Thunderstrike 2 : The first firmware attack that can spread from MacBook to MacBook
A very common notion among PC users is the assumption that “Apple computers” and basically the Mac firmware are much secured.
However, how far is this true? For the first time two researchers have designed a Proof-of-concept worm which allows a firmware attack that can spread automatically from MacBook to MacBook even in case they are not networked.
It was towards the end of last year that Trammell Hudson, an US-based security researcher and an employee of the New York City-based hedge fund, Two Sigma Investments, had designed a Thunderstrike exploit on Apple Macs.
For the first time someone had demonstrated a Mac bootkit, i.e. a malware which launches right from the moment the PC is switched ON, indicating it gets launched even before the operating system gets booted on the computer. Hudson, showed that this malware remains hidden from the security tools because most of the security tools are not capable of delving in the innards of Mac. The malware was one of the dangerous forms because it granted the attacker total control of the Mac computer.
The major limitation faced by the “Thunderstrike exploit” was that it required physical access of the target PC to actually hack the computer.
However, Hudson collaborated with the security researchers Xeno Kovah and Corey Kallenberg duo of the ‘Voodoo’ hacker fame to design the Mac bootkits which not only can be delivered from anywhere but it could also spread over the infected Thunderbolt devices which sort of creates a “firmworm“.
The trio have designed many ways in which a malicious attacker can infect the Master Boot Record (Bootkit) and even successfully run it. They would be demonstrating these methods at the Black Hat Security Conference that would be held in Las Vegas this week. The malware designed by the trio would work under the conditions assuming that the attacker already has root control over the machine.
Getting root control of a Mac computer is not an easy task, however they feel that with the help of Oracle or Adobe Flash exploit, attacker can achieve this task.
Once attacker has the root control, they can exploit a vulnerability discovered by Rafal Wojtczuk of Bromium and Corey Kallenberg of The MITRE Corporation wherein “An authenticated local attacker may be able to bypass Secure Boot and/or perform an arbitrary reflash of the platform firmware despite the presence of signed firmware update enforcement. Additionally, the attacker could arbitrarily read or write to the SMRAM region. Lastly, the attacker could corrupt the platform firmware and cause the system to become inoperable.” In short attackers can unlock the BIOS, which is a part of the firmware that runs as soon as the PC is turned ON and it manages the flow of data between the computer’s OS and its hardware such as hard disk, mouse, keyboard etc.
This vulnerability, also referred as ‘Darth Venamis’, is known since September 2014, however it has been partly patched on Apple Macs, thus it helps attackers to hook inside the firmware with ease. The security researchers, Wojtczuk and Kallenberg, were the first ones to put light on this vulnerability in December 2014. They showed that attacker can exploit this vulnerability and ‘put Mac to sleep’ and ‘wake it up’ and further if the malicious attacker can ‘crack how the system wakes’ they can even attack the “resume script”.
“Resume scripts” is usually re-configures pieces of the hardware which change when they are in low-power state. Thus one can modify these scripts and ensure the BIOS is left unlocked when the computer restarts.
Role of Thunderstrike:
Addition of Thunderstrike attack, developed by Hudson, would lead to generation of a “firmworm”. Now, any machine that has been infected would spread or transfer the exploit to a Thunderbolt device which in turn when connected to another Apple PC will start running the malicious code. This procedure indirectly helps attackers to bypass the hurdles such as air gaps and easily target the machines even in cases where they are not connected over any network.
Next, Thunderstrike attacks the Boot ROM firmware.
Boot ROM firmware: What is this? When a computer is turned ON, the very first process to run on any machine is Boot ROM. If Boot ROM is safe, then all the processes launched after this would in turn be safe. So Boot ROM is one of the most deepest layer of the machine. However, it is also one of the best places to hide because the security programs do not delve here thus making it easy for attackers to hide and easily take control of the Mac.
A question that arises here is how can one possibly infect the Mac computer at that level!  Hudson, used Option ROMs (OROMs) to get his hands on the Boot ROM of the Mac computer.
OROMs does the same work which the Boot ROMs do on the devices which have been connected via Thunderbolt ports.
OROMs lack the capacity to store and replace the PC firmware; however Hudson found that it could modify the contents of a firmware update on the Apple Mac and thus used it for the purpose of switching out the public key which Apple uses to validate the updates. All this indicates that an attacker would be able to install their own key in the firmware which would run only those updates that are signed by the attackers and not by Apple.
The below video displays how that attack can jump from OROMs to the BIOS and then back to OROMs, in a way being prepared to infect another Mac.
Kovah says: “The attacker can just infect the flash chip to start with. The machine will then infect any Thunderbolt OROMs that it comes in contact with for the rest of its life.”
In the month of June, Apple developed a patch for the Darth Venamis vulnerability which Kovah says has not successfully fixed the issue. According to Kovah, the patch is not effective enough and attackers can still break into the System Management Mode (SMM), which is that portion of the firmware that is able to read everything which passes through the memory.
When Forbes requested for a comment, Apple did not respond.
With this firmware worm, now, Apple and Microsoft have shown that they both have atleast something in common and what better than a vulnerability!
Recently, Kovah and Kallenberg both have discovered many firmware-level vulnerabilities, these not only affect the Macs but also have the capacity to affect other computers using the Unified Extensible Firmware Interface (UEFI) framework or even its predecessor the Extensible Firmware Interface (EFI). Kovah also mentioned that usually EFI and UEFI are derived from the same reference implementation and also share the similar vulnerabilities.
Thus we can say that the components of Thunderstrike 2 is basically based on the vulnerabilities that were disclosed previously.
According to Intel, one of the best cures to fix the vulnerability would be to employ cryptographic signatures on the OROMs which will ensure that the ROM will not execute any command unless it has a valid signature thus nipping off the possibility of an attacker taking control of the boot ROM. Another remedy is the SMM lock box, this helps to lock the important ‘resume scripts’ away from the firmware. Both these can protect a PC from the Thunderstrike 2.
It seems manufacturers of Dell and HP have already enabled these mitigating technologies. However, Apple has somehow ignored these solutions provided by Intel.
Kovah, on the other hand, claims that even if Apple had implemented these controls, Mac computers would still be susceptible to attacks by malicious malware with the help of another bug known as SpeedRacer which is still unpatched. An attacker can use the SpeedRacer bug to brick the Mac by corrupting data or by bypassing the protections.
How to detect if Apple Mac has been infected:
To detect if the machine has been infected by Thunderstrike 2 attacks, users need to get ‘firmware forensics’. Sadly, at present this is not offered to an average user.
Security researchers have developed some OROM checkers which are available for free of cost; however it would be helpful only in case user has the knowledge of certain basic chip-level security and if not users would have to learn this and secure themselves from the attacks.
In short, Kovah concludes that Apple is aware of the vulnerabilities and in a way is responsible for these vulnerabilities. He feels that somehow Apple is not using the protections and steps which it should be taking and providing security to its esteemed users who believe that Apple is the most secured computer!
