Forbes.com
0
All posts from Forbes.com
Forbes.com in Forbes.com,

Thunderstrike 2: Remote Attacks Can Now Install Super Stealth 'Firmworm' Backdoors On Apple Macs

Trammell Hudson, an employee of high-tech hedge fund Two Sigma Investments, created something of a storm late last year with his Thunderstrike exploit on Apple Macs. It was the first time anyone had demonstrated a Mac bootkit – malware that launches ahead of the operating system, from the moment the PC starts, and is hidden from security tools, most of which don’t delve so deep inside Macs’ innards. It’s probably the most surreptitious, devilish kind of malware one can get onto a PC, effectively granting an attacker total control over the computer.

There was one major barrier to exploitation outside of labs, however: it required physical access to the target PC. But now Hudson has collaborated with self-proclaimed “voodoo” researchers Xeno Kovah and Corey Kallenberg, Mac bootkits can now be delivered from anywhere on the planet. They could also jump between machines over infected Thunderbolt devices, creating a “firmworm” (which sounds like some ribald innuendo and is just about as awful to contemplate). And Apple AAPL -0.75%, due to its own policy decisions, is partly to blame.

A new Macbook Pro is seen on display at an Apple media event in San Francisco, California on March 9, 2015. AFP PHOTO / JOSH EDELSON (Photo credit should read Josh Edelson/AFP/Getty Images)

To get that bootkit up and running, there are numerous paths a malicious hacker could take. The one the trio will show off at the Black Hat security conference in Las Vegas this week will assume the attacker already has root control over the machine. Getting to that point is not the simplest of tasks on Apple Macs, but an Oracle ORCL +0.73% Java or Adobe Flash exploit would do the trick.

From there, a vulnerability named Darth Venamis, named after a Sith lord from the Star Wars saga, can be used to unlock the BIOS. That’s the part of the firmware that runs just after the PC is turned on, checking...


More