It can be launched via a remote connection to the system (e.g. This attack does not require physical presence. The only way to recover from such attacks is to reflash the SPI flash chip with a known-clean copy of the firmware. Consequently Macs are vulnerable to being disabled in such a way that they can never be made bootable again either by attempting to boot off external media (like a DVD/USB) and reinstalling the OS, or by changing the entire HD/SSD with a known working one.
One way to randomly infect machines would be to sell infected Ethernet adapters on eBay or infect them in a factory.Ī week ago LegbaCore published a “bricking demo” video showing a Mac Mini being rendered unbootable due to vulnerable firmware.Īpple does not follow Intel's recommended best practices for protecting their firmware. If a new device is subsequently plugged into the computer and contains option ROM, the worm will write itself to that device as well and use it to spread.
How can i scan my mac for malware code#
When another machine is booted with this worm-infected device inserted, the machine firmware loads the option ROM from the infected device, triggering the worm to initiate a process that writes its malicious code to the boot flash firmware on the machine. “The worm would then spread to any other computer to which the adapter gets connected.” The proof-of-concept malware would “be on the lookout for any peripherals connected to the computer that contain option ROM, such as an Apple Thunderbolt Ethernet adapter, and infect the firmware on those,” explained Wired. The malware could “spread automatically from MacBook to MacBook, without the need for them to be networked.” Attackers could remotely target computers, even air-gapped ones, with Thunderstrike 2 as it is designed to spread by infecting the option ROM on peripheral devices. But Kovah said that’s not true he told Wired, “It turns out almost all of the attacks we found on PCs are also applicable to Macs.” In fact, the researchers said five of the six vulnerabilities studied affect Mac firmware.Īttackers might choose to infect a target via a phishing email and malicious site. The researchers previously used LightEater when they presented “ How Many Million BIOSes Would you Like to Infect?” After they revealed that about 80% of PCs have firmware vulnerabilities, Apple claimed Macs did not. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of.”
How can i scan my mac for malware software#
This talk will provide conclusive evidence that Mac's are in fact vulnerable to many of the software only firmware attacks that also affect PC systems. “Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. “Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform,” they wrote in the description of their talk. Apple previously claimed that Macs were not vulnerable to the same firmware flaws that could backdoor PCs, so researchers proved they could remotely infect Macs with a firmware worm that is so tough to detect and to get rid of that they suggested it presents a toss your Mac in the trash situation.Ĭorey Kallenberg, Xeno Kovah and Trammell Hudson will present “ Thunderstrike 2: Sith Strike” at Black Hat USA on August 6. When companies claim their products are unhackable or invulnerable, it must be like waving a red flag in front of bulls as it practically dares security researchers to prove otherwise.
0 kommentar(er)
