By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    CosmicStrand: a UEFI rootkit
    8 months ago
    Cloak and Dagger: A hole in Android
    7 months ago
    Mobile malware masked as porn apps
    8 months ago
    Latest News
    Safeguards against firmware signed with stolen MSI keys
    1 day ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    1 day ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
    6 days ago
    Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro 4 teardown: Get a closer look at the components
    8 months ago
    How to reset Windows Update components on Windows 10
    8 months ago
    Windows 11 build 22610 with new changes in Dev and Beta Channels
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    What is two-factor authentication | Kaspersky official blog
    2 days ago
    Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
    4 days ago
    NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
    4 days ago
    How Oxy uses hooks for maximum extensibility
    How Oxy uses hooks for maximum extensibility
    5 days ago
    The personal threat landscape: securing yourself smartly
    5 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How do you know if your accounts have been hacked?
    8 months ago
    How to protect yourself from piercing by IP address?
    8 months ago
    How to find out the IP address of your enemy in a couple of clicks
    8 months ago
    Latest News
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    2 days ago
    How to enable Taskbar End Task option to close apps on Windows 11
    2 days ago
    How to check USB4 devices specs from Settings on Windows 11
    2 days ago
    How to enable new header UI for File Explorer on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: What is the Thunderstrike Mac OS X Firmware Bootkit?
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

What is the Thunderstrike Mac OS X Firmware Bootkit?

Vitus White
Last updated: 13 October
Vitus White 8 months ago
Share
5 Min Read

The first ever publicly known OS X firmware bootkit emerged out of the 31st Chaos Computer Club conference in Hamburg, Germany last month.

Security researcher Trammell Hudson developed the attack and named it Thunderstrike. It exploits a vulnerability deep in the core of the Apple’s OS X operating system. In fact, the vulnerability underlies the operating system altogether. Hudson contacted Apple and they reportedly resolved the issue in all affected devices except the MacBook.

There is no room for doubt here: Thunderstrike, like all boot- and rootkits, is a nasty threat that can wrest control over everything you do on your computer. You can think of it as the Ebola of computer threats: catching the disease carries devastating consequences, but the likelihood of becoming infected is relatively small.

Interested in the Apple #Thunderstrike vulnerability but don't have an hour for the video? https://t.co/z5iaoMzRuf pic.twitter.com/jct5ZnTYji

— Trammell Hudson (@qrs) December 31, 2014

Bootkits are a type of rootkit malware that live within the boot process beneath your computer’s operating system, commanding complete control over infected machines. They affect the Master Boot Record and initiate on startup, before the operating system even loads. Even if you delete your operating system, the bootkit remains. Bootkits, therefore, are highly resistant to removal efforts and even difficult to find, though advanced antivirus products will root them out.

Thunderstrike is a bootkit for OS X devices that can be installed via direct hardware access or through a thunderbolt connection. The first scenario, infection via direct hardware access is unlikely. Either the manufacturer would have to install the bootkit or an attacker would have to take your Macbook apart and physically install it into the hardware him or herself.

#Thunderstrike is a #Mac #bootkit that is only transmittable through direct hardware or #Thunderbolt cable access

Tweet

However, the second vector, infection through the Thunderbolt connection, is slightly more viable. In fact, we have a term for this kind of attack: they’re called “evil maid” attacks, or state-sponsored attacks where laptops are confiscated and examined in airports or border crossings. The same method could be applied any time you are away from your machine.

Thus, like Ebola, which is only transmittable through direct contact with bodily fluids, your machine is only susceptible to Thunderstrike if someone takes it apart or sticks a thunderbolt connection into it and installs malicious firmware on your Mac from a peripheral device.

It can’t be removed by software since it controls the signing keys and update routines. Reinstallation of OS X won’t remove it. Replacing the SSD won’t remove it since there is nothing stored on the drive.

Other pieces of malware are less impactful but have far greater transmission rates. To complete the metaphor, the common cold is airborne, and poses a far greater risk to the general public than Ebola, despite the fact that the common cold is not generally terminal.

Similarly, a piece of malware designed to eat processing power and contribute to a botnet isn’t quite as scary as Thunderstrike, but because it can infect your machine remotely through a web injection, malicious email, drive-by download or a number of other vectors, it’s actually much more of a public nuisance.

“Since it is the first OS X firmware bootkit, there is nothing currently scanning for its presence,” Hudson said. “It controls the system from the very first instruction, which allows it to log keystrokes, including disk encryption keys, place backdoors into the OS X kernel and bypass firmware passwords. It can’t be removed by software since it controls the signing keys and update routines. Reinstallation of OS X won’t remove it. Replacing the SSD won’t remove it since there is nothing stored on the drive.”

The best way to protect yourself against Thunderstrike is to make sure that no one can access your Macbook when you aren’t around. In other words, if you are careful about avoiding theft, then you should be good to go.

In the meantime, enjoy some AC/DC:


Source: kaspersky.com

Translate this article

TAGGED: Encryption, Malware, Rootkit, RTF, Security, Software, Targeted Attack, Threat, Threats, YouTube
Vitus White October 13, 2022 October 7, 2022
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Safeguards against firmware signed with stolen MSI keys
Threats 1 day ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats 1 day ago
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
News 2 days ago
How to enable Taskbar End Task option to close apps on Windows 11
News 2 days ago
How to check USB4 devices specs from Settings on Windows 11
News 2 days ago

Recent Posts

  • Safeguards against firmware signed with stolen MSI keys
  • WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
  • How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
  • How to enable Taskbar End Task option to close apps on Windows 11
  • How to check USB4 devices specs from Settings on Windows 11

You Might Also Like

Threats

Safeguards against firmware signed with stolen MSI keys

1 day ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats

WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin

1 day ago
News

How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11

2 days ago
How To

What is two-factor authentication | Kaspersky official blog

2 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

What is two-factor authentication | Kaspersky official blog
Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
How Oxy uses hooks for maximum extensibility
The personal threat landscape: securing yourself smartly
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Previous Next
Hot News
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
How to enable Taskbar End Task option to close apps on Windows 11
How to check USB4 devices specs from Settings on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?