Thursday, May 8, 2025
Creativeshory - Tech Blog
  • Home
  • Tech
    • Apps
    • Mobile
      • Phone Tracker
    • Printers
    • Electronics
      • PCB
    • Games
    • Web Hosting
    • Security
    • Software
      • PHP
    • Tools
  • Artificial Intelligence
  • Design
    • Animation
    • Graphics
    • Web Design
    • Templates
  • Digital Marketing
    • SEO
    • Social Media
    • YouTube
    • Writing
    • E-commerce
  • WordPress
    • Plugins
  • Business
    • Finance
    • Stock Trading
    • Resources
    • Human Resource
    • Project Management
    • Branding
    • Entrepreneurs
    • Maintenance
    • Workflow
  • Infographics
  • Sponsored
  • Advice
    • Architecture
      • Building
      • Construction
    • Restaurant
    • Insurance
    • Automobile
      • Car Rental
    • Moving Overseas
    • Issues
    • Engineering
    • Energy Savings
  • Ideas
    • Home Decor
      • Interior Decorating
        • Furniture
    • Cultivation
  • Make Money
    • Freelancer
    • Stocks
  • LifeStyle
    • Photography
    • Beauty
    • Fashion
    • Music & Audio
    • Travel
    • Gemstones
  • Health and Fitness
    • Sports
    • Compensation Insurance
    • Pet Care
  • Education
    • Career Paths
  • Cryptocurrency
    • Bitcoin
    • Metaverse
    • Gambling
    • Digital Transformation
  • Entertainment
    • Guitar
  • Recipe
  • Collections
    • Wallets
  • Productivity
    • Organizing
  • About Us
  • Write For Us
  • Contact Us
No Result
View All Result
  • Home
  • Tech
    • Apps
    • Mobile
      • Phone Tracker
    • Printers
    • Electronics
      • PCB
    • Games
    • Web Hosting
    • Security
    • Software
      • PHP
    • Tools
  • Artificial Intelligence
  • Design
    • Animation
    • Graphics
    • Web Design
    • Templates
  • Digital Marketing
    • SEO
    • Social Media
    • YouTube
    • Writing
    • E-commerce
  • WordPress
    • Plugins
  • Business
    • Finance
    • Stock Trading
    • Resources
    • Human Resource
    • Project Management
    • Branding
    • Entrepreneurs
    • Maintenance
    • Workflow
  • Infographics
  • Sponsored
  • Advice
    • Architecture
      • Building
      • Construction
    • Restaurant
    • Insurance
    • Automobile
      • Car Rental
    • Moving Overseas
    • Issues
    • Engineering
    • Energy Savings
  • Ideas
    • Home Decor
      • Interior Decorating
        • Furniture
    • Cultivation
  • Make Money
    • Freelancer
    • Stocks
  • LifeStyle
    • Photography
    • Beauty
    • Fashion
    • Music & Audio
    • Travel
    • Gemstones
  • Health and Fitness
    • Sports
    • Compensation Insurance
    • Pet Care
  • Education
    • Career Paths
  • Cryptocurrency
    • Bitcoin
    • Metaverse
    • Gambling
    • Digital Transformation
  • Entertainment
    • Guitar
  • Recipe
  • Collections
    • Wallets
  • Productivity
    • Organizing
  • About Us
  • Write For Us
  • Contact Us
No Result
View All Result
Creativeshory - Tech Blog
No Result
View All Result
Home Tech

Researchers Create First Firmware Worm that Able to Infect Macs, Even Without Internet

by Arun
2015/08/04 - Updated on 2024/09/22
in Tech
0
apple-macbook-laptop-shadows-dark
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

When it comes to PCs, Apple computers have always been touted as more secure than other PCs. Especially when it comes to security, their firmware couldn’t be penetrated. But that will not be true anymore, as a newly created self-replicating worm has shown.

Wired reports that two researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of MACs. They have demonstrated a proof-of-concept worm for the first time. The researchers calling “Thunderstrike 2,” that would allow a firmware attack to spread automatically from MacBook to MacBook. The attack is able to infect the BIOS of a Mac and can’t be removed by flashing the operating system or even replacing its hard drive. The attack can also spread across Macs even without a network connection.

The worm was created by Xeno Kovah, owner of firmware security consultancy LegbaCore, and Trammell Hudson, a security engineer with Two Sigma Investments.

These exploits are nearly impossible to detect because security software doesn’t scan the firmware and reinstalling the system doesn’t remove the problem. The only way to eliminate malware embedded in a computer’s main firmware would be to re-flash the chip that contains the firmware.

Xeno Kovah said that this attack is really hard to detect, really hard to get rid of, and really hard to protect against something that’s running inside the firmware. For most users that’s really a throw-your-machine-away kind of situation. Most users and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.

An attacker could first remotely compromise the boot flash firmware on a MacBook by delivering the attack code through a malicious web site and phishing email. Once on a Mac, the malware would then be on the lookout for any peripherals connected to the computer that contain option ROM of peripheral devices like Apple’s Thunderbolt to Gigabit Ethernet adapter. The worm would then spread to any other computer to which the adapter gets connected.

Xeno Kovah said that this sort of vulnerability could be exploited to infect machines across the globe by selling infected ethernet adapters on eBay, or infect them in a factory.

“People are unaware that these small cheap devices can actually infect their firmware,” says Kovah. “You could get a worm started all around the world that’s spreading very low and slow. If people don’t have awareness that attacks can be happening at this level then they’re going to have their guard down and an attack will be able to completely subvert their system.”

Kovah likens to add that this sort of exploit is how Stuxnet spread to Iran’s uranium enrichment plant at Natanz via infected USB sticks.

“Stuxnet sat around as a kernel driver on Windows file systems most of the time, so basically it existed in very readily available, forensically-inspectable places that everybody knows how to check. And that was its Achille’s heel,” Kovah says.

Hardware makers could guard against firmware attacks if they cryptographically signed their firmware and accompanying updates. And that will be added authentication capabilities to hardware devices to verify these signatures. However, hardware makers aren’t implementing these changes because it would require re-architecting systems entirely. According to the researchers, Apple has not done enough to fix the vulnerabilities that leave Macs open to these kinds of attacks.

“Some vendors like Dell and Lenovo have been very active in trying to rapidly remove vulnerabilities from their firmware,” Kovah notes. “Most other vendors, including Apple as we are showing here, have not. We use our research to help raise awareness of firmware attacks, and show customers that they need to hold their vendors accountable for better firmware security.”

For more information: Researchers create first firmware worm that attacks Macs [Wired]

Image credit: Pixabay

Related

Tags: applefirmwaremacmalwaresecuritytechthunderstrike 2
Arun

Arun

Arunshory is a founder of creativeshory, a professional tech & resource website. He is an avid learner and he has been blogging for several years.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Google-News-Showcase

Most Popular

  • 108 Best Free Logo Fonts for Your 2024 Brand Design Projects
    108 Best Free Logo Fonts for Your 2024 Brand Design Projects
  • The 20 Best HTML Fonts to Use in 2024
    The 20 Best HTML Fonts to Use in 2024
  • How to Host Free Static Website in CloudFlare Pages
    How to Host Free Static Website in CloudFlare Pages
  • Avoid Delays: The Role of Electricians in Construction Timelines
    Avoid Delays: The Role of Electricians in Construction Timelines
  • Mobile SEO Tips To Help You Survive The Coming Google Mobilegeddon
    Mobile SEO Tips To Help You Survive The Coming Google Mobilegeddon
  • Are Manual Testing Tools still a necessity? Why?
    Are Manual Testing Tools still a necessity? Why?
  • Connection Between Workouts and Mental Health
    Connection Between Workouts and Mental Health
  • 5 Free AI-powered Image Generators Compared
    5 Free AI-powered Image Generators Compared
  • 136 Best Free Fonts for Logo Design in 2025
    136 Best Free Fonts for Logo Design in 2025
  • 100 Best Free Fonts for Designers in 2025
    100 Best Free Fonts for Designers in 2025
  • Terms & Conditions
  • Privacy Policy
  • About Us
  • Write For Us
  • Contact Us

Creativeshory.com. All Rights Reserved. © 2023 Reproduction of materials found on this site, in any form, without explicit permission is prohibited. Privacy Policy

No Result
View All Result
  • Home
  • Tech
    • Apps
    • Mobile
      • Phone Tracker
    • Printers
    • Electronics
      • PCB
    • Games
    • Web Hosting
    • Security
    • Software
      • PHP
    • Tools
  • Artificial Intelligence
  • Design
    • Animation
    • Graphics
    • Web Design
    • Templates
  • Digital Marketing
    • SEO
    • Social Media
    • YouTube
    • Writing
    • E-commerce
  • WordPress
    • Plugins
  • Business
    • Finance
    • Stock Trading
    • Resources
    • Human Resource
    • Project Management
    • Branding
    • Entrepreneurs
    • Maintenance
    • Workflow
  • Infographics
  • Sponsored
  • Advice
    • Architecture
      • Building
      • Construction
    • Restaurant
    • Insurance
    • Automobile
      • Car Rental
    • Moving Overseas
    • Issues
    • Engineering
    • Energy Savings
  • Ideas
    • Home Decor
      • Interior Decorating
    • Cultivation
  • Make Money
    • Freelancer
    • Stocks
  • LifeStyle
    • Photography
    • Beauty
    • Fashion
    • Music & Audio
    • Travel
    • Gemstones
  • Health and Fitness
    • Sports
    • Compensation Insurance
    • Pet Care
  • Education
    • Career Paths
  • Cryptocurrency
    • Bitcoin
    • Metaverse
    • Gambling
    • Digital Transformation
  • Entertainment
    • Guitar
  • Recipe
  • Collections
    • Wallets
  • Productivity
    • Organizing
  • About Us
  • Write For Us
  • Contact Us

Creativeshory.com. All Rights Reserved. © 2023 Reproduction of materials found on this site, in any form, without explicit permission is prohibited. Privacy Policy

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.