Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Bug Power Hardware

Macs Vulnerable To Userland Injected EFI Rootkits 82

Bismillah writes that a new vulnerability in recent Macs — and potentially older ones — can be used to plant code such as rootkits into areas of EFI memory that shouldn't be writeable, but become unlocked after the computer wakes up from sleep mode. The article explains that [The vulnerability] appears to be due to a bug in Apple's sleep-mode energy conservation implementation that can leave areas of memory in the extensible firmware interface (EFI) (which provides low-level hardware control and access) writeable from user accounts on the computer. Memory areas are normally locked as read-only to protect them. However, putting some late-model Macs to sleep for around 20 seconds and then waking them up unlocks the EFI memory for writing.
This discussion has been archived. No new comments can be posted.

Macs Vulnerable To Userland Injected EFI Rootkits

Comments Filter:
  • by cerberusss ( 660701 ) on Monday June 01, 2015 @04:32AM (#49813311) Journal

    FTFA:

    The researcher who discovered the flaw, Pedro Vilaça, said the vulnerability can be used to (some examples) that is invisible to the operating system in the writeable flash memory

    So to summarize: as a user, you can sometimes write to EFI memory.

    That's currently all there is to it. There's no rootkit, there's no malware, etc. Just this space where you can hide and survive an OS wipe and reinstall.

    I'm sure some will come up with a payload that uses this space to hide itself, no doubt about it. But currently, this is all there is to it.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Oh, I know how to solve this one. There's a bug in the EFI capsule update mechanism that allows to install unsigned firmware updates if you have root.

      Now combine it with this bug, and you can corrupt an EFI update initiated by root from an unprivileged account. Essentially, wait for the next EFI update and you get arbitrary code execution from Ring 3, userland, to Ring -3, the firmware.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      It's enough to make such a thing. Just lurk until it becomes writable, then make good use of it. Much simpler than stealing keys from the next VM over by cache-timing attacks, and we've seen those to be viable. So insisting on proof for what ought to be obvious is maybe a bit facetious.

      This thing is also more indication that EFI actually makes peecees more insecure because there's another layer of software running with even more privileges than the OS itself, and it's closed-source firmware. Crappy firmware

      • by Viol8 ( 599362 )

        Blame Intel with their idiotic system management mode. The person who thought that was a good idea should have been fired on the spot instead of the damn thing actually being implemented since the 386.

        • by jabuzz ( 182671 )

          I think you will find that SMM debuted in the 386SL and continued in the 486SL begore becoming mainstream in the Pentium.

          Those processor codes should give you a clue as to what it's original purpose was and why it came about.

        • you mean like the downward facing call-stack which has provided so many buffer overflows over the years? seems to me like they've been breeding fast inside Intel...
          (pun intended)

      • by Dog-Cow ( 21281 )

        EFI does not run with more privileges than the OS.

    • by Anonymous Coward

      FTFA: The researcher who discovered the flaw, Pedro VilaÃa, said the vulnerability can be used to (some examples) that is invisible to the operating system in the writeable flash memory

      So to summarize: as a user, you can sometimes write to EFI memory. That's currently all there is to it. There's no rootkit, there's no malware, etc. Just this space where you can hide and survive an OS wipe and reinstall. I'm sure some will come up with a payload that uses this space to hide itself, no doubt about it. But currently, this is all there is to it.

      This *is* the vulnerability. The EFI loads the OS. If you can overwrite the EFI, game over. The OS will do whatever the new rootkit-EFI that loaded it tells it to do.

    • by benjymouse ( 756774 ) on Monday June 01, 2015 @06:38AM (#49813553)

      So to summarize: as a user, you can sometimes write to EFI memory.

      That's currently all there is to it. There's no rootkit, there's no malware, etc. Just this space where you can hide and survive an OS wipe and reinstall.

      Yes - it is a vulnerability for which there is no exploit published (yet).

      This vulnerability is serious, as it allows an attacker to permanently infect the Mac *firmware* and gain control each time the Mac is booted - even if you nuke and reinstall OS X.

      You may try to dismiss this as "still needs another vulnerability". Another vulnerability or even a social engineering attack, evil maid attack will all suffice. This one can be used to take permanent, undetected residence on successfully exploited macs.

      That's bad in my book

      • by mjwx ( 966435 )

        So to summarize: as a user, you can sometimes write to EFI memory.

        That's currently all there is to it. There's no rootkit, there's no malware, etc. Just this space where you can hide and survive an OS wipe and reinstall.

        Yes - it is a vulnerability for which there is no exploit published (yet).

        This vulnerability is serious, as it allows an attacker to permanently infect the Mac *firmware* and gain control each time the Mac is booted - even if you nuke and reinstall OS X.

        You may try to dismiss this as "still needs another vulnerability". Another vulnerability or even a social engineering attack, evil maid attack will all suffice. This one can be used to take permanent, undetected residence on successfully exploited macs.

        That's bad in my book

        Hey, dont try to use logic and reason here.

      • by doccus ( 2020662 )

        That's bad in my book

        Well, i'd say.. If it can't be erased or written over, nothing short of replacing the peocessor would save the MAc. But shouldnb't you be able to overwrite any malkware? if it can be accessed once, then surely again..

    • by fuzzyfuzzyfungus ( 1223518 ) on Monday June 01, 2015 @06:45AM (#49813579) Journal
      Less of an issue among people/organizations who exclusively buy new, from manufacturer or authorized retailer; but (at least on the PC side, I don't deal much with mac procurement), refurbished off-lease units are an enormous market. Very, very, popular with organizations that can't afford to ride the latest-and-greatest. It's not glamorous (something like the Optiplex 780 [dell.com] is nothing to write home about; but if you need a few computer labs or a cube farm on a tight budget, the fact that you can get units with an adequate 3rd party warranty, no DOA, 4GB of RAM, and an adequately punchy CPU for ~$150, sometimes a little less, each, is pretty compelling.

      "Previous owner" isn't a scary vulnerability for exploits that live at the OS level; all the refurb stuff typically gets wiped once by the refurb house during their testing process, and re-imaged when it reaches the customer; but it is damn scary for firmware-level exploits. Especially motherboard firmware(HDD firmware exploits are scary; but taking out the HDD and shredding it, then replacing it with another low-capacity-everything-is-on-the-network-anyway boot disk is at least cheap); which compromises the system at a scary-deep level, and also compromises the component that makes up most of the value of the computer.

      Without a good OS-level vector, preferably with a nice internet infection capability, it isn't a good candidate for a pandemic; but if this sort of firmware fuckery makes the used market about as reliable as buying street drugs, it will have a major impact.
    • by Lumpy ( 12016 )

      "Just this space where you can hide and survive an OS wipe and reinstall." IF the user only put the unit to sleep and then woke it. Simply turning off the unit for a short time before OS wipe and reinstall defeats this potential hole.

      I am betting that Windows, BSD, and Linux have a similar vulnerability lurking.

      • by mjwx ( 966435 )

        "Just this space where you can hide and survive an OS wipe and reinstall." IF the user only put the unit to sleep and then woke it. Simply turning off the unit for a short time before OS wipe and reinstall defeats this potential hole.

        I am betting that Windows, BSD, and Linux have a similar vulnerability lurking.

        IF they're on the same hardware. This is a vulnerability with the EFI on Apple computers. Because the hardware and firmware are different the same vulnerability is likely not exist with the EFI on IBM servers.

        Also you're wrong about turning it off for a short time. This is basically the same as the flaws that lead to the old BIOS viruses. As malware can hide in the EFI it doesn't care what you do with the OS as the EFI is completely independent of it.

  • by fpoling ( 2535392 ) on Monday June 01, 2015 @04:43AM (#49813335)

    Vilaça believes Apple is aware of the issue - his testing shows the flaw is not found in the firmware of Macs made after mid 2014.

    • Re: (Score:3, Insightful)

      by drinkypoo ( 153816 )

      VilaÃa believes Apple is aware of the issue - his testing shows the flaw is not found in the firmware of Macs made after mid 2014

      How kind of Apple to publish a security advisory on the issue, like a reputable and scrupulous vendor would have done.

      • Vilaça believes Apple is aware of the issue - his testing shows the flaw is not found in the firmware of Macs made after mid 2014

        How kind of Apple to publish a security advisory on the issue, like a reputable and scrupulous vendor would have done.

        Note the sentence in the article that wasn't quoted by the previous poster but which immediately followed it...

        He did not disclose the flaw to Apple.

        So, this is a flaw that Apple has not been notified about, which only exists in older hardware, and which is fiddly enough that the researcher can't explain why it's being caused, but does know that it needs to be targeted for specific machines. It's entirely likely that because this issue must be targeted at specific versions of firmware for each model that whatever fiddly bits were making it poss

  • by Anonymous Coward

    With Mac's making up about 6% or so of PC market. Does anyone care about doing attacks on OS X or Mac's? In fact, it does seem the direction towards attacks made outside of singular device hardware is becoming more popular. Attacking routers, severs, even cloud based systems. Or direct attacks against certain systems that guarantee financial gain. Such as personal information, or other private information that can be sold. Maybe the NSA still wants to rootlet your Mac. But most hackers want monetary gains

    • by fuzzyfuzzyfungus ( 1223518 ) on Monday June 01, 2015 @07:01AM (#49813651) Journal
      If I'm just harvesting nodes for my botnet, macs are pretty lousy targets, no more capable than PCs and substantially more obscure.

      If I'm attacking systems for the data on them, or to MiTM/trojan/keylog the users of the systems; grab banking credentials and the like; mac users are a conveniently self-selected group of people atypically worth harvesting. Sure, there are a bunch of underemployed baristas with degrees in Individuality using the macbook pro that mommy and daddy bought them to watch movies in their dorm room; but as a whole, thanks to the higher prices, users of OSX devices skew upmarket pretty substantially(iOS devices have some of the same effect; but much less, since at least an iPhone 5c or the like is probably available as the 'free'-with-usurious-contract model on most telcos).

      If you are attempting a corporate/institutional intrusion, macs vary in value: they are way, way, less common, frequently absent entirely; but where they are present, their minority status often means very limited integration into the enterprise's legion of 'security' products, IDSes, and everything else that the Windows users complain is causing logins to take 30 minutes. This makes them handy 'beachhead' systems, especially if they are loaded up with Office, Adobe Malware Runtime, and similar stuff that may well have cross-platform or partially shared libraries of vulnerabilities; but much reduced vigilance on OSX clients.
    • Macs are popular with developers (on some software conferences over 50% of laptops could be Macs) and getting control of those machines opens many more possibilities than just threatening to delete or share personal pictures.
  • by Viol8 ( 599362 ) on Monday June 01, 2015 @05:30AM (#49813397) Homepage

    That way it can't be overwritten by software. Or at least require an internal jumper to be set before any writes can happen. Any user updating their BIOS would be fairly experienced so taking the lid off an setting a jumper wouldn't be a problem for them and people who arn't technical could just take it to a store.

    • That way it can't be overwritten by software. Or at least require an internal jumper to be set before any writes can happen. Any user updating their BIOS would be fairly experienced so taking the lid off an setting a jumper wouldn't be a problem for them and people who arn't technical could just take it to a store.

      Or, ship each Mac with an encrypted dongle that must be unlocked to do a firmware upgrade. You could even print the key on the dongle so you wouldn't worry about losing the key; if yo lose the dongle then still allow an authorized service center to do firmware upgrades. Of course, this my be a solution in search of a problem.

      • by AmiMoJo ( 196126 )

        No need for such an elaborate and potentially annoying scheme (most people will lose those dongles). Just make it so that only the firmware can update itself, and it only accepts cryptographically signed updates.

        You can get memory ICs that can be locked against reading and writing until power cycled. The firmware does what it needs to do, locks the whole firmware against writing early in the boot process, and maybe locks any sensitive data (like crypto keys) against reading as well. If software wants to upd

    • by jones_supa ( 887896 ) on Monday June 01, 2015 @05:51AM (#49813443)
      It's interesting that a lot of effort has been put into things like SecureBoot, but there is still a plethora of devices in a PC which are ready to accept new (potentially malicious) firmware at any given point in time.
      • by swb ( 14022 )

        Some of this seem to be blameable on hardware makers who once made firmware updates hard -- you had to set a jumper on the motherboard. Then they got rid of that part, but you couldn't flash it from the dominant GUI operating system and had to boot from a DOS disk. Then you didn't even have to do that and could flash any firmware on the system from the GUI.

        Now it's too easy. It would seem to make more sense to require the system to be booted to a firmware update mode, simple and reliable enough to be pla

      • It's interesting that a lot of effort has been put into things like SecureBoot, but there is still a plethora of devices in a PC which are ready to accept new (potentially malicious) firmware at any given point in time.

        Well, at least now you have an idea of just how bad IoT deployment is going to get.

    • That way it can't be overwritten by software. Or at least require an internal jumper to be set before any writes can happen. Any user updating their BIOS would be fairly experienced so taking the lid off an setting a jumper wouldn't be a problem for them and people who arn't technical could just take it to a store.

      In the day and age where the tablet device is being pushed as the desktop replacement, and a laptop can be outfitted to be on par with desktop performance, it's becoming harder and harder to find this "lid" you speak of...

    • Given that laptops(especially Apple's) are an increasingly heroic enterprise to open; 'internal jumper' probably isn't happening; but you might be able to get away with some other 'physical presence verification' mechanism that exploits buttons that the system already possesses(similar to the way that Chromebooks killed physical dev-mode switches, because OEMs didn't like the added cost, so now it's some multi-key combo during boot).

      Not as good as a true hardware write protect(in theory, a suitably capab
      • Given that laptops(especially Apple's) are an increasingly heroic enterprise to open;

        You need to update your personal Knowledge Base. MacBooks have been very EASY to open since the Unibody case (what is that, like nearly 10 years now???). The only thing difficult to replace on a Mac laptop nowadays is the Keyboard, funnily-enough.

        It would be absolute pud for Apple to put a user-accessible pushbutton on the Mobo of a Unibody MacBook. Ten #00 Phillips screws and you're in. If the pushbutton was on the mobo side closest to the bottom-pan, it would be instantly accessible. Kind of like they u

    • by sribe ( 304414 )

      That way it can't be overwritten by software. Or at least require an internal jumper to be set before any writes can happen. Any user updating their BIOS would be fairly experienced so taking the lid off an setting a jumper wouldn't be a problem for them and people who arn't technical could just take it to a store.

      Oh yeah, great. So when there's a critical flaw in there which actually needs to be fixed, and IT in a company is supporting dozens, or hundreds, or maybe even thousands of machines. Yeah, great.

  • by Anonymous Coward

    Remind me again why there is not a read-only dip-switch that write-protects the entire firmware? It is not like you cannot hack the damn FLASH since their lockout modes are just as buggy as anything else nowadays, but still...

    We were better off using EEPROMs, at least you could write protect those by actually air-gapping the pins required to erase and program the chip.

    • It's a mac and we made it thin so no easy open for you also we have storage on a card not a hdd so you really can't take it out easy on all systems. Also say takeing out the HDD in the mac mini can void the warranty or at the very least they can say when you took out the hdd you did ESD damage so people may ship out systems with there HDD that can get hacked at the repair shop.

      • It's a mac and we made it thin so no easy open for you also we have storage on a card not a hdd so you really can't take it out easy on all systems. Also say takeing out the HDD in the mac mini can void the warranty or at the very least they can say when you took out the hdd you did ESD damage so people may ship out systems with there HDD that can get hacked at the repair shop.

        You're so full of shit it must be running out your mouth.

        Unibody MacBooks are REALLY easy to open. Remove 10 phillips screws on the bottom-pan and, er, that's it. Replacing the HDD does NOT void the warranty on a Mac mini, unless you are stupid and drop a screw in it and then turn it on or something equally dense. The SSD in the 2015 Retina MacBook Pro is also right in view once you take off the bottom-pan, and is on a plug-in connector. Good luck finding an aftermarket replacement for their PCIe SSD, tho

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...