Apple Macs Are Delicious Meal For Pesky Thunderstrike 2 Firmware Worm

Researchers appear to have found serious vulnerabilities in Mac laptops and desktops. Trammell Hudson at Two Sigma Investments and Xeno Kovah at LegbaCore are planning to discuss their discovery in detail at Black Hat USA 2015 in Las Vegas. The crux of their discovery: many of the same firmware vulnerabilities that plague PCs also exist in Macs. The researchers plan to prove the vulnerabilities on August 6th.

macbook pro
Image credit: Apple
 
After discovering the firmware vulnerabilities, the researchers were able to create Thunderstrike 2, a proof-of-concept worm that can infiltrate Macs via their firmware. The worm can move from one laptop to another via your peripherals and (in theory) can spread without detection. What makes Thunderstrike a better worm than most of the malware we see today is that it doesn’t have to move over networks and can avoid scanning detection by infecting your computer’s BIOS. Plug a device into your Mac’s Thunderbolt port and the worm will infect your peripheral. Move to another computer, and the worm will take hold the next time the computer boots.



The worm hides in the ROM on peripherals, which makes spreading the worm a piece of cake: simply infect some peripherals, sell them online, and you’ll soon have complete control of those computers, if the researchers are right this vulnerability.

Firmware attacks have been a problem for PCs for ages, though manufacturers have had some success with patches (notably Dell and Lenovo). Now, it’s Apple’s turn to batten its hatches, and it has already patched one vulnerability and is at work on another, though some vulnerabilities remain.