Two researchers named Xeno Kovah and Trammell Hudson have found vulnerabilities that can affect the firmware of the Apple Mac. The two whitehat hackers researched about Mac's vulnerability and found a loophole that can be attacked by similar hazards damaging PC's firmware.
Being secured from viruses, worms and malware makes Mac owners stay confident and pompous of the product. In a famous commercial of Mac, Apple boasts about its products' immunity from such computer hazards. While wearing a bio-hazard suit, John Hodgman tells Justin Long, who represented Mac, in the ad, "You're lucky you don't have to deal with this stuff, Mac."
Xeno Kovah and Trammell Hudson clarified that they did not conduct the research to hack Mac, but to prove that it is really not that secured as the company claims.
Though air-gapped, the worm called Thunderstrike 2 can infect nearby computers without being noticed by the system shields. The said threat will become a challenge to anti-virus creators since the attack is deeper and will still remain in the firmware even if the operating system is up-to-date. This can hinder updating of the firmware and may even write itself on newly installed firmware.
Aside from the firmware attack, Thunderstrike 2 can intrude the reboot of the system. The leader of the startup LegbaCore, Xeno answered Wired in a conference, "For most users that's really a throw-your machine-away kind of situation, most people and organizations don't have the wherewithal to physically open up their machine and electrically reprogram the chip."
The infection can be spread by attackers through a malicious website or a phishing email. It can then contaminate other machines that are not even connected in a network. The option ROM is primarily tainted by Thunderstrike 2 and will find peripheral devices with such component.
The security threat will be discussed at the Black Hat security conference on August 6 by Kovah and Hudson in Las Vegas.
