A team of researchers has created a real-world firmware attack on Macs, based on the ThunderStrike vulnerability discovered last year. ThunderStrike 2 relies on some of the same attack vectors as its namesake, allowing infection of the Mac via infected peripherals, such as Apple’s own Thunderbolt to Gigabit Ethernet adapter.
It was created by security reseachers Trammell Hudson, who first discovered Thunderstrike, and Xeno Kovah, Wired reported on Monday.
The proof-of-concept worm can be easily passed from Mac-to-Mac even without the computers even being networked. The worm can escape detection by scanning software, and can’t be defeated by reformatting.
“People are unaware that these small cheap devices can actually infect their firmware,” says Kovah. “You could get a worm started all around the world that’s spreading very low and slow. If people don’t have awareness that attacks can be happening at this level then they’re going to have their guard down and an attack will be able to completely subvert their system.”
While Apple has been notified of the vulnerabilities, and is reported to have patched one, while partially fixing a second. This leaves three of the vulnerabilities unpatched, but it’s likely Apple is working to fix the flaws in an upcoming security update.
More details on ThunderStrike 2 are scheduled to be shared at this year’s Black Hat USA security conference on Thursday, August 6.
