It is possible to use the efi chip of several MacBooks to crack with the help of a device into the Thunderbolt input on a MacBook is plugged in. That discovered an American researcher. The vulnerability may be permanent malware on a MacBook are ge lwa installed.
“You can’t be from the operating system directly to the efi chip to write, because there is no connection between the cpu and the efi chip,” said Hudson on the CCC security conference in Hamburg. “But you can do a firmware update to the storage of the chip flashing, that is when the boot is loaded.”
This is so called physical access to a system is needed, but Hudson has a relatively accessible way found to make this possible. He succeeded to a device that is in the Thunderbolt port must be inserted in the load firmware loads in malicious software during the boot to the storage of efi-chip flash. So OptionROM used, a legacy technique, which during the loading of a system firmware can be loaded. The tool from Apple to make firmware updates to install the software then. That this is possible in theory, it is according to Hudson for two years clear.
According to Hudson, there are few mechanisms for the writing of malicious software to the efi chip to avoid. There is no hardware control of the content of software updates that are performed. However, the signature of the software-controlled, but Hudson managed to cryptographic signature from Apple, to be replaced by his own signature. At boot time, no checking of the code is executed.
Hudson has the problem been tested on six recent MacBooks, but the security issue is probably present on other Apple-based systems with Thunderbolt ports, such as the Mac Mini and the desktop Mac. The company has released an update that the problem tries to fix it, but according to Hudson, is that is not adequate.
Hudson argues that the problem for example can be abused by the secret services, but short access need to get to a person’s system to rogue software to install. Because the software in the efi chip is staying, he stays present as Mac OS X or another operating system is reinstalled. An attacker would include a backdoor in the operating system can sites, keystrokes, register, and encryptiewachtwoorden find out. “And because I was the cryptographic signature from Apple have replaced it by my own signature, you can the software not be replaced,” says Hudson.