Intel Security has released a detection tool after the leaked Vault7 documents indicated that the CIA had developed malware that can compromise the firmware of Apple MacBooks.
The revelations from WikiLeaks suggest that the CIA created Extensible Firmware Interface (EFI) rootkits, called DarkMatter, in order to crack Apple MacBooks.
Apple stated at the time that it had addressed many of the issues in its latest laptops, but added that continued to work rapidly to address any other identified vulnerabilities. It didn’t mention any specific vulnerabilities to MacBooks or its Mac OS X operating system.
To help detect and remove this alleged threat, Intel Security has updated its Chipsec BIOS tool, which it said would enable users to check whether their computer’s low-level system firmware, or EFI, has been altered and contains unauthorised code.
The EFI runs before the operating system, and prepares the computer’s hardware components during a system boot process.
The tool compares the EFI executable binaries from a clean EFI firmware image – perhaps the original – to the existing EFI to check for new binaries.