DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
October 24, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 87 people online.

 

Latest Reviews
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
 

Follow us
RSS
 

Thunderbolt attack can put undetectable and unremovable virus on Macs

Posted on Tuesday, January 13 2015 @ 15:09:58 CET by


Apple logo
While looking into the security of Apple notebooks for his employer Two Sigma Investments, security researcher Trammell Hudson discovered a way to infect Macs with malware that's virtually undetectable and extremely hard to remove. Hudson discovered the OS X firmware bootkit ROM can be infected by using a modified Apple gigabit Ethernet Thunderbolt adapter as an attack vector to get code running while the system boots.

The good news is someone needs physical access to your Mac to carry out the attack, but the bad news is that this type of malware is virtually undetectable and unremovable. Hudson points out that a reinstallation of OS X won't remove it and even replacing the SSD won't help because there is nothing stored on the drive.

Hudson claims every MacBook Pro/Air/Retina with a Thunderbolt port is vulnerable to the attack, but fortunately Apple is working on an update that will prevent malicious code from being written to the Boot ROM via the Thunderbolt port.
After initially discovering that the Boot ROM could be tampered with if the notebook was physically dismantled to give access to the chip soldered onto the motherboard, he then refined this technique so the attack could be carried out via the system's Thunderbolt port.

"It turns out that the Thunderbolt port gives us a way to get code running when the system boots," Wrote Hudson. "Thunderbolt brings the PCIe bus to the outside world and at boot time the EFI firmware asks attached devices if they have any Option ROMs to be run."

...

"The classic 'evil-maid' attacks also are feasible. Given a few minutes alone with your laptop, Thunderstrike allows the boot ROM firmware to be replaced, regardless of firmware passwords or disk encryption," explains Hudson. "So while you are getting breakfast at the hotel during a conference and leave the machine in your room and house-cleaning comes by to make up the bed, install the firmware backdoors, and replace the towels."
Full details at ZD Net.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba