Just when Mac users thought their systems were virtually virus proof, a team of hackers has just announced the development of the world’s first firmware worm that can break through Apple’s legendary security.
It’s called the Thunderstrike 2 attack, and it can be delivered through a phishing email or a peripheral device like a USB stick, or even by using an Ethernet adapter.
Once in, the worm will then targets the Mac computer’s option ROM or the option ROM of peripherals.
This means that even computers that are not connected to a network can still be infected.
Thunderstrike 2 “firmworm” for MacBooks Preview Video:
The only way to remove it from the firmware is to manually re-flash the chip. For most user this means a trip to the repairer. What makes this worm so bad is that you cannot detect it by any of the existing security software.
“Let’s say you’re running a uranium refining centrifuge plant and you don’t have it connected to any networks, but people bring laptops into it and perhaps they share Ethernet adapters or external SSDs to bring data in and out,” Xeno Kovah, a security consultants that developed the worm, told Wired.
“Those SSDs have option ROMs that could potentially carry this sort of infection. Perhaps because it’s a secure environment they don’t use Wi-Fi, so they have Ethernet adapters. Those adapters also have option ROMs that can carry this malicious firm.”
According to Gizmodo, Thunderstrike 2 is very appropriately named after the original Thunderstrike virus, which was shown off at the Chaos Computer Congress in Germany earlier this year. Much like the sequel, Thunderstrike targeted Mac firmware and could not be detected. However, the original virus required physical access to the machine via Thunderbolt peripherals, while Thunderstike 2 can also be delivered remotely.
It seems that there will always be someone who wants to hack your computer, and this sort of thing will only get worse. So my advice is, get used to it.