Thunderstrike 2 foundĪdditional vulnerabilities and added software-only attacks that allowed Software update that coincided with my 31C3 presentation. The specific vulnerability in Apple's firmware update routine used was closed as part of the Which provided better persistence than a boot.efi implant on the harddrive. The key contribution of Thunderstrike over snare's work was that it allowed a proximate attacker to use the Thunderbolt adapter to overwrite the motherboard boot flash, Tools on a Mac even if a firmware password was enabled.
#Target macbook screwdriver install
The intended CONOP for Sonic Screwdriver is to be able to install EDG/AED The functonality of Sonic Screwdriver appears to be at the same level as presented in snare's slides - the Option ROM code is loaded before firmware passwords are checked, which allows it to bypass this password and boot from an alternate media device with a more extensive exploit, but does not have any flash level persistence.īased on the documentation, as far as I can tell it does not carry any payload of its own: Sonic Screwdriver predates Thunderstrike 1 by at least a year and based on the dates, however, I am assuming they saw snare's 2012 Black Hat presentation and then took six months to weaponize and package it for use.
The Sonic Screwdriver attracted my attention since many reports compared it to Thundestrike: theyīoth use the Apple Thunderbolt gigabit ethernet adapter and store their code in its Option ROM.
Some quick thoughts after reviewing some of the "Dark Matter" vault7 documents on wikileaks, with the caveat that these documents are all fairly old and almost certainly don't reflect the state of the art.
0 kommentar(er)
