A team of
Researchers has
Created the
First Firmware Worm that's
Able to
Infect Macs, reports
Wired. Building on "Thunderstrike" exploits
uncovered earlier this year, the worm, dubbed "Thunderstrike 2," infects
Macs at the
Firmware level, making it nearly impossible to remove. Embedded into firmware, malware is resistant to
Firmware and software updates,
Able to block them entirely or reinstall itself at will.
The
Worm was
Created by security engineer Trammell Hudson, who
First discovered the Thunderstrike exploits, and Xe** Kovah, owner of
Firmware security consultancy LegbaCore. When Thunderstrike made waves earlier this year, it was a limited proof-of-concept attack with ** k**wn presence in the wild, but Thunderstrike 2 demonstrates a real-world
Worm Able to target
Macs using the same general vulnerabilities.
Thunderstrike 2, unlike the
First demonstration of Thunderstrike, is
Able to
Infect a Mac remotely through a malicious website or email. Once on a Mac, it's
Able to spread itself to other
Macs by hiding in the option ROM of peripheral devices like Apple's own Thunderbolt to Gigabit Ethernet adapter, external SSDs, RAID controllers, and more. Once infected by a Mac that has the Thunderstrike 2 worm, the peripheral would go on to
Infect any other Mac it connects to.
"People are unaware that these small cheap devices can actually Infect their firmware," says Kovah. "You could get a Worm started all around the world that's spreading very low and slow. If people don't have awareness that attacks can be happening at this level then they're going to have their guard down and an attack will be Able to completely subvert their system."
Removing malware embedded into a Mac's
Firmware would need to be done at the hardware level, making it particularly dangerous. According to the researchers, Apple has **t done e**ugh to fix the vulnerabilities that leave
Macs open to these kind of attacks.
"Some vendors like Dell and Le**vo have been very active in trying to rapidly remove vulnerabilities from their firmware," Kovah **tes. "Most other vendors, including Apple as we are showing here, have **t. We use our research to help raise awareness of Firmware attacks, and show customers that they need to hold their vendors accountable for better Firmware security."
Kovah and Hudson have **tified Apple about the Thunderstrike 2 vulnerabilities, but thus far, Apple's only fixed one of five security flaws and introduced a partial fix for a second. Three of the vulnerabilities have **t yet been *****ed, but it's likely Apple is working to get the flaws fixed in an upcoming security update.
More information on Kovah and Hudson's research and the Thunderstrike 2 exploit can be
found in a lengthy report over at
Wired.




أكثر...