The next time you wish to hack into a Mac, it may help to grab your wand and book of spells. At the NoSuchCon security conference this week, security architect Alex Ionescu presented a talk where he revealed that special undocumented code on a Mac’s SMC (system management controller) can be invoked by entering a secret spell used in J.K. Rowling’s Harry Potter series.
That spell is “SpecialisRevelio,” the words used by a wizard to “reveal charms and hexes that have been cast onto a target” or “reveal the ingredients of a potion.” In an Ars Technica post about the secret spell, blogger Dan Goodin notes that “While most details are far too technical for this article, the gist of the research is that the SMC is a chip that very few people can read but just about anyone with rudimentary technical skills can ‘flash’ update.”
One of the possible attacks that Ionescu pointed out is infecting the SMC with code to pull out the FileVault key used to encrypt a Mac drive, although to implement this an attacker would have to know details of the Mac like the model, year and screen size in advance.
Much more likely attacks provided by the spell backdoor include marking targets. The SMC could be programmed to emit audible or visual alerts through the fans or LED displays, which could point out a specific Mac to an attacker. A Mac could even be programmed to turn off at a certain time and refuse to boot again.
There’s good news in all of this scary talk: to reflash the firmware an attacker has to have physical access to the Mac. Ionescu also reported that many of the SMC security holes were plugged in OS X Mountain Lion. A full copy of the presentation can be downloaded here (PDF file).