A new firmware targets MAC systems. Thunderstrike 2 could cripple Apple computers.
An updated version of the Thunderstrike worm leaves Apple computers vulnerable. The new Thunderstrike 2 it’s a malware that acts without an active internet connection.
According to a Black Hat conference, this new malware is really hard to detect, due to the fact that it can spread without any Internet access.
In its previous form, Thunderstrike infects Mac’s firmware through the help of Apples’ data transfer platform, Thunderbolt.
A test was done by researchers of LegbaCore, Corey Kallenberg and Xeno Covah, alongside with Trammel Hudson from Two Sigma Investments, to show how this type of worm works.
The researches connected malicious devices to the firmware that Mac systems use.
Theoretically, each firmware should not be able to suffer modifications, nor to be rewritten. What malwares do is just sit within the firmware and easily infect any device.
This happens because the security products do not scan the integrity of the firmware. Thus, there are very few ways to detect if a firmware was affected by a malware.
Like any other malware, Tunderstrike can infect any system through a simple email or infected website.
The new Thuderstrike 2 is supposed to be even more dangerous, due to the ability to move itself to other computers through removable devices.
Apple’s future operating system, X 10.11 El Capitan, appears to be invulnerable to the malware. The current OS that Apple is using, X 10.10.4 Yosemite and the beta version of X 10.10.5 have no possibility to detect Thunderstrike 2 so far.
Such potential worm leaves Mac’s security vulnerable and with possible devastating consequences if it infects the system.
If a device is infected by Thunderstrike 2, while a machine is booting, the malware writes a malevolent code on the firmware’s boot flash drive. The malware can easily infect any Option ROM on the machines adapter.
Thunderstrike was also discovered on Windows, at the same time with other 6 potential exploits that could affect Apple’s Operating System.
Malware affecting Windows System is not something new, but for Apple, it was considered an unexpected situation because the company has long praised its security system.
Image source: www.apple.com
