First Firmware Worm Able to Infect Macs Created by ResearchersA team of researchers has created the first firmware worm that's able to infect Macs, reports
Wired. Building on "Thunderstrike" exploits
uncovered earlier this year, the worm, dubbed "Thunderstrike 2," infects Macs at the firmware level, making it nearly impossible to remove. Embedded into firmware, malware is resistant to firmware and software updates, able to block them entirely or reinstall itself at will.
The worm was created by security engineer Trammell Hudson, who first discovered the Thunderstrike exploits, and Xeno Kovah, owner of firmware security consultancy LegbaCore. When Thunderstrike made waves earlier this year, it was a limited proof-of-concept attack with no known presence in the wild, but Thunderstrike 2 demonstrates a real-world worm able to target Macs using the same general vulnerabilities.
<center><iframe width="560" height="315" src="
https://www.youtube.com/embed/Jsdqom01XzY" frameborder="0" allowfullscreen></iframe></center>
Thunderstrike 2, unlike the first demonstration of Thunderstrike, is able to infect a Mac remotely through a malicious website or email. Once on a Mac, it's able to spread itself to other Macs by hiding in the option ROM of peripheral devices like Apple's own Thunderbolt to Gigabit Ethernet adapter, external SSDs, RAID controllers, and more. Once infected by a Mac that has the Thunderstrike 2 worm, the peripheral would go on to infect any other Mac it connects to.
"People are unaware that these small cheap devices can actually infect their firmware," says Kovah. "You could get a worm started all around the world that's spreading very low and slow. If people don't have awareness that attacks can be happening at this level then they're going to have their guard down and an attack will be able to completely subvert their system."
Removing malware embedded into a Mac's firmware would need to be done at the hardware level, making it particularly dangerous. According to the researchers, Apple has not done enough to fix the vulnerabilities that leave Macs open to these kind of attacks.
"Some vendors like Dell and Lenovo have been very active in trying to rapidly remove vulnerabilities from their firmware," Kovah notes. "Most other vendors, including Apple as we are showing here, have not. We use our research to help raise awareness of firmware attacks, and show customers that they need to hold their vendors accountable for better firmware security."
Kovah and Hudson have notified Apple about the Thunderstrike 2 vulnerabilities, but thus far, Apple's only fixed one of five security flaws and introduced a partial fix for a second. Three of the vulnerabilities have not yet been patched, but it's likely Apple is working to get the flaws fixed in an upcoming security update.
More information on Kovah and Hudson's research and the Thunderstrike 2 exploit can be
found in a lengthy report over at
Wired.
Recent Mac and iOS Blog Stories •
Dr. Dre Announces 'Compton: A Soundtrack' Exclusively for Apple Music •
New Aerial Video Shows Ongoing Apple Campus 2 Construction •
Buyer's Guide: Discounts on Retina iMac, MacBook Air, Apple Accessories, and More •
Udemy Launches Developer Course for iOS 9, Offers Discount to MacRumors Readers •
Apple Expands Into San Francisco With New Office Building Lease •
Dashlane Launches One-Tap Password Changer for iPhone and Apple Watch •
Apple Music Snapchat Account Takes Users Behind the Scenes of Beats 1 Radio •
Apple Campus 2 Visitor Center Will Include Cafe, Store and Rooftop Observation Deck<br clear='all'/>
<a href="
http://rc.feedsportal.com/r/234566546840/u/49/f/648327/c/35070/s/48abd133/sc/28/rc/1/rc.htm" rel="nofollow"><img src="
http://rc.feedsportal.com/r/234566546840/u/49/f/648327/c/35070/s/48abd133/sc/28/rc/1/rc.img" border="0"/>[/url]
<a href="
http://rc.feedsportal.com/r/234566546840/u/49/f/648327/c/35070/s/48abd133/sc/28/rc/2/rc.htm" rel="nofollow"><img src="
http://rc.feedsportal.com/r/234566546840/u/49/f/648327/c/35070/s/48abd133/sc/28/rc/2/rc.img" border="0"/>[/url]
<a href="
http://rc.feedsportal.com/r/234566546840/u/49/f/648327/c/35070/s/48abd133/sc/28/rc/3/rc.htm" rel="nofollow"><img src="
http://rc.feedsportal.com/r/234566546840/u/49/f/648327/c/35070/s/48abd133/sc/28/rc/3/rc.img" border="0"/>[/url]
<img src="[url]http://da.feedsportal.com/r/234566546840/u/49/f/648327/c/35070/s/48abd133/sc/28/a2.img" border="0"/>[/url]
<img src="[url]http://adchoice.feedsportal.com/r/234566546840/u/49/f/648327/c/35070/s/48abd133/sc/28/ach.img" border="0"/>[/url]<img width="1" height="1" src="
http://pi.feedsportal.com/r/234566546840/u/49/f/648327/c/35070/s/48abd133/sc/28/a2t.img" border="0"/><img width="1" height="1" src="
http://pi2.feedsportal.com/r/234566546840/u/49/f/648327/c/35070/s/48abd133/sc/28/a2t2.img" border="0"/><img width='1' height='1' src='
' border='0'/><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="
http://feeds.feedburner.com/~r/MacRumors-Front/~4/kUxqVeRdLoQ" height="1" width="1" alt=""/>
Source:
First Firmware Worm Able to Infect Macs Created by Researchers
