Apple's colorful mainstream flagship, starting at $749.
First Firmware Worm Able to Infect Macs Created by Researchers
A team of researchers has created the first firmware worm that's able to infect Macs, reports Wired. Building on "Thunderstrike" exploits uncovered earlier this year, the worm, dubbed "Thunderstrike 2," infects Macs at the firmware level, making it nearly impossible to remove. Embedded into firmware, malware is resistant to firmware and software updates, able to block them entirely or reinstall itself at will.
The worm was created by security engineer Trammell Hudson, who first discovered the Thunderstrike exploits, and Xeno Kovah, owner of firmware security consultancy LegbaCore. When Thunderstrike made waves earlier this year, it was a limited proof-of-concept attack with no known presence in the wild, but Thunderstrike 2 demonstrates a real-world worm able to target Macs using the same general vulnerabilities.
Thunderstrike 2, unlike the first demonstration of Thunderstrike, is able to infect a Mac remotely through a malicious website or email. Once on a Mac, it's able to spread itself to other Macs by hiding in the option ROM of peripheral devices like Apple's own Thunderbolt to Gigabit Ethernet adapter, external SSDs, RAID controllers, and more. Once infected by a Mac that has the Thunderstrike 2 worm, the peripheral would go on to infect any other Mac it connects to.
More information on Kovah and Hudson's research and the Thunderstrike 2 exploit can be found in a lengthy report over at Wired.
The worm was created by security engineer Trammell Hudson, who first discovered the Thunderstrike exploits, and Xeno Kovah, owner of firmware security consultancy LegbaCore. When Thunderstrike made waves earlier this year, it was a limited proof-of-concept attack with no known presence in the wild, but Thunderstrike 2 demonstrates a real-world worm able to target Macs using the same general vulnerabilities.
Thunderstrike 2, unlike the first demonstration of Thunderstrike, is able to infect a Mac remotely through a malicious website or email. Once on a Mac, it's able to spread itself to other Macs by hiding in the option ROM of peripheral devices like Apple's own Thunderbolt to Gigabit Ethernet adapter, external SSDs, RAID controllers, and more. Once infected by a Mac that has the Thunderstrike 2 worm, the peripheral would go on to infect any other Mac it connects to.
"People are unaware that these small cheap devices can actually infect their firmware," says Kovah. "You could get a worm started all around the world that's spreading very low and slow. If people don't have awareness that attacks can be happening at this level then they're going to have their guard down and an attack will be able to completely subvert their system."Removing malware embedded into a Mac's firmware would need to be done at the hardware level, making it particularly dangerous. According to the researchers, Apple has not done enough to fix the vulnerabilities that leave Macs open to these kind of attacks.
"Some vendors like Dell and Lenovo have been very active in trying to rapidly remove vulnerabilities from their firmware," Kovah notes. "Most other vendors, including Apple as we are showing here, have not. We use our research to help raise awareness of firmware attacks, and show customers that they need to hold their vendors accountable for better firmware security."Kovah and Hudson have notified Apple about the Thunderstrike 2 vulnerabilities, but thus far, Apple's only fixed one of five security flaws and introduced a partial fix for a second. Three of the vulnerabilities have not yet been patched, but it's likely Apple is working to get the flaws fixed in an upcoming security update.
More information on Kovah and Hudson's research and the Thunderstrike 2 exploit can be found in a lengthy report over at Wired.
[ 182 comments ]
Top Rated Comments
(View all)
41 months ago
Of all the alleged Mac "hacks" that have surfaced over the years, this is the only one that has seemed to be a legitimate concern to me. The other hacks usually required direct access to your computer or installing some shady torrent software after putting in an admin password. This thing can be remotely installed from a website and can't be wiped. Sure, don't visit a shady website you say. But if a web server is compromised in some other way and this hack is installed, you could get it from nearly anywhere. This is bad.
41 months ago
This is dated 2001, is it something new?
What do you mean dated 2001?
If you are looking to the left under the user avatar that is the join date
41 months ago
Ok, now this is kind of scary. Hardware replacement won't fix it? Neither will re-installing OS X? Infection could be stored in external devices such as Apples own thunderbolt adapter? *turns off Mac*
41 months ago
Assuming the user is stupid (a good percentage of people) and just keys the password in anyway renders your ideas useless.
Apple needs to do security better across OS X & iOS and quickly. That means plugging holes faster and stop being so damn lazy and treating security as a low priority.
41 months ago
Apple enthusiasts busy defending Apple, while living in complete denial about the risks, are just what Apple counts on, so they can push security down their list of priorities.
41 months ago
This worm has nothing to do with OS X, except it's the initial attack vector. Once installed, this is a pre-OS infection. It's a hardware infection. That's why it's so scary, and it ALSO demonstrates that this has nothing to do with Macs. PCs and peripherals of ANY brand could be infected in the same way if their firmware is not properly secured. That's where Apple needs to be investing its energy... security at the hardware level, which includes Macs, cables, Airport routers, Apple TVs, iPods, iPhones and iPads. Pretty much any device with firmware chips in it.
41 months ago
OS X won the prestigious "Most Vulnerable Operating System" trophy for 2014 with iOS not far behind.
http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/
http://www.neowin.net/news/mac-os-x-and-ios-top-2014-security-vulnerability-list
http://www.networkworld.com/article/2887240/microsoft-subnet/apple-linux-not-windows-most-vulnerable-operating-systems-in-2014-ie-wins-worst-app.html
http://www.zdnet.com/article/mac-os-x-is-the-most-vulnerable-os-claims-security-firm/
Makes us look stupid for all the times we've told everyone else how robust & secure OS X is, sorry I meant was.
41 months ago
So, what advice do the researchers offer to mitigate the issue at user level?
Hopefully Apple can sort this.
Hopefully Apple can sort this.
[ Read All Comments ]
Rachio today announced that it has added HomeKit support to its Rachio 3 Smart Sprinkler Controller, allowing the device to work with Siri and other HomeKit accessories to control sprinklers.
...
About one year ago smart lock company August Home was acquired by Swedish lock manufacturer Assa Abloy, which also owns Yale and a few other lock brands. Today, Yale and August announced that they...
Instagram co-founders Kevin Systrom and Mike Krieger have left Facebook, explaining in a statement this week that they are taking some time off to "explore our curiosity and creativity...
Apple Watch apps rarely misbehave, but if one becomes non-responsive or fails to refresh data, sometimes force-quitting the app and relaunching it can solve the issue.
Fortunately, it's...
Apple is reportedly shifting around iPhone XR orders amongst its manufacturing partners to ensure production issues don't cause supply constraints when the smartphone officially launches late...
Apple in macOS Mojave introduced Dynamic Desktops, which are wallpapers that shift with the time of day, changing the lighting and look of the wallpaper with the progress of the sun across the sky.
...
In macOS Mojave, Apple has introduced a range of new Finder Quick Actions that make it easier for you to perform quick edits to files without having to open the apps associated with them.
To...
In previous versions of macOS, the Quick Look feature lets you view photos and files without having to open them in an app. In macOS Mojave, Apple has also introduced some convenient new editing...
