Duo Security Discovers Apple Mac Computers Unprotected from Malicious Firmware Vulnerabilities
(Thomson Reuters ONE) -
Users with higher security clearance or access to sensitive information are most
at risk to highly targeted attacks against their computer's firmware
ANN ARBOR, MI--(Marketwired - Sep 29, 2017) - Duo Security, the leading Trusted
Access provider and one of the fastest growing cybersecurity companies in the
world, today released an in-depth whitepaper detailing a potential systemic
issue that leaves Apple Mac computers susceptible to exceptionally targeted and
stealthy attacks. The report shows Mac users who have updated to the latest
operating system (OS) or downloaded the most recent security update may not be
as secure as they originally thought.
A Duo Labs analysis of over 73,000 real-world Mac systems gathered from users
across industries found the Extensible Firmware Interface (EFI) in many popular
Mac models was not actually receiving the security updates users thought. This
left users susceptible to previously disclosed vulnerabilities such as
Thunderstrike 2 and the recent WikiLeaks Vault 7 data dumps that detail attacks
against firmware.
* What is EFI Firmware? EFI Firmware is present in computers to boot and
control the functions of hardware devices and systems. It can be compared to
a starter motor in a car and helps a system get from powering on to booting
the operating system.
* Why Attack EFI Firmware? Attacks on EFI firmware are particularly valuable
for sophisticated malicious actors, as it gives them a high level of
privilege into a user's system. Moreover, it is incredibly difficult to
detect and even more challenging to remediate, as even wiping the hard disk
completely wouldn't remove this kind of compromise.
* Who is Most at Risk? Due to the sophistication required in executing the
attack, users that work with particularly sensitive information or have
security clearance are most often targeted with this kind of advanced 'pre-
boot' attack code.
* What Should You Do? Organizations with fleets of Mac computers should review
the models outlined in the whitepaper to see if their model(s) are out-of-
date. From here, it may be time to consider replacing your devices to the
newer models if such attacks are within your threat model, and be sure to
continue installing security updates promptly after release.
"Firmware is an often overlooked yet vital component of a system's security
structure," said Rich Smith, Duo Director of Research and Development. "The
sophisticated and targeted nature of firmware attacks should be of particular
concern to those who have higher security clearance or access to sensitive
information at their respective organizations. The worst possible state for
users is to be under the assumption that they are secure after updating their
system, when in fact, their actual security posture is very different than what
they believe it to be."
In 2015, Apple began bundling their software and firmware updates in an effort
to ensure users automatically obtained the most current firmware security. This
allowed Duo Labs to analyze the state of Apple's EFI security by looking at Mac
updates released in the last three years to compare the actual state of their
EFI security to the expected state. The findings were staggering:
* Users running a version of macOS/OS X that is older than the latest major
release (High Sierra) likely have EFI firmware that has not received the
latest fixes for known EFI issues. This means these systems can be software
secure but firmware vulnerable.
* On average, 4.2% of real-world Macs used in the production environments
analyzed are running an EFI firmware version that's different from what they
should be running, based on the hardware model, the OS version, and the EFI
version released with that OS version.
* At least 16 models of Mac computers have never received any EFI firmware
updates. The 21.5" iMac, released in late 2015, has the highest occurrence
of incorrect EFI firmware with 43% of sampled systems running incorrect
versions.
* 47 models capable of running 10.12, 10.11, 10.10 did not have an EFI
firmware patch addressing the vulnerability, Thunderstrike 1, while 31
models capable of the same did not have an EFI firmware patch addressing the
remote version of the vulnerability, Thunderstrike 2.
* Two recent security updates issued by Apple (Security Update 2017-001 for
10.10 and 10.11) contained the wrong firmware with the update. This would
indicate regression or a lag in quality assurance.
"As the pre-boot environment becomes increasingly like a full operating system
in and of its own, it must also be treated like a full OS in terms of the
security support and attention applied to it," added Pepijn Bruienne, Duo
Research and Development Engineer. "We are confident Apple is making significant
efforts to increase the security of their EFI environment, and look forward to
continuing our research to include the newest OS - High Sierra."
"While our findings are striking, Apple should be commended in its efforts to
get ahead of firmware security issues and seen as an example for the rest of the
industry of how to approach the issues surrounding firmware security," said
Smith. "We hope this report will not only help Apple strengthen security, but
also get the attention of all manufacturers on the importance of firmware
security and giving users more visibility into the security health of all
aspects of their computers."
To help Mac users to determine if their EFI firmware on their Mac computer is
indeed up to date, Duo is releasing a free open-source tool called "EFIgy."
Additional functionality will be added to also assess whether users' version of
EFI is exposed to a known EFI vulnerability. Please visit:
https://github.com/duo-labs/EFIgy to access the tool.
For more information and to review the full report, please visit:
https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research
About Duo Security
Duo Security is a cloud-based Trusted Access provider protecting thousands of
the world's largest and fastest-growing companies and organizations, including
Dresser-Rand Group, Etsy, Facebook, K-Swiss, Paramount Pictures, Random House,
SuddenLink, Toyota, Twitter, Yelp, Zillow and more. Duo's innovative and easy-
to-use technology can be quickly deployed to protect users, data and
applications from breaches, credential theft and account takeover. The Ann
Arbor, Michigan-based company also has offices in San Mateo, California; Austin,
Texas and London. Duo is backed by Benchmark, Google Ventures, Radar Partners,
Redpoint Ventures and True Ventures. Try it for free at www.duo.com.
About Duo Labs
Duo Security's advanced research arm, Duo Labs, is a team of hackers,
researchers and engineers dedicated to protecting the public by identifying and
fixing IT vulnerabilities on a broad scale. Duo Labs is an industry-leading
source of research on mobile and cloud security, malware analysis, Internet of
Things (IoT) and phishing tactics, among other areas. For more information,
visit https://duo.com/labs or follow them on Twitter: (at)duo_labs.
Press Contact
Meredith Corley & Jordan Fylonenko
Duo Security
Press(at)duo.com
This announcement is distributed by Nasdaq Corporate Solutions on behalf of Nasdaq Corporate Solutions clients.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Duo Security via GlobeNewswire
Unternehmensinformation / Kurzprofil:
Bereitgestellt von Benutzer: hugin
Datum: 29.09.2017 - 14:00 Uhr
Sprache: Deutsch
News-ID 561900
Anzahl Zeichen: 8407
contact information:
Town:
Ann Arbor, MI
Kategorie:
Business News
Diese Pressemitteilung wurde bisher 295 mal aufgerufen.
Die Pressemitteilung mit dem Titel:
"Duo Security Discovers Apple Mac Computers Unprotected from Malicious Firmware Vulnerabilities"
steht unter der journalistisch-redaktionellen Verantwortung von
Duo Security (Nachricht senden)
Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).





