Thunderstrike 2 infects firmware; fix is to re-flash chip
Two computer researchers have created a new firmware worm, Thunderstrike 2, which calls into question the airtight security usually associated with Apple MacBook products.
The research, which has resulted in a proof-of-concept, was done by Xeno Kovach of LegbaCore, and Trammel Hudson of Two Sigma Investments.
The powerful attack allows for remote targeting and can’t be detected by security scans. Because it infects the computer’s firmware, the only way to get rid of Thunderstrike 2 would be to re-flash the computer chip, according to Wired.
Kovach told Wired the attack is “really hard to detect, it’s really hard to get rid of and it’s really hard to protect against something that’s running inside the firmware. For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”
RT reports that an attack can occur via a phishing e-mail or from a website. Once the worm is going, it could infect an Ethernet adapter as a jump off to infecting another computer.
“It turns out almost all of the attacks we found on PCs are also applicable to Macs,” Kovach told Wired. “Most of these firmwares are built from the same reference implementations, so when someone finds a bug in one that infects Lenovo laptops, there’s a really good chance it’s going to affects Dells and HPs. What we also found is that there is really a high likelihood that the vulnerability will also affect MacBooks. Because Apple is using a similar EFI firmware.”
Apple has been made aware of the security lapses and has fixed some problems and is working on others, according to reports.