- Lawsuit alleges woman was kidnapped by Lyft driver and gang-raped 4 Years Ago
- Facebook and Ray-Ban want to replace smartphones with smart glasses 4 Years Ago
- Sirfetch’d is the gallant new Pokémon winning everyone’s heart 4 Years Ago
- Danielle Cohn’s dad says she’s not really 15 years old Today 2:14 PM
- Chilling ad by Sandy Hook Promise features kids using school supplies during a shooting Today 1:50 PM
- Don’t fall victim to this Venmo texting scam Today 1:18 PM
- Here’s what’s coming and going on Netflix in October 2019 Today 12:55 PM
- Marvel just turned Goldballs into one of the most powerful X-Men Today 12:33 PM
- Every house in ‘Skyrim’ and how to get them all Today 12:28 PM
- How to stream all the Week 3 NFL action Today 12:14 PM
- Taylor Swift has some thoughts on the end of ‘Game of Thrones’ Today 12:14 PM
- Notre Dame, Georgia, and how to stream college football’s must-watch Week 4 Today 11:52 AM
- Prominent Democratic donor Ed Buck charged with running drug house tied to fatal overdoses Today 11:45 AM
- Merriam-Webster recognizes use of singular ‘they’ for nonbinary people Today 11:39 AM
- VSCO dogs are here, and they’re just barely putting up with it Today 11:38 AM
Dangerous new flaw proves that Macs aren’t as safe as you think
Buying a Mac doesn’t mean you’re invulnerable.
Two researchers have developed a malware exploit that not only infects a MacBook with a particularly resilient worm but also spreads the infection to other MacBooks without requiring that they share a network.
Xeno Kovah, who owns the security firm LegbaCore, and Trammell Hudson of Two Sigma Investments used a known vulnerability in Apple’s Mac firmware to make a worm that could spread to new computers without alerting their users.
Taking inspiration from the original vulnerability’s name “Thunderstrike,” they called their creation “Thunderstrike 2.”
A computer’s firmware is like a house’s foundation. Everything is built on top of it, which makes an infection of it extremely difficult to detect or eliminate. Thunderstrike 2 is particularly dangerous, not just because of its ability to compromise a Mac’s firmware—though that is certainly its key trait—but also because of how discreetly it operates.
You would likely never know that your computer was infected with a worm like Thunderstrike 2. All you’d need to do is trust a sketchy email attachment or strange link and you’d be opening the door to a worm that is very difficult to detect and scrub.
Once Thunderstrike 2 takes root on a system, it spreads itself to any compatible plugged-in accessories, including Apple’s own Thunderbolt Ethernet adapter, which allows people to plug Internet cables into their laptops. If you were to share an infected accessory with another Mac, Thunderstrike 2 would sneak onto that machine and continue its infectious process.
An infected computer can relay its owner’s personal information to a nefarious third party. It can also be sucked into a botnet, a collection of computers used by a malicious actor to spread malware or spam.
Kovah and Hudson will show off more of their Thunderstrike 2 development at the Black Hat conference in Las Vegas on Aug. 6.
Mike Wehner is a former tech editor for the Daily Dot who now writes for BGR. His work has appeared everywhere from Yahoo to CNN, and there’s a good chance his Apple Watch is dead right now.