Thunderstrike 2 Firmware Vulnerability – The days of Apple being safe from viral attacks have long disappeared as a fond memory. In the latest attack on Apple’s OS involves not only infection of the particular device, but also a “contagious” spread to connected accessories and devices.
Researchers Trammell Hudson, Xeno Kovah, and Corey Kallenberg demonstrated an attack in a video, which has been named: “Thunderstrike 2”. The attack can be instigated simply by inserting a malicious device, such as a modified Ethernet adapter.
While being infected by a peripheral device is bad enough, Wired explains that the worm – dubbed a ‘firmworm’ – is capable of spreading between other devices: when a system is infected, any peripheral device with a rewritable option ROM connected to that system will have the worm installed ready to infect further machines and peripherals.
Think that a complete reinstall of the host operating system will solve the problem? Think again. Thunderstrike 2 hides in the laptop’s firmware, far from the hard drive.
The one upside is that the attack has not been proven to be possible on a fully patched OS, but does highlight the vulnerability of Apple’s extensible firmware interface (EFI).
This week, at the BlackHat USA conference in Las Vegas, the public presentation will be revealed, and it is expected that Apple will respond publicly at that time as well.