Thousands of Mac computers are still vulnerable to EFI hacks
Antivirus software can't check your hardwareBy Greg Synek
Apple is generally known for keeping its own operating systems secure, but there is a caveat that Cupertino seems to be putting on the back burner. Security firm Duo presented research at Ekoparty security conference that shows between one third and one half of Mac computers may be susceptible to EFI modifications, granting completely silent access to a machine.
Replacing the legacy BIOS, extensible firmware interface (EFI) is the newer method of starting an operating system. Duo discovered that although regular operating system updates were being applied, vulnerable EFI code often failed to update and did not inform the user of a failure. Worse yet, in many cases no patches were issued at all.
The worst offender of failed EFI updates is the late 2015 21.5" iMac showing a failure rate of 43%. Three different versions of the 2016 Macbook Pro also had outdated or incorrect EFI versions in one quarter to one third of samples. In order to check if your Mac computer is vulnerable, Duo will be releasing an open source tool on their GitHub repository.
Even though Duo performs security research with generally accepted intentions, other groups could utilize custom EFI software for nefarious purposes. Demonstrated by both the NSA and CIA as shown in WikiLeaks Vault 7 release, EFI code has been actively exploited for a variety of purposes.
A major concern of EFI or other firmware exploits is that running traditional antivirus software cannot detect it. Even formatting or removing a hard drive will not fix the problem as EFI code is stored on a motherboard memory chip that is not user accessible while an operating system is running. For now, users should ensure their operating system is up to date and check for EFI updates from Apple.