Recently there has been a study done. A company by the name of “Duo” has been analyzing the firmware in many models of Apple computers. What they had found is that while the OS may have been up to date, in some cases the computers EFI firmware was not. Duo’s reasoning behind using Apple products was that Apple themselves handle everything, from the software, to the hardware, and everything in between. This is not to say that the issue doesn’t occur on windows systems.
Actually, it might even be worse due to the fact that most windows systems use parts from other manufacturers. This essentially means that unless you update the firmware yourself you probably will not be receiving updates for it. On the other hand an Apple computer is usually set to install EFI firmware updates as the operating system updates. However, the problem has become when that doesn’t happen.
I’ve been going on about EFI and that it probably isn’t being properly updated on the systems, but what is it? EFI, or Extensible Firmware Interface, is a type of firmware. Firmware is a type of software that is fully independent from the operating system and can perform many tasks. The first and foremost job of EFI is to get your system up and running, though it can take on other roles like remote diagnostics to fix problems on a computer without anyone being present at the physical device.
So, what can be done by an attacker if your EFI isn’t up to date? Well, in an Apple system there are a few attacks that come to mind. The first being Thunderstrike. Basically what Thunderstrike allowed an attacker to do was flash a new EFI in place of the current Apple firmware version. This allowed for the attacker to have control of many aspects of the system without the user realizing it or being able to remove it. This mode of attack required physical access to one of the machines thunderbolt ports in order to write the new boot ROM. Later, Thunderstrike 2 came around. This did basically the same thing, except that the attacker could do it remotely.
Who is at risk? On average about 4.2% of the systems Duo analyzed had the wrong EFI version for their respective models. That doesn’t sound like a lot, but given the vast user base of Apple products this is actually quite a lot of systems. It also depends on the model you have. Some are more likely to have the wrong version over others. Duo released a table of Mac models that are likely to not have the correct firmware version.
||iMac7,1; iMac8,1; iMac9,1; iMac10,1
||MacBookPro3,1; MacBookPro4,1; MacBookPro5,1; MacBookPro5,2; MacBookPro5,3; MacBookPro5,4
||MacPro3,1; MacPro4,1; MacPro5,1
If your device is listed in this table then it has the potential of not having the correct version of EFI firmware or the firmware may have never been updated at all.
The bottom line is that EFI is just important to keep up to date as our operating systems, but most of us don’t even realize that it’s an issue. It doesn’t generally affect system performance so we generally don’t even think about it. In the world of Apple consumers this shouldn’t be a problem, seeing as the newest updates were supposed to fix the issues of EFI patches not being installed. However if you are on a Windows, Linux, or any other type of system, you may want to update your EFI firmware. In most cases this comes as a BIOS update for your motherboard.
Duo analyzed about 73,000 real world Mac systems, only using systems with updates that had been released within the last three years.
Duo also has their study publicly available in PDF format.
Duo Labs Report: The Apple of Your EFI