Reply Parent Score: 2

RE[3]: Bad link
by benjymouse on Sat 3rd Jan 2015 16:33 in reply to "RE[2]: Bad link"
benjymouse Member since:
2011-08-06

Apple is a UEFI member, do you know why they decided to keep using their own mechanism rather than to use secure boot?


I have no idea. I could guess, though: One one hand it would be a no-brainer, since Apple has tight control with HW as well as OS and bootload'er.

On the other hand there is more to designing a *secure* Secure Boot system than simply signing a bootload'er. The signature must span *all* resources used during boot, i.e. not just executables but also scripts, config files etc; basically anything that could be used to divert the regular boot process.

Windows has all core OS components in "signed cabinet" files - i.e. executable files, drivers, config files, policies etc. AFAIK even the Linux distros that support Secure Boot has not solved the "sign everything" problem and thus could be just as vulnerable as before. I suspect that OS X has a similar problem.

My best guess would be that the firmware signing was originally a way to protect Apple IP and prevent customization of Macs more than it was considered an end-user security feature.

I would expect Apple to embrace UEFI Secure Boot sometime in future models - after all Apple has been on board with UEFI for a long time and they once they've designed a goof solution they could trivially easily start using it.

Reply Parent Score: 3

RE[3]: Bad link
by Lennie on Sat 3rd Jan 2015 16:43 in reply to "RE[2]: Bad link"
Lennie Member since:
2007-09-22

I do know one thing Apple started to deploy their software on EFI machines obviously UEFI didn't exit yet.

Maybe there are still EFI-only machines in use today which their software needs to support and they want to add support for it when those don't need to be supported anymore.

Also no system with secure boot has ever held up when security researchers had a look at an implementation.

So Secure Boot at this point is basically a misnomer.

Reply Parent Score: 3