[Fed-Talk] examination of pwning the EFI: Thunderstrike
[Fed-Talk] examination of pwning the EFI: Thunderstrike
- Subject: [Fed-Talk] examination of pwning the EFI: Thunderstrike
- From: "Dan O'Donnell" <email@hidden>
- Date: Thu, 01 Jan 2015 11:40:32 -0800
Trammell Hudson presented a thorough and detailed examination of attacking the EFI boot firmware in MacBook Pro through the Thunderbolt port and bus. This is an attack he calls Thunderstrike. It was first presented at 31c3 that just closed, so if you are reading from work you may not be able to view the original.
However, the full text+screenshot version is at his website:
The "abstract" (from the site) is:
In the first half of the talk we’ll go on a short adventure reverse engineering Apple’s EFI boot ROM firmware to understand how it is organized, how it is validated and how to modify it. I can promise you hex dumps, x86 assembly, some pseudo-C and a little bit of Perl. I hope that this introduction will help others with their efforts to get started with reverse engineering. The second half describes the Thunderstrike vulnerability, which allows an attacker to flash possibly malicious code to the boot ROM given a few seconds of access to the system. We’ll walk through the development of a proof of concept and demonstrate it. And the third half is some mitigation strategies, hopefully better than epoxy in the ports.
The talk is fairly long and technical, but interesting (if you are into that sort of thing). The techniques are not something that could be easily duplicated without considerable training and experience and some resources.
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden