Apple’s Mac computers have a reputation of being more secure than Windows PCs, but that’s just not the case anymore. A team of security researchers were able to create a bug that digs deep into a Mac’s firmware and can even jump from Mac to Mac—even if the two Macs aren’t networked.
Apple bug attacks firmware
Josh Valcarcel of Wired reports that two cyber-security researchers learned that a lot of the vulnerabilities that are known to affect Windows PCs can also affect Apple’s Mac computers. They have also become the first to develop a worm which proves just how serious the Mac vulnerabilities are.
Their worm demonstrated how hackers to gain access to Macs—even those which are air-gapped, in such a way that security scanners wouldn’t be able to detect. And by grabbing hold of the firmware, the worm can remain on the machine even through updates to its firmware. In other words, the worm could not be fixed through security updates because it would lie undetected deep inside the machine.
Firmware worms hard to get rid of
The reason for this is because firmware updates require the old firmware to install them, so if there’s a worm infecting the firmware in a Mac, it would be able to block updates or even write itself into an update. According to Wired, the only way to get rid of the worm is to re-program the chip holding the firmware.
One of the researchers who created the worm said that most people would simply replace their computers if such an infection occurs. The firmware is responsible for booting up computers. Because the firmware operates at a deeper level than where security and virus scanners operate, it’s nearly impossible to tell if the firmware has been infected. Also it remains even if the Mac is wiped and the operating system reinstalled.
Where Apple’s Macs are vulnerable
Xeno Kovah and his partner call their Apple worm Thunderstrike 2, and their tests on Apple’s Mac computers follow their work on firmware vulnerabilities which affected 80% of PCs last year. After identifying those vulnerabilities, they wanted to see if the same ones apply to Apple’s Macs.
They said that five of the six holes they found in PCs were also open on Macs, meaning that Apple’s computers aren’t really much safer than Windows-based PCs. The reason these vulnerabilities are so widespread is because many computer manufacturers use the same code for their firmware.
The researchers also identified some steps Apple could have taken to block at least one of the vulnerabilities, although it did not. According to Wired, Apple has now fully patched one of the five holes and partially patched a second one although the other three holes remain open.
Thunderstrike 2 spreads from Mac to Mac
After identifying the holes, Kovah and his partner, Corey Kallenberg, developed Thunderstrike 2, which they said can jump from Mac to Mac without being detected. The reason for this is because it never actually affects the computer’s file system or operating system, living only in the machine’s firmware.
It only takes seconds for Thunderstrike 2 to infect a Mac’s firmware and the option ROM on peripheral devices. From there, the worm can infect other computers which are attached to the peripheral devices, like Apple’s Thunderbolt Ethernet adapter. The security researchers warn that this worm would make it easy for hackers to infect hundreds of Mac computers by selling infected Apple peripherals on eBay or other websites.
This is especially dangerous because while people mostly know better than to click on links in emails from unknown sources, they probably don’t realize that their Mac can be infected through peripheral devices in this manner.