HackDig : Dig high-quality web security articles

Macs can be permanently compromised via firmware worm

2015-08-04 09:25
Security researchers Xeno Kovah and Trammell Hudson have discovered several flaws in the firmware installed on Apple computers, and have created a worm that can silently infect them and change the firmware in question to achieve persistence in the system.

Dubbed Thunderstrike 2 because it's an improved variant of the Thunderstrike attack demonstrated by Hudson in January, the worm can be easily delivered via a phishing email or a malicious website, and spread to other computers.

"That malware would then be on the lookout for any peripherals connected to the computer that contain option ROM, such as an Apple Thunderbolt Ethernet adapter, and infect the firmware on those. The worm would then spread to any other computer to which the adapter gets connected," Kim Zetter explained.

This is a type of malware that can't be easily detected, as AV software and other security solutions don't have the ability to check a system's firmware. Firmware updates also can't solve the problem, as they can either be blocked by the malware or the malware can rewrite itself on the firmware again after the update.

Reinstalling the OS or replacing the computer's hard drive won't work either - the only solution is to re-flash the chip that contains the malware.

Unfortunately, this is not something that many users known how to do.

“For most users that’s really a throw-your-machine-away kind of situation," Kovak pointed out. "Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”

Kovah and Hudson are set to demonstrate the attack and the effectiveness of the malware at the Black Hat USA 2015 conference. Here is a short video of that:

Apple has been informed of the firmware vulnerabilities the researchers found, and has patched two of them. Three of them are still unpatched.

Source: php.swen_erawlam/siO5tlEfnd0/3~/ytiruceSteNpleH/r~/moc.elgoog.yxorpdeef

Read:4768 | Comments:0 | Tags:No Tag

“Macs can be permanently compromised via firmware worm”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud