Your Mac Is Vulnerable to Thunderbolt Hacks and You Can't Do Anything About It
Dubbed Thunderstrike, the vulnerability reportedly allows a custom-crafted malicious Thunderbolt device to flash code to the boot ROM. In a lengthy video posted to ccc-tv, Hudson demoes how persistent firmware modifications can be fed into the EFI boot ROM of MacBooks equipped with Thunderbolt ports.
“The bootkit can be easily installed by an evil-maid via the externally accessible Thunderbolt ports and can survive reinstallation of OSX as well as hard drive replacements,” says the security researcher. “Once installed, it can prevent software attempts to remove it and could spread virally across air-gaps by infecting additional Thunderbolt devices.”
There’s a lengthy analysis of the flaw over at trmm.net, also courtesy of Trammell Hudson. There, he explains how replacing the hard drive has no effect on the hack, since it doesn’t depend on anything stored on the disk, while reinstalling OS X from scratch also can’t erase the hack.
