ceClub: Thunderstrike: EFI firmware bootkits for Apple MacBooks

Trammell Hudson (Two Sigma)
Monday, 25.5.2015, 11:30
Room 337-8 Taub Bld.

In this presentation we demonstrate the installation of persistent firmware modifications into the EFI boot ROM of Apple's popular MacBooks. The bootkit can be easily installed by an evil-maid via the externally accessible Thunderbolt ports and can survive reinstallation of OSX as well as hard drive replacements. Once installed, it can prevent software attempts to remove it and could spread virally across air-gaps by infecting additional Thunderbolt devices.

Trammell Hudson works at Two Sigma Investments on security, networking and distributed computation projects. Prior to coming to New York, he worked for many years at Sandia National Labs on message passing and operating systems for Top500 parallel supercomputers. More info: http://twosigma.com and https://trmm.net/

Back to the index of events