Archive Pages Design$type=blogging

randomposts

“Thunderstrike 2” rootkit uses Thunderbolt accessories to infect Mac firmware

0 0 Edit this post

World’s first (known) bootkit for OS X can permanently backdoor Macs        Thunderstrike allows anyone with even brief ac...


Earlier this year, security engineer Trammell Hudson developed and showed off a proof-of-concept firmware called Thunderstrike. The malware could hitch a ride on Thunderbolt-connected accessories that used Option ROMs and infect any Mac it was connected to at boot. The infected Mac could then pass the malware to other accessories, which could infect other computers.
Apple (mostly) patched this exploit in OS X version 10.10.2 back in January, but Wired reports that Hudson and LegbaCore security researcher Xeno Kovah have developed a sequel.
Dubbed "Thunderstrike 2," the new proof-of-concept attack still spreads primarily through infected Thunderbolt accessories. But where the original Thunderstrike required a malicious user to have physical access to your computer to work—something sometimes referred to as an "evil maid" attack, though an evil butler could probably do the same job—the new one can be spread remotely. The malware can be delivered "via a phishing e-mail and malicious Web site," and once downloaded it can infect connected accessories that use Option ROM (Apple's Thunderbolt-to-gigabit-Ethernet accessory is a commonly cited example). Once the accessory is infected, the malware can spread to any Mac that you plug the accessory into.
The danger of firmware-level malware is that most virus scanners and other anti-malware products focus on RAM and files stored on the desk. It's difficult to detect in the first place, and it's difficult to track it back to its source. It's also tough to remove. "You can't use Thunderstrike to remove Thunderstrike" because the infected firmware patches the security hole in the original firmware.
Many of the security vulnerabilities that make Thunderstrike 2 possible are common to most EFI firmware. Researchers discovered a total of six vulnerabilities that affected PCs from Dell, HP, Lenovo, Samsung, and others. Of those, five also applied to the Mac's firmware, and of those, Apple has fully patched one, partially patched another, and failed to patch three more.
Apple has been alerted to the new vulnerabilities and will hopefully patch them using new OS X versions, new firmware updates for Thunderbolt-equipped Macs, or both. All Macs that ship with a Thunderbolt port (the bulk of new Macs introduced since 2011, with a handful of exceptions) are theoretically vulnerable to infection.


Wired, Ars Technica

SHARE:

COMMENTS

BLOGGER
DISQUS
Name

A well-known writer is 'done' with Apple Music abdominal exercises acne acne control acne cure acne home remedies acne medicine acne treatment acne treatments Acne vulgaris ACNES Apple Apple iPhone Beauty Best cardio exercise Best cardio for weight loss Best cardio to lose weight best hosting best skin peel blackheads Budget car rentals budget travel Car Rental Coupons Car Rentals Car Rentals 24Hrs Cardio Cardio Workouts For Weight Loss - Simple And Enjoyable cardiovascular CareFCA Cheap Car Rentals 24 cheap cars cheap flights cheap hotels Cheap Rental Cars Cheap travel cheap vacation comedones Components Cortana Intel crowds css cure for back acne Customer data Dedicated hosting Dedicated server hosting Dev & Design dev and design Discount Car Rentals dry skin Ecommerce web hosting Europe Car Rentals exercise exercising Facebook FAQ FAQS Firefox devs testing feature to find and nuke noisy tabs Fitness Flash Ford's high-tech lighting system makes driving at night safer get rid of acne Good cardiovascular workouts Google health health products health tips How to how to cure acne How to moisturize Skin How to reduce pimples overnight How to Select a Cheap Dedicated Server How to treat asthma at home hydrogen peroxide Internet & Telecom interval training iPhone Looking For Cheap Cell Phone Service low carbohydrate diet Mac malware OS X Mobile app development mobile development moisturizer cream Most effective cardio workouts Natural skin care remedies nesw Network monitoring tools News Nike Fuelband nutrition PATONG BEACH PayPal relists after split from eBay Phromthep Cape phuket landmarks Phuket Thailand pimples Samsung Samsung Galaxy Note 5 Samsung Galaxy S6 Edge Plus Samsung Gear A Samsung Unveils Galaxy Tab S2 search SEO Tools server side programming Significant Flash exploit mitigations are live in v18.0.0.209 skin care skin peel skin types Small business phone service spots Street Fighter V: A New Way to Play tca peel Tech the Essential Tablet for Experiencing Digital Content Thunderstrike Transportation Travel treat asthma treating acne US LLC web design web development ireland web hosting web hosting coupon web hosting review Web Optimization weight loss diet whiteheads Windows 10 working out xhtml zit control
false
ltr
item
Beauty Tips&Travel Guide: “Thunderstrike 2” rootkit uses Thunderbolt accessories to infect Mac firmware
“Thunderstrike 2” rootkit uses Thunderbolt accessories to infect Mac firmware
http://cdn.arstechnica.net/wp-content/uploads/2015/08/thunderbolt_ethernet-640x414.png
Beauty Tips&Travel Guide
https://beauty4travel.blogspot.com/2015/08/thunderstrike-2-rootkit-uses.html
https://beauty4travel.blogspot.com/
http://beauty4travel.blogspot.com/
http://beauty4travel.blogspot.com/2015/08/thunderstrike-2-rootkit-uses.html
true
8058167521457884032
UTF-8
Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago