Results 1 to 5 of 5

Thread: This new Mac virus goes untraced and can't be removed

  1. #1
    #DeSantis2024 Teh One Who Knocks's Avatar
    Join Date
    Jan 2011
    Location
    5280' Above Sea Level
    Posts
    256,044
    vCash
    10966
    Mentioned
    20 Post(s)
    Thanks
    23,810
    Thanked 113,085 Times in 59,902 Posts

    Apple This new Mac virus goes untraced and can't be removed

    By Alex La Ferla - Daily Dot




    A security researcher recently demonstrated a vulnerability to malicious code in Apple Macs that he claims is both undetectable and irremovable.

    Trammell Hudson, who works for hedge fund Two Sigma Investments, announced his discovery during a presentation to the Chaos Computer Club (CCC), one of Europe’s largest associations of hackers.

    Hudson later posted an annotated version of his presentation on his blog.

    The hack, called “Thunderstrike” for its ability to be transmitted via the Thunderbolt port, installs malicious code onto the Boot ROM of the system and cannot be removed, even by replacing the computer’s hard drive.

    “Since it is the first OS X firmware bootkit, there is nothing currently scanning for its presence,” writes Trammell. “It controls the system from the very first instruction, which allows it to log keystrokes, including disk encryption keys … and bypass firmware passwords. It can't be removed by software since it controls the signing keys and update routines. Reinstallation of OS X won't remove it. Replacing the SSD won't remove it since there is nothing stored on the drive.”



    Hudson notes on his blog that he first discovered the problem when his employer was considering the use of MacBooks. The employer asked Hudson to use his reverse-engineering background to investigate security concerns it had with the Apple product.

    Hudson’s first step was dismantling the laptop in order to gain access to the boot ROM, a tiny chip that contains the code necessary to get a computer running when first turned on. Once he had gained access to the boot ROM, Hudson loaded it with malicious code, in what is known as a bootkit attack. He was then able to circumvent checks that would normally render such an attack unsuccessful.

    Even more damaging, Hudson later found that disassembly of the laptop was not required for transmission of the virus. Instead, he writes, any Thunderbolt-compatible device can be used as a delivery mechanism by following a few simple steps:

    “Given a few minutes alone with your laptop, Thunderstrike allows the boot ROM firmware to be replaced, regardless of firmware passwords or disk encryption. Thunderstrike in its current form has been effective against every MacBook Pro/Air/Retina with Thunderbolt that I’ve tested, which is most models since 2011.”


    Hudson claims that he first approached Apple about the problem in 2013 and that the company is now almost ready to introduce a “partial fix” that could prevent some instances of modification to the boot ROM, but not all. This patch would only prevent certain forms of attack by Thunderbolt port and would not protect a computer from the longer, physical dismantling method initially tested by Hudson.

    For now, Hudson recommends a combination of hi- and low-tech approaches to preventing someone from carrying out the attack on your computer.

    First, he recommends writing over the ROM with your own code to disable remote hacks via Thunderbolt—something 99.9 percent of us are likely to consider laughably complicated. Here’s Hudson’s MacGyver-esque (and quasi-conspiratorial) suggestion for preventing physical access to your computer’s insides: Just paint the screws on your case over with glittery nail polish and take pictures of the unique pattern left in the seal. This way you can tell if your laptop has been tampered with.

  2. #2
    Hal killed Tormund! Pony's Avatar
    Join Date
    Jan 2011
    Location
    Borneo
    Posts
    17,294
    vCash
    2000
    Mentioned
    7 Post(s)
    Thanks
    7,292
    Thanked 7,740 Times in 4,205 Posts

  3. #3
    Dilly dilly Goofy's Avatar
    Join Date
    Jan 2011
    Location
    On the oche
    Posts
    52,011
    vCash
    5200
    Mentioned
    124 Post(s)
    Thanks
    6,061
    Thanked 13,156 Times in 6,846 Posts
    Lies, macs dont get viruses

  4. #4
    weapon of mass consumption redred's Avatar
    Join Date
    Jan 2011
    Location
    Bristol , England
    Posts
    30,600
    vCash
    3793
    Mentioned
    0 Post(s)
    Thanks
    1,838
    Thanked 5,562 Times in 3,632 Posts

  5. #5
    mr. michelle jenneke deebakes's Avatar
    Join Date
    Mar 2011
    Posts
    55,327
    vCash
    12000
    Mentioned
    7 Post(s)
    Thanks
    1
    Thanked 19,022 Times in 11,474 Posts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •