Earlier this year, an exploit known as “Thunderstrike” made waves, and now the name is resurfacing thanks to a newly-created threat to Macs.
According to a new report published recently by WIRED, a team of researchers have managed to create the first firmware worm that’s specifically able to strike Macs. This new worm, which has been entitled “Thunderstrike 2,” builds off the exploits found within the aforementioned Thunderstrike, and infects Macs at the firmware level. This, the researchers note, makes it almost impossible to remove. With this infection, the worm could effectively bypass any updates to the system, or reinstall itself at will, making it incredibly dangerous.
The team was put together by security engineer Trammell Hudson, the individual that found Thunderstrike in the first place, and Xeno Kovah, the owner of security consultancy LegbaCorp. The creation of the firmware worm has shown that while the original Thunderstrike could be drummed up as a proof-of-concept attack, Thunderstrike 2 could do even more damage as a real-world worm using the same vulnerabilities.
“[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” says Xeno Kovah, one of the researchers who designed the worm. “For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.“
Unfortunately, the report indicates that Apple has not done enough to patch the vulnerabilities that leave Macs open to these kinds of attacks. A firmware worm, which leaves malware embedded on the Mac’s firmware, has to be removed at the hardware level, just adding to the difficulty of removing the dangerous software from a Mac.
“They notified Apple of the vulnerabilities, and the company has already fully patched one and partially patched another. But three of the vulnerabilities remain unpatched.“
While Apple hasn’t fixed all of the vulnerabilities up to this point, it’s likely that the company is currently working on patches to do just that.
[via WIRED]
No comments:
Post a Comment