Even if you keep your software up to date, your computer may be hiding vulnerable, outdated code within its deepest recesses that hackers can exploit to totally compromise your machine—leaving you none the wiser.
The issue has to do with firmware, programming written directly onto the metal of a machine that controls hardware. Firmware sits beneath the operating system at a level of privilege that, when accessed by an attacker, grants free-ranging, undetectable hacking powers.
This layer is so deep that even installing a new operating system or replacing a hard disk will not rescue an affected machine. A computer thus compromised is effectively unsalvageable.
Security researchers at Duo Labs gathered three years worth of data across 73,000 Apple (AAPL, +0.55%) Mac computers used in organizations spanning a variety of industries—some data were from customers, others were contributed by admins friendly to the research community—to see whether the machines were running the proper firmware, or extensible firmware interface (EFI), code that handles a computer's pre-boot processes. (EFI firmware is the first part of a Mac's programming that runs after a computer is turned on.)
The researchers made a surprising discovery. In a significant number of cases, computers running the latest versions of the macOS operating system lag when it comes to firmware—potentially leaving a core part open to compromise.
Of the tens of thousands of machines examined, roughly 54,000 computers were actively maintained by Apple. Of this subset, the researchers found on average a 4.2% deviation from the expected norm, meaning thousands of machines were running unexpected versions of EFI firmware. The iMac 16,2 with a 21.5-inch screen released in late 2015 had the highest occurrence of incorrect firmware at 43%, followed by three versions of the MacBook Pro with a13-inch screen released in late 2016, which deviated between 35% and 25%. (For the full rundown, read the team's blog post, which contains a link to the full research report.)
"There shouldn’t be any deviance ever," says Rich Smith, Duo’s director of research and development. "But there is and in some cases it is quite significant."
Since 2015, Apple has bundled firmware updates in with updates to its operating system—a move the researchers applaud for taking some of the onus off users for keeping their systems up to date. But there's a problem; should a firmware update fail, users aren't warned.
"There's no notification that an EFI update failed—no retry, it's just a silent failure," Smith says. This means your machine could be vulnerable and you would have no idea.
In contrast, when something goes wrong during an operating system upgrade, an alert typically pops up.
"You're software secure, but firmware vulnerable," Smith says.
No comments:
Post a Comment