According to a recent security presentation, attackers have been able to infect Macintosh systems with a particular kind of malware using the computer's Thunderbolt port.
The attack, named Thunderstrike, and presented by the security researcher Trammell Hudson at the Chaos Communications Congress in Germany. Hudson is well-known in the security community, particularly for his reverse engineering on various devices and systems.
Below you can watch the entire Hudson presentation or read one annotated version of speech, but the point is that the attack exploits a flaw in the Thunderbolt port that allows custom code to be entered - e.g. a bootkit - on the system using the port.
Vulnerability Thunderstrike exploits it Thunderbolt Option ROM, which was first described in 2012. However, Hudson's PoC is progressing several steps below (attempts to exploit the defect in the past to write new code to the ROM at startup disappointed many researchers).
Eventually, Hudson's PoC shows how an attacker could use the Thunderbolt port to install a custom bootkit. This bootkit could also be played on any other Thunderbolt-connected device, which means it could spread across networks.
The scary is that because this code uses its own separate ROM, the attack can not stop by reinstalling OS X or switching the hard disk.
Ο Hudson έδειξε επίσης ότι μπορούσε να αντικαταστήσει τα wrenches κρυπτογράφησης που χρησιμοποιεί η Apple χρησιμοποιεί για να υπογράψει με νέο κλειδί το firmware, κάτι το οποίο αποτρέπει μελλοντικές updates of the system.
the good news
Hudson's project is both impressive and terrifying for Apple device owners, though they needn't fear Thunderstrike for now. Hudson reports that there are no Mac firmware bootkits released, and that they only exist as evidence of concept (PoC).
Apple has already patched some of the vulnerability in most recently Mac mini and iMac with 5K Retina display.
It should also be noted that this type of attack requires physical access to a machine. You can not download malware through other software.
https://www.youtube.com/watch?v=5BrdX7VdOr0
