Two security consultants have created a new computer worm, the Thunderstrike 2, that attacks the core hardware of a Mac computer once unleashed. The worm was designed to expose vulnerabilities in the once-assumed airtight security of Apple products.
The worm works by attacking the computer’s firmware, the software that comes pre-installed and loads the operating system. Firmware provides control, monitoring and data manipulation in engineering products or systems.
The cybersecurity research work on the worm was carried out by Xeno Kovah, owner of LegbaCore, and Trammell Hudson, a security engineer with Two Sigma Investments.
According to the researchers, an attack can occur via a phishing email (an email sent from a fake “trusted institution” like a bank) or a malicious website containing the worm. Once activated, the malware would look out for any peripherals connected to the computer, such as an Ethernet adapter, which it would then infect. The worm could then spread to any other computer to which the adapter gets connected. Once connected, the worm writes malicious code to the firmware of the MacBook.
One way to randomly infect machines would be to sell infected Ethernet adapters on eBay, or infect them in a factory, Wired reported.
"[The attack is] really hard to detect… it's really hard to get rid of," Kovah told Wired. "It's really hard to protect against something that's running inside the firmware…for most users that's really a throw-your-machine-away kind of situation.”
Thunderstrike 2 can’t be removed with traditional anti-malware security program, either. It requires programming the computer’s chip.
Kovah and Kallenberg said that the worm was developed to showcase vulnerabilities in Apple devices. According to Vice, Apple has been notified has already fixed one type of vulnerability and partially patched another. Three are still unresolved.
Subscribe by Email
Follow Updates Articles from This Blog via Email
No Comments