|
Title: Thunderbolt devices can infect MacBooks with persistent rootkits Post by: HCK on December 24, 2014, 09:00:18 am Thunderbolt devices can infect MacBooks with persistent rootkits
<article> <section class="page"> <p> Attackers can infect MacBook computers with highly persistent boot rootkits by connecting malicious devices to them over the Thunderbolt interface.</p><p> The attack, dubbed Thunderstrike, installs malicious code in a MacBook’s boot ROM (read-only memory), which is stored in a chip on the motherboard. It was devised by a security researcher named Trammell Hudson based on a two-year old vulnerability (http://ho.ax/downloads/De_Mysteriis_Dom_Jobsivs_Black_Hat_Slides.pdf) and will be demonstrated next week at the 31st Chaos Communication Congress in Hamburg.</p><p> “It is possible to use a Thunderbolt Option ROM to circumvent the cryptographic signature checks in Apple’s EFI firmware update routines,” Hudson said in the description of his upcoming presentation (http://events.ccc.de/congress/2014/Fahrplan/events/6128.html). “This allows an attacker with physical access to the machine to write untrusted code to the SPI flash ROM on the motherboard and creates a new class of firmware bootkits for the MacBook systems.”</p><p class="jumpTag"><a href="/article/2862872/thunderbolt-devices-can-infect-macbooks-with-persistent-rootkits.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article> Source: Thunderbolt devices can infect MacBooks with persistent rootkits (http://www.macworld.com/article/2862872/thunderbolt-devices-can-infect-macbooks-with-persistent-rootkits.html#tk.rss_all) |