World’s first (known) bootkit for OS X can permanently backdoor Macs

[White Stripes]

http://arstechnica.com/security/2015/01/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs/

Securing Macs against stealthy malware infections could get more complicated thanks to a new proof-of-concept exploit that allows attackers with brief physical access to covertly replace the firmware of most machines built since 2011.

Once installed, the bootkit—that is, malware that replaces the firmware that is normally used to boot Macs—can control the system from the very first instruction. That allows the malware to bypass firmware passwords, passwords users enter to decrypt hard drives and to preinstall backdoors in the operating system before it starts running. Because it's independent of the operating system and hard drive, it will survive both reformatting and OS reinstallation. And since it replaces the digital signature Apple uses to ensure only authorized firmware runs on Macs, there are few viable ways to disinfect infected boot systems. The proof-of-concept is the first of its kind on the OS X platform. While there are no known instances of bootkits for OS X in the wild, there is currently no way to detect them, either.

[Pri]

Same issue as replacing BIOS on a PC. It's a serious issue that companies need to take more seriously. NVIDIA recently changed their graphics cards so only signed firmware can be used on their cards, previous to this it was possible to flash the cards with malware which would have direct memory access and that issue affects both PC's and Macs. Same situation with RAID cards, some Sound Cards, some Network cards.

For the very sophisticated attacker (state sponsored especially) there are literally handfuls of nonsecure BIOS/Firmware chips to store your malware where antiviruses simply don't check.

Which reminds me, due to the threat from this NVIDIA has written a memory dumper for their cards so that researchers can investigate the possibility of malware being loaded in to their GPU's memory. It's a Linux only tool right now.

[White Stripes]

nvidia wrote a linux only tool? what makes me think its not open source...

anyway... with all this 'serial number' stuff going on ... what the hell happened to the jumper on the motherboard that would render the systems flash bios or firmware as 'read only' .... in order to do an update had to take the computer apart but how often is the firmware updated on the average computer? not often.... ive done 2 bios updates in my life... both interestingly for laptops... hmm..