Categories: News

Not even anti-viruses can help with this Mac threat

The general perception is that Apple’s Macs are more secure compared to PCs, especially at the low level of firmware (BIOS). But this perception might be due to the lack of well known attacks rather than better safeguards.
Two computer security researchers, Xeno Kovah and Trammell Hudson have discovered that a number of well known security issues with the firmware of top PC manufacturers can also affect the firmware in Macs. With that, the researchers were able to develop a worm, “Thunderstrike 2” (as a proof of concept) that can spread from one Mac to another even if they weren’t networked. This would be possible because the infected firmware can spread by piggybacking peripherals attached to one Macintosh computer and then another.

A big problem with firmware issues is that they work at a very low level that is hard to detect and work on for regular users. Since the computer’s firmware (or BIOS, the very fundamental software that boots the computer and starts the operating system) is usually on a chip embedded in the motherboard, replacing or formatting your hard drive and re-installing the operating system won’t help. Anti-virus software usually operates at a much higher level and doesn’t have access to the memory that hosts the firmware. Updating firmware requires the older one, so the malicious code can block updates or re-write itself as a part of it.
The only way to get rid of malicious content in a computer’s BIOS would be to flash the chip that holds it. But not might not be possible in many cases.

Thunderstrike 2 only exists in the firmware and can be spread via regular connections or option ROM for computers that are not connected to each other. Option ROM is the peripheral device’s firmware that can be called by the firmware of the computer to which it is connected. An example of such a peripheral on Macs would be Thunderbolt Ethernet adapter, or external SSDs.

The researchers suggest that the firmware vendors can make devices more secure against firmware attacks by signing their firmware and updates cryptographically and modifying the hardware to identify these signatures. Another counter-measure they suggest is that vendors let users access the firmware code and use “checksums” to ensure that the firmware installed is the same as the one vendors supplied and not with malicious modifications. Checksums are already used for checking the integrity of different software and data after download. It involves running the data through an algorithm that creates a small, unique cryptographic code for that specific combination.

Image: popmech.ru

Sponsored
Behlol Nawaz

Leave a Comment
Share
Published by
Behlol Nawaz

Recent Posts

Microsoft Launches AI-Powered “Support Virtual Agent” for Xbox Users

Microsoft has launched its AI-powered “Support Virtual Agent” chatbot for Xbox Insiders in the U.S.,…

11 hours ago

Musk Says Tesla Won’t Enter Smartphone Market Unless Necessary

Android Authority recently polled its users to find out if they would purchase a Tesla…

11 hours ago

Sukkur IBA Sets Seven Conditions for Conducting MDCAT

The Secretary of the Sukkur IBA Testing Agency has formally requested urgent action from the…

12 hours ago

PSEB Opens Bidding for Nationwide e-Rozgar Centers

The Pakistan Software Export Board (PSEB) has launched a nationwide program to encourage IT startups…

12 hours ago

Google Play Services Bug Disrupts Access to Apps for Pixel Users: Here’s How to Fix It

A significant issue with Google Play Services has left many Pixel users unable to access…

12 hours ago

WhatsApp Beta Partners with Google for Innovative Image Search Feature

When it comes to Android messaging apps, WhatsApp stands out as one of the best.…

13 hours ago