MacMac News

Thunderstrike 2 Targets Mac Firmware, Seen in the Wild

thunderstrike-2-macbook

Are you running OS X 10.11 El Capitan Beta? At least for the moment, you don’t have to worry about Thunderstrike 2, a new and actually virulent bit o’ malware. Thunderstrike 2 infects peripheral device and Mac firmware, and can be spread via a range of mechanisms.

Wired and pretty much the entire tech press are reporting on Thunderstrike 2, an exploit that is actively being exploited in the wild.

There have been examples of firmware worms in the past—but they spread between things like home office routers and also involved infecting the Linux operating system on the routers. Thunderstrike 2, however, is designed to spread by infecting what’s known as the option ROM on peripheral devices.

While Thunderstrike 2 can be used to infect a Windows PC, which isn’t news per se, the headlines are all about the Mac. Moreover, current antivirus apps have no way of detecting let alone removing, if at all possible, Thunderstrike 2 from an affected computer or device.

An attacker could first remotely compromise the boot flash firmware on a MacBook by delivering the attack code via a phishing email and malicious web site. That malware would then be on the lookout for any peripherals connected to the computer that contain option ROM, such as an Apple Thunderbolt Ethernet adapter, and infect the firmware on those. The worm would then spread to any other computer to which the adapter gets connected.

Thunderstrike 2 can then spread via essentially any device equipped with option ROM, a type of firmware used in a huge variety of computer and consumer electronics hardware.

Again, as noted by Ars Technica and in the lede above, Apple’s currently in beta OS X 10.11 El Capitan doesn’t appear to be vulnerable. However, Apple’s current OS X 10.10.4 (Yosemite) and in beta OS X 10.10.5 both are Thunderstike 2 exploitable…

Well, it has finally happened. There is a Mac malware out there in the wild that be spread essentially at will and there isn’t, as of this writing, any way to detect or stop it…

Has Thunderstrike 2 changed your the way you think about Mac security?

Tags

ronaldcarlson

Monsieur Le Bloggier — Viva le difference, viva le Mac.

Leave a Reply

Notify of
avatar
Jurassic
Jurassic

“Has Thunderstrike 2 changed your the way you think about Mac security?”

Nope.

I’ve always taken security seriously, and have owned Macs for more than 20 years.

Since using OS X (for the past 15 years) I have NEVER had any malware on my Mac… Except for Windows malware .exe’s that sometimes get downloaded with email or from websites, and don’t have any effect on OS X.

Yes, I do run malware checkers, and I keep the databases up to date. But I have never been tricked into installing a Trojan on my own Mac… And since there has never been a real virus that doesn’t involve either the admin installing it onto their own computer, or allowing someone physical access to your computer (and this INCLUDES Thunderstrike 2 despite the hype you read), I have never had the hassle of having to remove malware on my Macs.