• Researchers Create a Firmware Worm That Can Attack Macs



    Macs can apparently be successfully attacked using some of the same firmware vulnerabilities that affect many Windows PCs. This was demonstrated by a new proof-of-concept worm, dubbed Thunderstrike 2, which appears similar to the namesake Thunderstrike vulnerability hat was found last year and likely relies on some of the same attack vectors. According to a report by Wired, the worm was created by security researchers Trammell Hudson, who first discovered Thunderstrike, and Xeno Kovah.

    The proof-of-concept worm can transfer automatically between two Macs without them being networked. Furthermore, it escapes direction by most scanning software and even survives reformatting, leaving a “scorched earth” approach, re-flashing firmware chips, as the only method of mitigation.

    The particular code used in this case is based on research conducted by Kovah’s LegbaCore consultancy last year, which helped discover possible firmware exploits in PCs by companies like Dell, HP and Lenovo. Of the exploits discovered, five out of six of them are potentially applicable to Macs according to Kovah because computer manufacturers, including Apple, tend to rely on the same reference implementations.

    The Cupertino California company has been notified of the gaps and reportedly patched one of the exploits while partially fixing the second. As far as the rest go, there isn’t any word on whether these fixes include the changes made in OS X 10.10.2 to address Thunderstrike, or if they are separate updates.

    Thunderstrike 2 targets the option ROM on peripherals such as Ethernet adapters and SSDs, and can be spread by connecting an infected device to a Mac. An initial attack in this scenario can be infected by being delivered via email or malicious website and the researchers suggested that computer manufacturers could be cryptographically signing firmware and upgrading their hardware to allow authentication. Some of the write-protect switches may also potentially improve protection as could a tool for users to check if their firmware has been changed.

    As of right now, the security researchers are scheduled to share additional information at this year’s Black Hat USA security conference on August 6th, which is where we’re likely to find out more information.

    Source: Wired via AppleInsider
    This article was originally published in forum thread: Researchers Create a Firmware Worm That Can Attack Macs started by Akshay Masand View original post
    Comments 2 Comments
    1. NewD's Avatar
      NewD -
      This is actually really old news. From the moment, two (3?) years ago, that Macs starting using the same Intel CPU chip sets as PCs do they opened themselves up to the same viral/worm potential.
    1. glacius7's Avatar
      glacius7 -
      well, this really screw up a lot of mac users. a lot of mac followers don't know this kind of things. people that i know always say mac is bullet proof. i laughed at them. people invented machines and what make you think that is it bullet proof. freaking idiots...
  • Connect With Us

  • Twitter Box

  • Facebook