A long-standing but recently revealed security hole in the EFI boot ROM in OS X system may allow attackers to take over Apple hardware that shipped with a Thunderbolt port.
In the upcoming Chaos Communications Congress in Germany, the attack, which was found by researcher Trammell Hudson, will allow a compromised Thunderbolt device to modify the ROM of a vulnerable Mac, which then could compromise the ROM of any additional Thunderbolt devices subsequently attached to the same Mac and have them likewise be able to infect additional hardware.
This approach to hacking a system is similar to recent demonstrations of exploiting Macs with keyboard-mimicking USB hardware that can be scripted using Perl, Shell, and AppleScript languages to quickly modify system settings in OS X, simply by plugging the device into the USB port for a few seconds.
These approaches are interesting findings, and will likely result in ROM and software updates to help prevent unauthorized access, but overall are not something that the average user should worry about. Simply be aware of who you give access to your Mac, and take all security precautions to lock down your data, and you should be good to go.
I don’t let other people even look at my iMac!
How can ROM be modified?
ROM is only intended to be “Read Only” under general use, but can be modified in special ways, the most common of which is to flash it. In general, the system reserves flashing as the only way to modify ROM; however, bugs such as this one may allow ROM contents to be overwritten, and result in problems.
Macworld reported this exploit only applies to Mac laptops. I don’t know why there a difference here and there, but in any case this is something Apple needs to patch PDQ before hackers figure out how to use it.
Excellent article in todays Arstechnica on this exploit.
World’s first (known) bootkit for OS X can permanently backdoor Macs