The World’s First Firmware Worm For Mac Is Here, And It Sounds Scary

The World’s First Firmware Worm For Mac Is Here, And It Sounds Scary

“Oh don’t worry,” your uncle said when you were shopping for a new computer. “Macs are virtually virus-proof.” Your uncle was wrong.

A team of white hat hackers just announced the development of the world’s first firmware worm that’s vicious enough to break through Apple’s legendary security. The so-called Thunderstrike 2 attack can be delivered through a phishing email or a peripheral device like a USB stick or even an ethernet adaptor. The worm then targets a machine’s option ROM or lives in the option ROM of peripherals so that even computers not connected to a network can be infected. It also can’t be removed from the firmware unless you open up the box and manually re-flash the chip. Oh, and the worm can’t be detected by any existing security software, so good luck with that.

“Let’s say you’re running a uranium refining centrifuge plant and you don’t have it connected to any networks, but people bring laptops into it and perhaps they share Ethernet adapters or external SSDs to bring data in and out,” Xeno Kovah, one of the firmware security consultants that developed the worm, told Wired. “Those SSDs have option ROMs that could potentially carry this sort of infection. Perhaps because it’s a secure environment they don’t use Wi-Fi, so they have Ethernet adapters. Those adapters also have option ROMs that can carry this malicious firm.”

If you’re running a uranium centrifuge plant, you definitely don’t want any type of worm in your computer system, especially one that could spread without being detected and destroy without fear of destruction. Kovah likened Thunderstrike 2 to the infamous Stuxnet worm that infected Iran’s uranium enrichment facilities a few years ago.

Don’t freak out just yet, though. Thunderstrike 2 is very apparently named after the original Thunderstrike virus, which was shown off at the Chaos Computer Congress in Germany earlier this year. Much like the sequel, Thunderstrike targeted Mac firmware and could not be detected. However, the original virus required physical access to the machine via Thunderbolt peripherals, while Thunderstike 2 can also be delivered remotely. Apple acknowledged Thunderstrike over six months ago and addressed the vulnerabilities, so there’s much hope that it will patch the new vulnerabilities that Thunderstrike 2 targets, too.

All that said, the really scary thing isn’t imagining how your computer might fall victim to a vicious undetectable worm called Thunderstrike. That’s a known threat now, one that will almost definitely be addressed. The horrifying thing is imagining what other kinds of worms governments are developing — the naughty bastard offspring of Stuxnet that stand to end the world with a single keystroke. We know that the NSA is working hard on firmware hacking, and you can be sure that China’s army of hackers is interested.

They’re probably not going to present their findings at Black Hat and Def Con, like the creators of Thunderstrike 2 are. Only Thor can save us now.


Picture: Flickr / Tobias Bischoff

The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.