Apple News Security

New ‘ThunderBird 2’ Malware Threatens Mac OSX Security; Can Remotely Take Over System And Even Survive Formatting

Share on Facebook
Tweet about this on TwitterShare on Google+Share on StumbleUponShare on LinkedInPin on PinterestShare on Reddit

A major reason behind MacBook’s immense popularity is the trust on security as Apple devices, be it iPhones or Macs are known for their impeccable security features. However, a newly found malware may evade that.

A team of white hat hackers have been able to breach that security as they have come up with a worm which can be remotely planted into the system by phishing mails or by clicking on links.

The biggest concern is that it directly attacks the firmware instead of the software and hence cannot be detected by any program and can even survive the formatting of entire disc. The researchers are going to demonstrate this firmware malware called ‘Thunderstrike 2: Sith Strike in their presentation at Black Hat USA on Thursday and later at Def Con this weekend.

The team comprises security engineer Trammell Hudson, who first discovered the Thunderstrike exploits, Xeno Kovah, owner of firmware security consultancy LegbaCore and Corey Kallenberg who all had previously used LightEater when they presented their research titled “How Many Million BIOSes Would you Like to Infect?”

After their revelation about the susceptibility of various firm wares to attacks, Apple had claimed that Mac OS firmware did not have any such issues as it did not follow the traditional firmware as it has its own firmware called the extensible firmware interface (EFI). However, this was opposed by the researchers that Mac was equally if not more, susceptible to the firmware as its pretty much all x86 [computers].

Their latest version of Thunderbird can be remotely installed and can spread between Macs even if they are air-gapped or not networked. Since it attaches itself with the firmware, it not only goes undetected by security software but also remains in place even if OS X is wiped out and reinstalled.

For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.

says Xeno Kovah.

It is not the first time for Thunderbird though as its predecessor too managed to breach the system but it required to have physical access to that system. Apple also released a patch for the same as OS X 10.10.2 which resolved the issue and the latest OS X security update (10.10.4) currently seems to protect from the new malware.

Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform,

researchers wrote in the description of their talk. They further added,

This talk will provide conclusive evidence that Macs are in fact vulnerable to many of the software only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of.


Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *