News

Researcher cracks MacBook efi chip via Thunderbolt port

By admin
Spread the love

It is possible to crack the efi chip of several MacBooks using a device that plugs into the Thunderbolt input of a MacBook. This was discovered by an American researcher. The vulnerability allows permanent malware to be installed on a MacBook.

To crack the EFI chip, researcher Trammell Hudson used the update mechanisms that Apple itself built in to update the firmware on the chip. The efi chip is part of the uefi standard, a more secure successor to the bios.

“You can’t write directly to the efi chip from the operating system because there is no connection between the CPU and the efi chip,” Hudson said at the CCC security conference in Hamburg. “But you can flash a firmware update to the chip’s storage, which is loaded on boot.”

This does require physical access to a system, but Hudson has found a relatively accessible way to make this possible. He managed to create a device that plugs into the Thunderbolt port and loads firmware upon loading that flashes malicious software to the efi chip’s storage on boot. OptionROM is used for this purpose, a legacy technique that allows firmware to be loaded during the loading of a system. Apple’s tool to install firmware updates then runs the software. According to Hudson, it has been clear for two years that this is theoretically possible.

According to Hudson, there are few mechanisms to prevent the writing of malicious software to the EFI chip. There is no hardware control of the content of software updates when they are performed. The signature of the software is checked, but Hudson managed to replace Apple’s cryptographic signature with his own. No code check is performed on boot.

Hudson has tested the issue on six recent MacBooks, but the vulnerability is likely to exist on other Apple systems with Thunderbolt ports, such as the Mac Mini and the desktop Mac. The company has released an update that attempts to resolve the issue, but Hudson says it’s not enough.

Hudson argues that the problem can be exploited, for example, by secret services, who only need to gain access to someone’s system for a short time to install malicious software on it. Because that software resides in the efi chip, it remains present even when Mac OS X or another operating system is reinstalled. An attacker could, among other things, place a backdoor in the operating system, register keystrokes and recover encryption passwords. “And because I replaced Apple’s cryptographic signature with my own, you can’t replace the software,” Hudson said.

You might also like
News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones