August 3, 2015 06:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/dNwFrgsuHgU/researchers-create-mac-firmworm-that-spreads-via-thunderbolt-ethernet-adapters
Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters
BIOS4breakfast writes: Wired reports that later this week at BlackHat and Defcon, Trammel Hudson will show the Thunderstrike 2 update to his Thunderstrike attack on Mac firmware (previously covered on Slashdot). Trammel teamed up with Xeno Kovah and Corey Kallenberg from LegbaCore, who have previously shown numerous exploits for PC firmware. They found multiple vulnerabilities that were already publicly disclosed were still present in Mac firmware. This allows a remote attacker to break into the Mac over the network, and infect its firmware. The infected firmware can then infect Apple Thunderbolt to Ethernet adapters' PCI Option ROM. And then those adapters can infect the firmware of any Mac they are plugged into — hence creating the self-propagating Thunderstrike 2 "firmworm." Unlike worms like Stuxnet, it never exists on the filesystem, it only ever lives in firmware (which no one ever checks.) A video showing the proof of concept attack is posted on YouTube.at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/dNwFrgsuHgU/researchers-create-mac-firmworm-that-spreads-via-thunderbolt-ethernet-adapters
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot