Researchers Create Thunderstrike 2- The Firmware Worm That Attacks Macs

Two researchers have designed a worm that can spread itself via the firmware of Apple OS X computers and peripherals, without the aid of connecting to the Internet. Firmware is software that resides on a chip in your device, and provides instructions to the hardware on how to power up properly and then load the operating system.

The researchers found five vulnerabilities, originally discovered in the firmware of PCs that can cross over to Mac OS X. This is also the first instance where a vulnerability on a Mac can be spread without an Internet connection. Instead, it is transferred via the firmware of a device. For example, if you were to plug in a lightning USB Ethernet adapter into an infected Mac, that adapter will then become infected, as it has firmware in it. Once unplugged, the malware will stay on the device and spread itself once plugged into a clean computer. Most traditional antivirus and Internet security products do not scan these chips, as they are low level functions and are related to the operation of the hardware that they are attached to. Right now, there is no way of removing this malware once it has infected a device.

Fortunately, this is what is called a “proof-of-concept,” which means even though it has been discovered by researchers, it has not been exploited by cybercriminals. Yet.

So far, Apple has been able to patch one vulnerability and has partially patched another, however, there are still three to go. When you get that notification from Apple that there are updates available, do NOT click on “Remind Me Tomorrow,” and do it right away.

Whether a vulnerability has been exploited or newly discovered, it is important to always play it safe. While no cyber security software can protect you from every single thing on the threat landscape, a little knowledge and caution can go a long way. Remember to always be careful when receiving emails, chats, text messages and private messages from unknown senders and never download attachments or click on unfamiliar links.

More information about this type of exploit will come to light after it has been presented at this week’s Black Hat USA Conference, so stay tuned for updates.