World’s first (known) bootkit for OS X can permanently backdoor Macs

[BluntestTech]

Its few days old news but havent seen that anyone would have posted it and its kind of interesting.
 
 

Securing Macs against stealthy malware infections could get more complicated thanks to a new proof-of-concept exploit that allows attackers with brief physical access to covertly replace the firmware of most machines built since 2011.
Once installed, the bootkit—that is, malware that replaces the firmware that is normally used to boot Macs—can control the system from the very first instruction. That allows the malware to bypass firmware passwords, passwords users enter to decrypt hard drives and to preinstall backdoors in the operating system before it starts running. Because it's independent of the operating system and hard drive, it will survive both reformatting and OS reinstallation. And since it replaces the digital signature Apple uses to ensure only authorized firmware runs on Macs, there are few viable ways to disinfect infected boot systems. The proof-of-concept is the first of its kind on the OS X platform. While there are no known instances of bootkits for OS X in the wild, there is currently no way to detect them, either.
 

 
Source:  http://arstechnica.com/security/2015/01/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs/

 

EDIT: Additional source: http://thehackernews.com/2015/01/thunderstrike-infecting-apple-macbooks.html

 

more in-depth source: https://trmm.net/Thunderstrike_31c3

 

[DigitalHermit]

B-but macs can't get viruses... /s

 

How does it spread? I know it's currently a proof-of-concept, but are there any feasible vectors for infection already available? (aside from what was stated in the article)

[kuddlesworth9419]

Impossible. Everyone knows Macs don't get viruses. 

 

No but in all seriousness there is a serious problem and it's Apple's fault for miss informing (or not correcting misinformation) its customers that their PC's don't get viruses or hacked when they always did.

[Sidiox]

Isn't this the exact reason why thunderbolt isn't adopted on pc yet? Because the thunderbolt standard allows this to happen

[shermantanker]

Yeah this could turn into a sticky situation...

[zacRupnow]

[qwertywarrior]

firmwares has always been a security issue

i dont think there will ever be a way to protect ur self against it

[Fetzie]

Who'd have thought - giving plug-and-play peripherals access to low-level system components is an insane security risk.

 

So you would have to format all drives and reflash all of the component BIOSes and all of the hardware firmwares to get rid of this?

[FakezZ]

The attacker has to have physical access to the device, therefore, it is not as bad as it sounds. But still something that Apple needs to address.

[SuperfastJellyfish]

it's Apple's fault for miss informing (or not correcting misinformation) its customers that their PC's don't get viruses or hacked when they always did.

 

Gonna need a source on this one.

[BluntestTech]

Who'd have thought - giving plug-and-play peripherals access to low-level system components is an insane security risk.

 

So you would have to format all drives and reflash all of the component BIOSes and all of the hardware firmwares to get rid of this?

 

Well it seems like it would be extremely hard to remove and even replacing your storage device or reinstalling OS wouldnt remove it. Basicly it has full control over your system.  And how would you remove something you cant detect or know that its there ?

[BluntestTech]

Gonna need a source on this one.

 

well actually http://www.telegraph.co.uk/technology/apple/9355995/Apple-drops-virus-immunity-claim-for-Macs.html

 

before that Apple had kind of claimed that Macs are immune to viruses.

 

[Castdeath97]

Now that macs are getting more popular it's time for apple to increase security, 'Nuff said. 

[Valentyn]

Ouch, that's nasty. Although didn't they just recently find something similar on USB?

 

http://www.wired.com/2014/07/usb-security/

 

http://gizmodo.com/usb-has-a-fundamental-security-flaw-that-you-cant-detec-1613833339

[SuperfastJellyfish]

well actually http://www.telegraph.co.uk/technology/apple/9355995/Apple-drops-virus-immunity-claim-for-Macs.html

 

before that Apple had kind of claimed that "claimed" that Macs are immune to viruses.

 

i dont think Apple has actually directly claimed that Macs dont get viruses or admitted that Macs can get viruses

 

I already know the answer, I looked it up before I submitted the comment.

 

They said that Macs don't get Windows viruses, that's it.

[BluntestTech]

Ouch, that's nasty. Although didn't they just recently find something similar on USB?

 

http://www.wired.com/2014/07/usb-security/

 

Most antivirus softwares and firewalls now days have protection against malware from USB devices.

[SIGSEGV]

This is weeks old

Also, it's basically just BadUSB for thunderbolt

[Valentyn]

Most antivirus softwares and firewalls now days have protection against malware from USB devices.

 

I'm sorry did you check that it's a hardware vulnerability in USB that still hasn't been fixed since it's started being adopted?

 

So you're saying all you need is an anti-virus to fix an underlying hardware issue that cannot be fixed it seems?

 

This whole thunderbolt issue is just BadUSB essentially.

[LAwLz]

well actually http://www.telegraph.co.uk/technology/apple/9355995/Apple-drops-virus-immunity-claim-for-Macs.html

 

before that Apple had kind of claimed that "claimed" that Macs are immune to viruses.

 

-snip-

I think what's even worse is what they told their employees:

Important: Apple does not provide support or assistance in removal or diagnosis of malware. If the customer's Apple product is eligible for support, Advisors should determine that the Apple product is working properly by isolating the issue and ruling out any issues with Apple product.

 

Important:

Do not confirm or deny that any such software has been installed.

 

Do not attempt to remove or uninstall any malware software.

They told their employees to ignore the whole thing like it didn't exist.

 

I already know the answer, I looked it up before I submitted the comment.

 

They said that Macs don't get Windows viruses, that's it.

There is no way you can seriously deny that Apple has been feeding the "Macs can't get viruses" myth for ages. Even if they have not said anything factually incorrect it is pretty clear that the message has been misinterpreted by their fanbase and they have done nothing to correct it.

 

 

 

Ouch, that's nasty. Although didn't they just recently find something similar on USB?

 

http://www.wired.com/2014/07/usb-security/

 

http://gizmodo.com/usb-has-a-fundamental-security-flaw-that-you-cant-detec-1613833339

Yeah it seems like this is very similar. Just that it uses Thunderbolt instead of USB.

Although one difference (I think) is that the USB exploit might not pass Secure Boot, while this exploit might.

[SuperfastJellyfish]

I think what's even worse is what they told their employees:

 

They told their employees to ignore the whole thing like it didn't exist.

 

 

There is no way you can seriously deny that Apple has been feeding the "Macs can't get viruses" myth for ages. Even if they have not said anything factually incorrect it is pretty clear that the message has been misinterpreted by their fanbase and they have done nothing to correct it.

 

 

 

 

Yeah it seems like this is very similar. Just that it uses Thunderbolt instead of USB.

 

All I'm saying is that Apple has never made the claims that are being purported here.

[cesrai]

Gonna need a source on this one.

PC vs MAC commercials.

[cesrai]

Ouch, that's nasty. Although didn't they just recently find something similar on USB?

 

http://www.wired.com/2014/07/usb-security/

 

http://gizmodo.com/usb-has-a-fundamental-security-flaw-that-you-cant-detec-1613833339

This is old but no one gave a fuck untill bad USB was out to public.

[Valentyn]

 

Yeah it seems like this is very similar. Just that it uses Thunderbolt instead of USB.

Although one difference (I think) is that the USB exploit might not pass Secure Boot, while this exploit might.

 

That seems to be down to Thunderbolt having direct boot access and is farther up the hierarchy than USB.

 

I wonder how Intel let this slip by though, especially considering TB is supposed to be marketed towards high end, and professional markets.

Or, there's a chance they knew, didn't care and it'll be fixed with TB v3, leaving previous users in a bad spot. 

 

Once again, never let anyone plug anything random in your system, as a security precaution. 

[BluntestTech]

I'm sorry did you check that it's a hardware vulnerability in USB that still hasn't been fixed since it's started being adopted?

 

So you're saying all you need is an anti-virus to fix an underlying hardware issue that cannot be fixed it seems?

 

This whole thunderbolt issue is just BadUSB essentially.

 

Oh sorry didnt check but most manufactures have taken action against BadUSB and some types of USB devices ( most likely ones that have encryption build in) are atleast based on what i know immune to infection. BadUSB also seems to need system that has automatic usb installation enabled

[Recon97]

Stinky Macs..