gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75409 Posts in 13198 Topics by 2641 Members - Latest Member: lokta October 17, 2017, 10:16:50 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  World’s first (known) bootkit for OS X can permanently backdoor Macs
gfx
gfxgfx
 

Author Topic: World’s first (known) bootkit for OS X can permanently backdoor Macs  (Read 463 times)

0 Members and 1 Guest are viewing this topic.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
http://arstechnica.com/security/2015/01/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs/

Quote
Securing Macs against stealthy malware infections could get more complicated thanks to a new proof-of-concept exploit that allows attackers with brief physical access to covertly replace the firmware of most machines built since 2011.

Once installed, the bootkit—that is, malware that replaces the firmware that is normally used to boot Macs—can control the system from the very first instruction. That allows the malware to bypass firmware passwords, passwords users enter to decrypt hard drives and to preinstall backdoors in the operating system before it starts running. Because it's independent of the operating system and hard drive, it will survive both reformatting and OS reinstallation. And since it replaces the digital signature Apple uses to ensure only authorized firmware runs on Macs, there are few viable ways to disinfect infected boot systems. The proof-of-concept is the first of its kind on the OS X platform. While there are no known instances of bootkits for OS X in the wild, there is currently no way to detect them, either.

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: World’s first (known) bootkit for OS X can permanently backdoor Macs
« Reply #1 on: January 11, 2015, 09:34:34 pm »
Same issue as replacing BIOS on a PC. It's a serious issue that companies need to take more seriously. NVIDIA recently changed their graphics cards so only signed firmware can be used on their cards, previous to this it was possible to flash the cards with malware which would have direct memory access and that issue affects both PC's and Macs. Same situation with RAID cards, some Sound Cards, some Network cards.

For the very sophisticated attacker (state sponsored especially) there are literally handfuls of nonsecure BIOS/Firmware chips to store your malware where antiviruses simply don't check.

Which reminds me, due to the threat from this NVIDIA has written a memory dumper for their cards so that researchers can investigate the possibility of malware being loaded in to their GPU's memory. It's a Linux only tool right now.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: World’s first (known) bootkit for OS X can permanently backdoor Macs
« Reply #2 on: January 12, 2015, 02:30:22 am »
nvidia wrote a linux only tool? what makes me think its not open source...

anyway... with all this 'serial number' stuff going on ... what the hell happened to the jumper on the motherboard that would render the systems flash bios or firmware as 'read only' .... in order to do an update had to take the computer apart but how often is the firmware updated on the average computer? not often.... ive done 2 bios updates in my life... both interestingly for laptops... hmm..

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  World’s first (known) bootkit for OS X can permanently backdoor Macs
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.14 | SMF © 2017, Simple Machines
Page created in 0.035 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!