Are Mac Safe? We present the Thunderstrike attack

According to a recent security presentation, attackers have been able to infect Macintosh systems with a particular kind of malware using the computer's Thunderbolt port.

Η , named Thunderstrike, and presented by the security researcher Trammell Hudson στο Chaos Communications στη Γερμανία. Ο Hudson είναι αρκετά γνωστός στην κοινότητα ασφαλείας, ιδιαίτερα για την αντίστροφη μηχανική του σε διάφορες συσκευές και συστήματα.MacBook Thunderstrike

Below you can watch the entire Hudson presentation or read one annotated version of his speech, but the bottom line is that the attack exploits a flaw in it Thunderbolt που επιτρέπει την εισαγωγή προσαρμοσμένου κώδικα – όπως π.χ. ένα bootkit – στο σύστημα χρησιμοποιώντας τη θύρα.

Vulnerability Thunderstrike exploits it Thunderbolt Option ROM, which was first described in 2012. However, Hudson's PoC is progressing several steps below (attempts to exploit the defect in the past to write new code to the ROM at startup disappointed many researchers).

Eventually, Hudson's PoC shows how an attacker could use the Thunderbolt port to install a custom bootkit. This bootkit could also be played on any other Thunderbolt-connected device, which means it could spread across networks.

Το τρομακτικό είναι ότι, επειδή αυτός ο κώδικας χρησιμοποιεί δικό του ξεχωριστό ROM, η επίθεση δεν μπορεί να ανακοπεί με την εκ νέου εγκατάσταση του OS X ή την εναλλαγή του σκληρού .

Hudson also showed that he could replace the encryption keys used by Apple to sign up with the new firmware, which prevents future system updates.

the good news

The Hudson project is impressive and scary for Apple's device owners, although they do not have to be afraid of Thunderstrike at the moment. Hudson reports that Mac bootkits firmware is not released, and that they only exist as proof of the concept (PoC).

Apple has already patched some of the vulnerability in most Mac mini and iMac with 5K Retina display.

It should also be noted that this type of attack requires physical access to a machine. You can not download malware through other software.

https://www.youtube.com/watch?v=5BrdX7VdOr0

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

2012firmwarehttpsthunderstrikeyoutube

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).