Thunderstrike 2 – Malware that attacks MacBook firmware deflates Apple’s security claims
When we compare Windows and Mac PC for security aspect, the latter is far beyond hackers reach. But that notion has changed drastically with a new revelation by security experts who believe that the firmware that can attack other operating systems can be modified and targeted to hit Mac’s too. To prove their point they have designed a proof-of-concept worm which spreads from one MacBook to the other very easily.
The worm can affect system performance, operating environment and even the way updates are installed. The only way to get rid of this malware is by re-flashing the computer’s firmware. That by-the-way is only achieved by performing a re-flash of the chip containing the firmware. Not even a format will be able to delete the firmware completely.
Attacks MacBook firmware that cannot be recovered by formatting the OS
The firmworm (worm that affects firmware) developed by Trammell Hudson from two Sigma, Xeno Kovah and Corey Kallenberg from LegbaCore is called Thunderstrike 2. Yes, you guessed it right, this is another powerful hack attack that is much more potent than the Thunderstrike worm developed last year. All the details of this hack attack on Mac PC’s will be presented at the ongoing BlackHat USA Conference and DEFCON 2015.
Thunderstrike 2 basically is a malware that operates by hiding its presence from antivirus software and affects your MacBook. The only way to detect this firmworm is by doing a firmware forensics which requires advanced knowledge of chip-level security. Basically, beyond the reach of an average user and even though researchers have made some OROM checkers available, it still is beyond the understanding of a normal MacBook user.
The only way out is if Apple does a security check and provides a firewall to eliminate Thunderstrike 2 from user’s system. It still remains to be seen how the firmware will affect Mac’s, but it definitely is a major headache.