News Categories

Thunderstrike 2 is the first firmware worm that attacks Mac remotely

By Kenny Yeo - on 4 Aug 2015, 9:07am

Thunderstrike 2 is the first firmware worm that attacks Mac remotely

Security researchers take advantage of the Thunderbolt port to spread their worm.

Security researchers that want to prove that Macs are susceptible to the same firmware-level attacks as PCs have succeeded in creating the world's first firmware worm that attacks Macs remotely. 

The worm is called Thunderstrike 2 and was developed by Xeno Kovah, head of security at LegbaCore, and Trammell Hudson, a security engineer at Two Sigma Investments. Hudson was responsible for Thunderstrike, the earlier firmware worm that attacks Macs via attached and infected Thunderbolt devices.

However, Thunderstrike 2 takes things a step further and can attack Macs remotely through malicious websites or emails. Once infected, the malware can then spread itself by infecting any other attached Thunderbolt devices. These infected Thunderbolt devices can then attack any other Macs that it is connected to during boot. The video below shows how Thunderstrike 2 works: 

Firmware-level attacks are particularly troublesome because it is difficult to detect and even more difficult to get rid off. Most anti-virus software do not work at such a low level and the only way to eliminate it is to re-flash the chip that contains the firmware.

Kovah, one of the designers of the worm said, "It’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware.For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip."

Kovah and Hudson plan to share their findings at the Black Hat and Def Con security conferences at Las Vegas later this week.

Source: Wired

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.