Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

[Fed-Talk] EFI rootkit for Macs demonstrated

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fed-Talk] EFI rootkit for Macs demonstrated

Subject: [Fed-Talk] EFI rootkit for Macs demonstrated
From: Jeffrey Walton <email@hidden>
Date: Tue, 07 Aug 2012 09:30:31 -0400

http://www.h-online.com/security/news/item/EFI-rootkit-for-Macs-demonstrated-1655108.html

At the Black Hat hacker conference, Australian security expert Loukas
K (aka Snare) has demonstratedPDF a rootkit which is able to insert
itself into a Macbook Air's EFI firmware and bypass the FileVault hard
drive encryption system. Although the idea of an EFI rootkit is
nothing new, this is the first time it has been demonstrated live and
the hacker has used a previously unknown method based on a modified
Thunderbolt to Ethernet adapter.

From the point of view of an attacker, a rootkit inserted into the EFI
BIOS has some major advantages. The malicious code survives rebooting,
is able to bypass hard drive encryption, does not have to make any
changes to the hard drive, and is in a position to modify the
operating system kernel on booting. Infection requires physical access
to the computer (Evil Maid attack).
...
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Prev by Date: Re: [Fed-Talk] thnx for reply, but what about TRIM and SSDs?RE: Q. How do upgrade 2/3 year old MBP 15" with broken HD to mount lion?
Next by Date: [Fed-Talk] Mac hard drives
Previous by thread: Re: [Fed-Talk] thnx for reply, but what about TRIM and SSDs?RE: Q. How do upgrade 2/3 year old MBP 15" with broken HD to mount lion?
Next by thread: [Fed-Talk] Mac hard drives
Index(es):
- Date
- Thread