2200 Western Court, Suite 400 Lisle, IL 60532
(888) 351-8324 (TECH)

Macs No Longer Immune: Firmware Bug Affects All

According to this article by Kim Zetter of Wired, “Two researchers [Xeno Kovah and Corey Kallenberg] have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of MACs. What????????s more, the researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.”

Basically, since all x86 workstation firmware is the same or very similar researchers have been able to develop a bug that writes it’s malicious code directly to this firmware. Firmware or BIOS, for those who do not know, is the code that calls and boots into the operating system of a computer. Unfortunately, since hardware manufacturers do not cryptographically sign the firmware it can be easily infected. Further, its more difficult to scan and correct due to the BIOS handling the operating system. According to Zetter, “Firmware is a particularly valuable place to hide malware on a machine because it operates at a level below the level where antivirus and other security products operate and therefore does not generally get scanned by these products, leaving malware that infects the firmware unmolested.” It gets even worse, because the malware can stick around even after a fresh installation. The only way to eliminate the malware would be to electronically flash the microchip that contains the BIOS. The firmware itself controls the ability of the OS to see what????????s in the firmware, thus a firmware-level worm or malware could hide by intercepting the operating system????????s attempts to look for it. The research team has since developed a worm that will infect the firmware on either your workstation or your Thunderbolt Ethernet adapter, USB SSD, or even a RAID controller, infecting the low level firmware that lives on peripheral devices and spreading to all connected devices.

“Some vendors like Dell and Lenovo have been very active in trying to rapidly remove vulnerabilities from their firmware. Most other vendors, including Apple as we are showing here, have not. We use our research to help raise awareness of firmware attacks, and show customers that they need to hold their vendors accountable for better firmware security.”

-Kovah

 

Leave a reply