A security researcher describes how malware could infect your Mac’s boot ROM, and spy on your activities, with little chance of you ever realising.

If you have a lovely, shiny MacBook you might be feeling pretty happy with yourself.

After all, compared to Windows, there is relatively little malware written for OS X. And, for that Mac malware which does exist, you are (hopefully) running a decent anti-virus product and keeping on top of security patches and updates.

But what if I told you that it’s possible to infect a MacBook in a way which no anti-virus software is able to detect? Not because your anti-virus software hasn’t been updated to detect a particular new strain of malware, but because it’s incapable of seeing it.

Imagine that this malware has infected the Boot ROM of your MacBook, and controls your entire system from the first second that your computer is turned on. The malware is so powerful, and runs at such a low level, that it can completely backdoor your system, logging keystrokes, spying on your every activity, steal and bypass firmware passwords.

In fact, it cannot be removed by software at all. And reinstalling OS X or replacing the solid state drive (SSD) or hard disk isn’t going to help you.

What’s worse, the undetectable malware could spread virally from device to device.

Sounds a bit scary doesn’t it?

Welcome to Thunderstrike.

Thunderstrike – “unremovable” and “radar-proof”

At the end of December, researcher Trammel Hudson spoke at the Chaos Communication Congress (31C3) conference in Hamburg, to describe a new vulnerability that he called “Thunderstrike”.

Why the name Thunderstrike? Well, aside from admitting that “all exploits have cool names these days”, Hudson described in detail how the attack could exploit the Mac Thunderbolt port to install malicious code in the ROM EFI boot chip on a MacBook.

Using a variety of sneakiness, Hudson demonstrated that it was possible to bypass the built-in security measures (such as cryptographic signature checks) that Apple designed to prevent unauthorised firmware updates. As a result, an attacker could overwrite the computer’s boot ROM and install new firmware onto the device containing a malicious rootkit.

In his talk, Hudson describes how the Thunderstrike exploit runs during the recovery mode boot sequence, and can be used to replace firmware files, and make the various changes to checksums necessary to dupe the MacBook into believing all is well.

Apple’s own firmware update routine then flashes the attacker’s RSA key into the boot ROM on the motherboard. The attacker now “owns” the computer, and can flash whatever ROM they wish using Apple’s own update tools.

And to cap it all, the rootkit cannot be removed by software alone, because the attackers own the RSA key required to make any changes.

And because that ROM rootkit (or bootkit if you prefer) is running from the instant that the computer is turned on, it can use stealth techniques to be “radar-proof” – throwing up a clean, uninfected image of itself in any process attempts to investigate if the ROM has been tampered with.

Possible attack scenarios

Here are a couple of possible attack scenarios:

Firstly, intelligence agencies could intercept the delivery of computer equipment, without the knowledge of the intended recipient or the manufacturer, and install a malicious bootkit onto the computer’s ROM – with no physical tampering of the device necessary.

Does that sound far-fetched? It shouldn’t, because leaked documents from whistleblower Edward Snowden have already revealed that the NSA has implanted malware in IT hardware – such as Cisco routers – as it is shipped to customers.

Secondly, we have the “evil maid” scenario. Here’s how Trammel Hudson described that type of attack:

You’re at a conference, say in Hamburg, and you go down to breakfast at the hotel, and room service comes in and they make the bed, and backdoor your laptop, and give you some fresh towels…

The point is that it only takes a few seconds to compromise a system, by plugging a rigged Thunderbolt cable into the side of a laptop which has been left unattended. There’s no need for an attacker to open up the case of your computer, and it’s irrelevant if your MacBook has a boot-up password or its hard drive is encrypted. All the attacker needs is a few seconds to plug in a device, and reboot your MacBook.

Evil Maid attacks are nothing new, and yet many people continue to leave their computing devices lying around – whether it be in their hotel room, or while chatting to a colleague at a conference.

Remote exploitation?

Evil maids and intelligence agencies are one thing. But really sent a chill down my spine was when Hudson made reference in his presentation to how Thunderstrike could potentially be adapted to work remotely. In other words, an attacker would need no physical contact with the targeted device.

According to Hudson, it might be possible to use a technique with the (admittedly fantastic) name of “Deep Jedi Coma” which had been separately announced at the C13C conference.

Hudson said an attack technique known as Dark Jedi that was outlined during the talk could possibly be adapted to make his exploit work remotely, so the attacker wouldn’t require physical access.

Fortunately, a Thunderstrike attack via remote exploitation would almost certainly be possible to intercept with anti-virus software, as malicious code would need to execute on the computer.

What to do?

Frankly, there’s not much you can do.

Apple says that the new Mac Mini and iMac Retina no longer load Option ROMs during a firmware update, and it seems likely that a future update from Cupertino will make older Macs safer by preventing the behaviour.

In the meantime, I would recommend not leaving your MacBook anywhere unattended.

And I would also recommend, don’t panic! After all, we’re not aware of any attacks which have exploited the vulnerability.

ESET UK’s Mark James had the following to say:

“This particular bootkit is a very powerful piece of malware that could potentially go undetected for a while. As it’s the first of its kind, it poses a massive threat to Apple’s ‘perceived’ secure operating system but, as with any OS, there are always means to circumvent protection methods. “However we do need to look at it in perspective, to see how likely it is to affect the average user. It’s very dangerous but you do need physical access to the machine to instigate this attack at the start. Once that’s done it’s quite possible we will see it spreading via other Thunderbolt devices and because of the current inability to detect and remove it via software, this will be exploited further and will lead to other malware doing similar things. “Apple will be working very hard to see what they can do to stop this type of attack but only time will tell how successful or quick they are about it.”

Let’s hope that Apple rolls out a fix sooner rather than later.

Interestingly, Hudson, a researcher who works for the New York-based high-tech hedge fund Two Sigma Investments, began to investigate the security vulnerabilities on MacBooks because his firm wanted to know what the risks were of giving its staff Apple hardware.

Which is reasonable enough. After all, it’s easy to imagine that a hedge fund would be keen to keep classified information far away from unauthorised parties, and might consider itself a potential target for attack.

Much more information about Thunderstrike can be found on Trammel Hudson’s website, or in the following YouTube video of his presentation at the 31C3 conference: