Beware Mac Users, Mac’s First Firmware Virus is On the Loose
We all have an impression that Apple’s ecosystem is supported by the most secure operating system in the world. But, this statement may not be considered true anymore. The myth has been broken today by a team of hackers who have developed the world’s first virus for Mac and named it Thunderstrike 2.
This virus can be transferred via USB sticks or even email phishing. This then bypasses the Mac’s Operating System and directly attacks the BIOS – the software that appears before the main operating system after the system boots up. The worm then targets a machine’s option ROM or lives in the option ROM of peripherals.
Worse, because of living within the ROM of peripherals, the Thunderstrike 2 can spread from one Mac to another without even having to connect to a network. Anti-Virus programs are useless as the malware cannot be detected at the hardware’s BIOS level. Thus, checking for infection is very difficult.
The only way to remove this virus is to open up the hardware parts of the Mac and manually re-flash the chip. Xeno Kovah, co-founder of a security training firm called LegbaCore, who developed the worm says:
For most users, that is really a throw-your-machine-away kind of situation. Most people and organisations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.
Kovah and his partner Corey Kallenberg uncovered a series of firmware vulnerabilities that affected 80% of the systems they had, including HP, Dell, Lenovo and Samsung. These vulnerabilities, as found by the researchers, allowed them to bypass the firmware and reflash the BIOS to plant malicious code within the firmware. Kovah and Kallenberg tried to test the same vulnerabilities on MacBook boot flash firmware and found out that almost all the attacks on PCs and laptops could be replicated for Mac too.
The first version was fixed with OS X 10.10.2 and required the hacker to have physical access to the computer. The new version is incorrigible because the malware can be transferred via a link. The latest OS X security update (10.10.4) seems to try and resist the bug to a certain extent, instead of being engulfed by it completely.
So, what can you do to protect your Mac? All we can do right now is hope Apple rolls out a BIOS update soon.