Sony Firmware Updates Are Both Broken with macOS High Sierra + Carry a Serious Security 'RootKit' Security Risk on all macOS Versions
See my Sony wish list and get Sony A7R III at B&H Photo.
Update 18 January: Sony has made the solution FAR WORSE by explicitly requiring installation of a kernel extension. If you’ve heard the term “best practices” applied to any process such as security, Sony is doing the opposite: “worst practices”. It’s outrageous. But maybe Sony cannot do it right; perhaps there is some (grievous lack of foresight) hardware design error that prevents an in-camera firmware update.
Update 20 Jan 2018: I worked around the issues by installing a fresh macOS El Capitan system onto an old 128GB Apple SSD in an OWC Mercury Elite Pro Mini enclosure, connected to a 2012 MacBook Pro.
After installing the fresh system, I booted off it, unmounted the internal SSD, installed the Sony updater (which does not require the kernel hack on macOS El Capitan that High Sierra does), updated the Sony A7R III firmware, rebooted off the internal drive, wiped out the external SSD and reinstalled a fresh El Capitan on it for next time. That external drive goes now sits in a drawer for doing the same thing for the next firmware update.
That process is not perfect: really nasty malware could infect even an unmounted volume, but it’s reasonably solid protection, and I did it on a spare machine. To get it really right, disconnect the internal drive, and then hope malware could not tweak hardware stuff in the laptop itself.
Original post...
Back in October I wrote about Sony’s risky approach to firmware updates which entail not only compatibility problems but a serious potential risk of compromising the entire computer by what is known as a “root kit”—Sony’ updater requires a kernel level updater = Very Very Bad.
'aces' writes:
I have been waiting and waiting for either Apple or Sony to fix this now we are in 2018 and I still can’t update any of my Sony cameras. Have you heard anything new? Thanks.
DIGLLOYD: I don’t expect Sony to change their risky security-incompetent design judgment on firmware updates. And macOS High Sierra is especially locked down on the new iMac Pro with its secure enclave and refusal to boot off many devices, making such issues far more of a problem.
- Sony Pictures Hacked: Do You Really Want to Update your Camera Firmware with a Sony Updater that Runs as 'root'?
- Sea Change: Security is Your Job Also, the Writing is on the Wall
- MacPerformanceGuide.com security articles
At least Sony *does* properly secure its Sony camera firmware updates page with https, albeit with a certificate that is not the highest grade. That is necessary but not sufficient.
Sony A7R III firmware update download page
What is the security issue?
When an application is given administrative 'root' access, it can do just about anything. That means it can install things like a keyboard sniffer, transmitting everything you type to some hacker in Belarus, so to speak. Thus all your accounts, all your money, your identity, etc is placed at risk.
Thus it’s no minor concern letting a program have unfettered root-level access to a computer these days. This is why Apple (kudos) increasingly has locked down macOS, particularly kernel extensions, which cannot run without explicit user approval in the Preferences => Security. This is why Sony’s updater “might” not work—because Apple is taking steps to lock out risky software.
That Sony takes this update approach is gross incompetence in software design (from a security perspective) that puts users at risk of total system compromise. That Sony cannot keep its own prized IT environment secure should persuade any rational person in this day and age that this security concern is worth taking seriously. If I were a hacker, the firmware updates of all cameras and devices would be prized targets because they would enable compromising tens to hundreds of millions of computers just by compromising an 'innocent' updater. A juicy soft target to say the least.
Nikon and Canon do firmware updates right, but Nikon’s firmware download site is wide open to various compromises because it fails to use a secure links (http only).
- Nikon has less bad problems with security but still deserves criticism.
- Olympus is as bad as Sony because they require the same risky rootkit installer approach.
- Leica is almost as bad as Nikon because both http and https are allowed—enabling various security attacks that force the client to an insecure connection.
- Canon properly secures its Canon firmware update and software download site.
Imperfect workarounds to Sony’s updater (and Olympus and Fujifilm)
Ideally, update firmware as stated here, but on macOS 10.12 or earlier.
- Clone the startup drive to any spare drive that the machine will boot from.
- Set the startup disk to the clone drive; shut down the machine.
- If possible, remove any other drives (can’t be done easily with most Macs, e.g., the internal SSD in a sealed iMac or laptop).
- Boot up off the clone.
- Install the Sony updater; update the camera.
- Remove the temporary boot clone.
- Boot off the original boot drive, and set the startup disk to it once rebooted.
Another approach even more tedious is to clone the startup drive to two backups, wipe the startup drive, reinstall macOS, install the Sony updater, update the camera, then wipe out and reinstall macOS, then boot off the clone and clone back onto the startup drive.
Of course, both of these approaches are a huge hassle, and neither guarantee safety.
My October 2017 post below
Over at MacPerformanceGuide.com, I’ve advised users, particularly professional users, not to upgrade to macOS High Sierra for at least 6 months.
Apple quality control has gone seriously downhill over the past 5 years. The most recent evidence for that is exposing cleartext passwords + a new zero day exploit and having to rush out a fix. It speaks volumes.
Below is a camera-related issue issue I received in email today: you might not be able to update firmware for Sony cameras when running macOS HighSierra. Sony ought to be more clear, is it “may not” [sic] or “will not”, or something else. Given Sony’s rootkit installer approach, it’s probably a security issue stopping it. Cameras should update firmware in camera, like Nikon and Canon do. Approaches that in essence require operating system kernel access are incredibly badly designed given the security risks.
See also:
- macOS HighSierra: APFS Conversion of Boot Drive SSD
- macOS High Sierra: Apple’s Technote on APFS is Both Confusing and Possibly Incorrect
- macOS HighSierra: Brief Use Brings Relief in a Way: Worth Ignoring for a While