Experts say it is possible to compromise Apple’s Mac OS X by exploiting vulnerabilities in Apple Extensible Firmware Interface using Thunderbolt ports inbuilt in Apple’s Mac Pro, MacBook Pro, Mac mini and iMac.
Over the years, Mac OS X has been dubbed the most secure operating system compared with its closest rivals, Windows OS, Android OS or even Blackberry. As a result, researchers, academicians and hackers alike will go to any lengths to disapprove this misconception about Mac PCs and hopefully end the presumed reign of Mac OS X before New Year.
One such hacker/programmer is, Trammell Hudson, who claims it’s possible to tear apart a Mac PC by first infecting Apple Extensible Firmware Interface using externally accessible Thunderbolt ports. Hudson intends to present his proof of concept at 31st Chaos Communication Congress at the end of the year.
Technically, EFI specifications “defines a software interface between an operating system and platform firmware”, it is a replacement of the traditional BIOS (Basic Input Output System) which could not accommodate modern microprocessor architecture such as Itanium which are beyond x86.
Thunderbolt input-output technology, inbuilt in Mac PC’s allows the connection of several external peripherals to a computer using a single port. It enable Mac users experience “high-speed peripherals and high-resolution displays via one simple port and a cable that carries both DisplayPort and PCI Express data,” reads Apple’s Website.
According to Hudson a successful attack would require one to replace the boot code and reboot the MacBook. Ideally, apple EFI ROMs are high encrypted but Hudson says using the Thunderbolt option circumvents encryptions checks during boot time therefore allows the new boot code to take control of the system from the word go.
More importantly, the malicious code eludes detection by security software in the compromised system and can neither be extracted by re-installing OS X or even replacing the hard drive.
“Hudson has created a proof of concept bootkit which also replaces Apple’s cryptographic keys in the ROM and prevents any attempt to replace them that isn’t signed with the attacker’s private key,” writes Larry Seltzer, a mobile technology expert.
Apple is yet to issue an official statement about the security flaws affecting its products.