The Apple of Your EFI: Mac Firmware Security Research
We are really excited to give a talk at Ekoparty in Buenos Aires on September 29th, 2017 covering some recent research we have done on the security support being given to Apple’s EFI firmware. To accompany the conference talk, we are also releasing a technical paper that goes into greater detail covering the data we collected during our analysis.
In addition to the paper, we’re also pleased to be able to release some of the tooling and APIs we have developed during this work with the aim of helping Apple Mac users and admins get better visibility to the state of the EFI their Mac systems are running and any potential problems there may be. This blog post summarizes some of the main areas of the research and interesting things we found during our analysis and acts as an accessible introduction to the technical paper which can be downloaded from the link below.
Over the last few months, Duo Labs has been working on a project researching the difference in security support provided by vendors to the firmware in their systems as compared to the software. The term firmware covers a wide range of things in a modern system, so for the sake of this study, we focused on looking at the security support given to EFI firmware. EFI is the pre-boot environment that has, by and large, replaced the legacy BIOS environment that had been common since the mid to late 1970s. Some further information comparing and contrasting certain aspects of BIOS and EFI can be found here.
What’s This EFI Thing and Why Should I Care?
In a modern system, the EFI environment holds particular fascination for security researchers and attackers due to the level of privilege it affords if compromise is successful. EFI is often talked about as operating at privilege level ring -2 (a great quick explanation of protection rings below 0 is here), which indicates it is operating at a lower level than both the OS (ring 0) and hypervisors (ring -1). In a nutshell, this means that attacking at the EFI layer means that you exert control of a system at a level that allows you to circumvent security controls put in place at higher levels, including the security mechanisms of the OS and applications.
In addition to the ability to circumvent higher level security controls, attacking EFI also makes the adversary very stealthy and hard to detect (it’s hard to trust the OS to tell you the truth about the state of the EFI); it also makes the adversary very difficult to remove - installing a new OS or even replacing the hard disk entirely is not enough to dislodge them. Recent leaks of attack tooling under the moniker Vault 7 reignited some interest in the space of EFI boot/rootkits as there was one dubbed SonicScrewdriver that made use of vulnerabilities that had been discussed publicly at security conferences in years past. If you’re interested in reading more about EFI attacks and vulnerabilities that have been previously discovered, then there are links for further reading at the end of this post.
Our research focused on the Apple Mac ecosystem as Apple is in a somewhat unique position of controlling the full stack from hardware, through firmware, OS, and all the way up to application software and can be considered widely deployed. This single stakeholder ecosystem made the job of gathering and analyzing relevant data for our research quite a bit simpler, however, we are of the belief that the main issues we have discovered are generally relevant across all vendors tasked with securing EFI firmware and are not solely Apple.
What Did We Analyze?
Our analysis is based upon the comparison of two datasets built during the first stage of the research work. A summary of the datasets created and the subsequent analysis upon which our work was based is below:
- We analysed all Apple Mac updates released over the last three years (10.10.0 - 10.12.6) to produce a taxonomy of EFI updates that were contained within the larger OS and Security updates released by Apple, allowing us to build a dataset that maps the OS build and Mac model to the expected version of EFI
- We then gathered OS version, build number, Mac model version, and EFI firmware version from over 73,000 real-world Mac systems deployed in organizations across a number of industry verticals to give us a large dataset of the Apple EFI environments that are in production use
- Once we had these two datasets, we analyzed them both independently and comparatively to explore the questions we had about the level of security support being afforded to a Mac’s EFI environment.
- The comparison and observed discrepancies between these two datasets gives us a way to look at the deviance between the expected state of a Mac’s EFI and the actual state as we observed from systems in real-world use
- For the known EFI vulnerabilities that have been acknowledged by Apple and had fixes released, we correlated the Mac models and OS versions that had EFI updates made available
- We also took time to reverse engineer the way in which the Apple EFI firmware update tools operate, select and apply EFI updates
Key to differential analysis is the understanding that since late 2015, Apple has released updates for EFI contained within the larger OS and security updates. This is useful as it means that end users don’t have to even realize their EFI firmware needs updating and it will be done automatically when they update to the latest version of the OS.
Another advantage of Apple bundling the EFI updates with the OS and security updates is that it provided us with a triplicate mapping between the particular model of Mac, the OS build version and the version of EFI that came bundled with that OS version. These mappings provided us with an oracle that, when it was given the OS version and Mac model as inputs, it would provide the version of EFI that system should be running. We could then compare the EFI version we expect a system to be running against the EFI version we actually observed it running in reality.
What is the TL;DR of What We Found?
Our research has shown there are considerable discrepancies in how Apple provides security support to its EFI firmware as compared to how they support the security of the OS and software. These discrepancies come in a variety of forms that are related but distinct. A high-level summary of what our analysis highlighted is summarized below:
- There was a surprisingly high level of discrepancy between the EFI versions we expected to find running on the real-world Mac systems and the EFI versions we actually found running. This creates the situation where admins and users have installed the latest OS or security update, but for some reason, the EFI was not updated. Compounding this issue is the lack of notifications provided to the user to inform them that they are running an unexpected version of EFI firmware. This means that users and admins are often blind to the fact that their system’s EFI may continue to be vulnerable.
- The security support provided for EFI firmware depends on the hardware model of Mac. Some Macs have received regular EFI updates, some have only been updated after particular vulnerabilities have been discovered, others have never seen an update to their EFI.
- The security support provided for EFI firmware also depends on the version of the OS a system is running. A Mac model running OS X 10.11 can receive distinctly different updates to its EFI than the same Mac model running macOS 10.12. This creates the confusing situation where a system is fully patched and up to date with respect to its software, but is not fully patched with respect to its EFI firmware - we called this software secure but firmware vulnerable.
- For the main EFI vulnerabilities that were acknowledged by Apple and patched during the time of our analysis, there were surprising numbers of models of Macs that received no update to their EFI despite continuing to receive software security updates. Further compounding this issue is the difficulty for end users to find out exactly which systems are receiving EFI updates (in a particular, an OS or security update) as well as which security issues a particular version of EFI may be vulnerable to.
- Our analysis also highlighted a number of other discrepancies related to the security support provided to EFI firmware. One example being a security update released in early 2017 that appears to erroneously contain older versions of EFI firmware than the security update that preceded it in late 2016. There were also a number of instances where individual models of Mac stood out in their absence of receiving EFI updates despite closely-related systems receiving updates. Some of these findings raise questions around the level of QA being applied to the EFI firmware components of Apple’s OS and security updates.
What Does This Mean to Me?
While all of the above may be interesting, the thing most people are interested in is ‘what does it all mean to me?’ The three main takeaways from our work that are relevant to most Mac users are:
- If you are running a version of macOS/OS X that is older than the latest major release (10.12 Sierra at the time of writing this blog post), then your EFI firmware may not have received the latest fixes for known EFI issues. Even though OS X 10.11 (El Capitan) and 10.10 (Yosemite) still receive security updates from Apple, the EFI firmware updates they receive appear to be lagging behind or are absent entirely
- Even if you’re running the most recent version of macOS and have installed the latest patches that have been released, our data shows there is a non-trivial chance that the EFI firmware you’re running might not be the most up-to-date version
- If you are running one of the 16 Mac models listed below, then our data indicates that your system won’t have received any EFI firmware updates at all:
|Mac Model||Version Number|
|iMac||iMac7,1; iMac8,1; iMac9,1; iMac10,1|
|MacBookPro||MacBookPro3,1; MacBookPro4,1; MacBookPro5,1; MacBookPro5,2; MacBookPro5,3; MacBookPro5,4|
|MacPro||MacPro3,1; MacPro4,1; MacPro5,1|
The upshot of all of the above is that the state of your Mac’s EFI firmware may not be what you expect it to be, and in a number of circumstances, this may leave you vulnerable to a variety of known public EFI security issues.
Well, That Sounds Scary, What Should I Do?
Great question, glad you asked! The basic advice we have is as follows:
- Check if you’re running the latest version of EFI for your system. As part of this release, we’ve provided some new tools to help you. You can find more about them and how to use them here
- If possible, update to the latest version of the OS 10.12.6. This will not only give you the latest versions of EFI firmware released by Apple, but also make sure you’re patched against known software security issues as well.
- If you’re not able to update to version 10.12.6 either because your hardware is not able to run it, or because you need to run an older version for software compatibility reasons, you may be out of luck and not be able to run the most up-to-date EFI firmware
- Check if you’re running a Mac that is on the list of hardware that hasn’t received an EFI update. If it is, you may be out of luck and not able to run up-to-date EFI firmware
- If you’re not able to run up-to-date EFI firmware for one reason or another, use our tools called EFIgy to get informed about whether your current version of EFI is exposed to a currently known EFI vulnerability
Now before you throw out that silver fruit logo’d system, it’s worth keeping in perspective the actual risks that running out-of-date EFI firmware may pose to you. Or, if we want to get all fancy, let’s understand your threat model.
If you’re a Mac system admin, or use a Mac for work and you have systems that fall into one of the categories discussed above, then it’s well worth considering how a system with a compromised EFI could impact your environment as well as how you would be able to attest to the integrity of the EFI firmware of your Macs. In many situations, answers to those questions would be ‘badly’ and ‘we probably wouldn’t be able to.’
In those situations, it would be well worth considering end of life’ing Macs that cannot have updated EFI firmware applied, or moving them into roles where they are not exposed to EFI attacks (physically secure, controlled network access). While EFI attacks are currently considered both sophisticated and targeted, depending on the nature of the work your organization does and the value of the data you work with, it’s quite possible that EFI attacks fall within your threat model. In this regard, vulnerability to EFI security issues should carry the same weight as vulnerability to software security issues and you need to determine if you can accept the risk of having vulnerable (and potentially unpatchable) systems in your environment.
If you’re a home user with a Mac that falls into one of the above categories as their personal computing device, then the sky isn’t falling for you, in our opinion. Attacks against EFI have so far been part of the toolkit used by sophisticated adversaries who have specific high value targets in their sights. Such adversaries are often spoken about in the same breath as nation state attacks and industrial espionage.
Most everyday home users fall well outside of this attack model, and thankfully, as far as we are aware, there are not any EFI exploits that are being used as part of commodity exploit kits, malware, or ransomware that has been detected in the wild. That’s not to say this might not change in future, however, there are easier, cheaper, and arguably more effective ways in which attackers can target home users. Remember, the characteristics of EFI attacks that make them attractive is the high level of stealth and the degree of persistence they achieve that can circumvent the security controls and monitoring that may be in place. While it may sound all very Mr. Robot and, therefore, exciting, at this time, those attack characteristics are only really needed for targets that have fairly advanced security defenses in place that are above and beyond most home user defenses.
If you can patch and get your EFI firmware into a more secure state, we absolutely encourage you to do so, but if that is not possible, then continuing to use your current system will, in all likelihood, not result in a severe increase in risk due to the very nature of EFI attacks themselves. Note that we didn’t say zero risk, there are variety of scenarios we could construct where your system’s vulnerability to an EFI security issue could be used against a home user, such as when crossing the border into or out of a country. However for most people in most situations, the risk is currently not severe.
Ultimately, you are the only one who can make the determination of your threat model and what level of risk you’re prepared to accept. If you feel like vulnerability to EFI issues is unacceptable, then there may be a shiny new computer in your future (and if you’ve been looking for an excuse to get a new system then feel free to blame it on us, we’re happy to help!).
This blog post has only skimmed the surface of the research we performed, the data we gathered and the conclusions and findings we arrived at. If you’d like to get more details, download our research paper, The Apple of Your EFI: Findings From an Empirical Study of EFI Security. We’re also presenting our findings at the Ekoparty conference this year.
Overall, our intent is to highlight the importance of ensuring the security of all components of the systems in your technology environment, and this includes your pre-boot firmware, OS and application software. The data we gathered led us to some surprising conclusions in terms of the divergence in the security support being provided to EFI firmware when compared to software security support.
It also highlighted some deficiencies in terms of overall visibility to EFI firmware security, this manifests in the lack of end user notification for systems running out-of-date EFI even if they are running an up-to-date OS, as well as the lack of details coming from Apple with respect to the versions of EFI systems that should be running or the vulnerabilities those versions are exposed to.
Our research into the security support of EFI firmware is in effort to contribute to continual security improvements across the industry. We’re looking for issues that may be systemic, as well as for ways to raise awareness and improve security overall. In this particular case, we’ve identified a number of concerns and shortcomings with the way that EFI firmware is afforded security support as compared to software and we hope that sharing our findings with Apple will help improve EFI security in the future.
Ultimately, what this work means for you and your Apple environment depends on your threat model and the risk you are comfortable with accepting. We are firm in our belief that for you to be able to understand, compensate or accept a risk, you need to have all the information to make mindful and informed decisions. We’re pleased to be able to share our research with everyone in an effort to help them do just this.
If you’re interested in finding out more about UEFI security and existing work in the space, check out these links:
- Duo Labs’ EFIgy Tools
- Beyond BIOS in Intel’s Developer Zone
- Advanced x86: Introduction to BIOS & SMM
- Advanced Threat Research: Firmware Security Training on Github
- BIOS Necromancy: Utilizing “Dead Code” for BIOS Attacks
- De Mysteriis Dom Jobsivs: Mac EFI Rootkits
- Trammell Hudson’s 31C3 Thunderstrike Talk
- Trammell Hudson’s Overview of Thunderstrike
- UEFITool on Github