These OS X malware are like zombies that refuse to die

thunderstrike2
By JC Torres/

Traditionally, PCs, especially those running Windows, are notorious for their security vulnerabilities. That is something that Apple is only too happy to point out, often blowing its own horn when it comes to being immune to your typical viruses. Trying to wake Apple up to reality, a group of hackers will present at Black Hat and Def Con security conferences this week how Macs are just as vulnerable to malware, even the same malware as PCs. And in this case, it might be even be worse, since even reformatting doesn't wipe out the malware.

Apple is known for making rather boastful statements and some have taken issue with those claims. In the area of computer and software security, claiming invulnerability is pretty much like putting out a lightning rod for hackers, both bad as well as the good like these group behind the "Thunderstrike 2" malware. So named because it spreads its infection through any Thunderbolt 2 peripheral that has its own ROM memory section, Thunderstrike 2 can infect any Mac and remains even if the user reformats or changes the hard drive.

This isn't black magic. While a huge majority of malware directly infect the operating system sitting in hard drives, Thunderstrike infects a Mac's firmware. This specialized software is located deep within the system hardware and is the very first program to run when a device boots up. A target Mac can be infected through malicious email or websites or through the aforementioned Thunderbolt connection. Once a Mac has been infected, it can potentially infect any other Thunderbolt device that connects to it, as long as it has a ROM of its own. And you thought only PCs are contagious.

Another proof of concept that uses the same principles involves rendering a Mac Mini practically useless. Since firmware runs before the operating system, once corrupted it can potentially block access to the entire system. And since it isn't located in conventional storage, no amount of reformatting or swapping out drives will clean it up. The only way out it to reflash the specialized chip that houses the firmware, not an easy task to accomplish.

While Apple is quick to preach its strengths, it isn't always as quick in admitting its mistakes. Apple was supposedly notified about the security vulnerabilities but has only fixed a small fraction of the reported flaws. Considering the potential severity of these cases, one can only hope Apple picks up the pace now that the word has gone out.

VIA: ComputerWorld

Recommended