DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
May 20, 2019 
Main Menu
News archives

Who's Online
There are currently 73 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Thunderbolt attack can put undetectable and unremovable virus on Macs

Posted on Tuesday, January 13 2015 @ 15:09:58 CET by

Apple logo
While looking into the security of Apple notebooks for his employer Two Sigma Investments, security researcher Trammell Hudson discovered a way to infect Macs with malware that's virtually undetectable and extremely hard to remove. Hudson discovered the OS X firmware bootkit ROM can be infected by using a modified Apple gigabit Ethernet Thunderbolt adapter as an attack vector to get code running while the system boots.

The good news is someone needs physical access to your Mac to carry out the attack, but the bad news is that this type of malware is virtually undetectable and unremovable. Hudson points out that a reinstallation of OS X won't remove it and even replacing the SSD won't help because there is nothing stored on the drive.

Hudson claims every MacBook Pro/Air/Retina with a Thunderbolt port is vulnerable to the attack, but fortunately Apple is working on an update that will prevent malicious code from being written to the Boot ROM via the Thunderbolt port.
After initially discovering that the Boot ROM could be tampered with if the notebook was physically dismantled to give access to the chip soldered onto the motherboard, he then refined this technique so the attack could be carried out via the system's Thunderbolt port.

"It turns out that the Thunderbolt port gives us a way to get code running when the system boots," Wrote Hudson. "Thunderbolt brings the PCIe bus to the outside world and at boot time the EFI firmware asks attached devices if they have any Option ROMs to be run."


"The classic 'evil-maid' attacks also are feasible. Given a few minutes alone with your laptop, Thunderstrike allows the boot ROM firmware to be replaced, regardless of firmware passwords or disk encryption," explains Hudson. "So while you are getting breakfast at the hotel during a conference and leave the machine in your room and house-cleaning comes by to make up the bed, install the firmware backdoors, and replace the towels."
Full details at ZD Net.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba