The malware – dubbed ‘Thunderstrike' after the Mac Thunderbolt interface it exploits – could be used to plant backdoors in Apple Macs in an attack that is almost impossible to detect or repair.
Hudson, a researcher with New York high-tech hedge fund Two Sigma Investments, revealed the flaw at the recent Chaos Communication Congress and gave details last week.
He said it allows an attacker with just a few seconds access to an OS X device to insert malware through the Thunderbolt port while the system is booting up, and so take over the operating system.
The attacker could then do things like log keystrokes, including disk encryption keys, place backdoors in the OS X kernel, and bypass firmware passwords.
Once installed, the Thunderstrike malware can also be spread virally to other connected devices.
Hudson said the flaw could be exploited by attackers – like intelligence agencies – intercepting hardware in shipment and replacing it with ones with modified ROMs. Or in a classic ‘evil-maid' attacks where a person with access to a laptop could replace the boot ROM firmware, regardless of passwords or disk encryption.
He said Thunderstrike, which uses a so-called ‘Option ROM' attack to replace device code, is “effective against every MacBook Pro/Air/Retina with Thunderbolt that I've tested, which is most models since 2011”.
He added: “The proof of concept is hardcoded for the 10.1 system, but the underlying vulnerability seems to be present and is independent of OS X version. Weaponisation to attack all the different models is within the means of a dedicated attacker.”
However, pre-Thunderbolt devices are not affected by Thunderstrike, nor are Apple machines that contain mask ROMs.
Thunderstrike is currently almost impossible to detect and difficult to remove, Hudson said: “Since it is the first OS X firmware bootkit, there is nothing currently scanning for its presence. It can't be removed by software since it controls the signing keys and update routines. Re-installation of OS X won't remove it. Replacing the SSD won't remove it since there is nothing stored on the drive.”
Analysing the Thunderstrike attack, independent UK information security expert Graeme Batsman believes it could be the first of its kind as Hudson claims, and he urged Apple to act on it.
Batsman told SCMagazineUK.com: “The flaw now has worldwide coverage so Apple should add it to its fix list - demos are given in the video and white paper.”
But one saving grace is that an attacker needs physical access to the device to exploit Thunderstrike, Batsman said.
“This puts it under the targeted attack scope,” he told SC. “A large percentage of infections are spread through mass-market emails and infected sites with dodgy downloads or silent drive-by downloads.
“Physical access means either breaking into a home, hotel or office, or an inside job - possibly a spike at airport immigration when someone is being questioned for whatever reason.”
Alex Chapman, principal security consultant at Context Information Security, agreed, telling SC: “Whilst Thunderstrike is a very powerful exploit, allowing full control over the operating system from boot, the fact that it currently requires physical access to a target system greatly limits its scope.
“Bootkit attacks via Apple's EFI firmware have been subject of research for a number of years now, so whilst not entirely new, the Thunderstrike attack demonstrates reliable exploitation of current-generation systems.”
Mark James, security specialist at ESET, told SCMagazineUK.com via email: “This particular bootkit is a very powerful piece of malware that could potentially go undetected for a while. As it's the first of its kind, it poses a massive threat to Apple's ‘perceived' secure operating system but, as with any OS, there are always means to circumvent protection methods.
“However we do need to look at it in perspective, to see how likely it is to affect the average user. It's very dangerous but you do need physical access to the machine to instigate this attack at the start. Once that's done it's quite possible we will see it spreading via other Thunderbolt devices and because of the current inability to detect and remove it via software, this will be exploited further and will lead to other malware doing similar things.
“Apple will be working very hard to see what they can do to stop this type of attack but only time will tell how successful or quick they are about it.”
Apple was contacted for comment by SC but had not responded at time of writing.
In his paper, Hudson said: “Apple has a partial fix that they have started shipping in the new Mac Minis and iMac Retinas, and they plan to release it for older Macs soon as a firmware update.
“Their fix is to not load Option ROMs during firmware updates, which is effective against the current proof-of-concept.
“However, it is not a complete fix. Option ROMs are still loaded on normal boots, allowing an (evil maid) attack to continue working. Older Macs are subject to downgrade attacks by ‘updating' to a vulnerable firmware version.”