Mac evangelists have often argued that their platform of choice is more secure than Windows PCs, but while that claim was true for many years, the walls are beginning to crumble.
Two researchers have developed a malware exploit that not only infects a MacBook with a particularly resilient worm but also spreads the infection to other MacBooks without requiring that they share a network.
Xeno Kovah, who owns the security firm LegbaCore, and Trammell Hudson of Two Sigma Investments used a known vulnerability in Apple’s Mac firmware to make a worm that could spread to new computers without alerting their users.
Taking inspiration from the original vulnerability’s name “Thunderstrike,” they called their creation “Thunderstrike 2.”
A computer’s firmware is like a house’s foundation. Everything is built on top of it, which makes an infection of it extremely difficult to detect or eliminate. Thunderstrike 2 is particularly dangerous, not just because of its ability to compromise a Mac’s firmware—though that is certainly its key trait—but also because of how discreetly it operates.
You would likely never know that your computer was infected with a worm like Thunderstrike 2. All you’d need to do is trust a sketchy email attachment or strange link and you’d be opening the door to a worm that is very difficult to detect and scrub.
Once Thunderstrike 2 takes root on a system, it spreads itself to any compatible plugged-in accessories, including Apple’s own Thunderbolt Ethernet adapter, which allows people to plug Internet cables into their laptops. If you were to share an infected accessory with another Mac, Thunderstrike 2 would sneak onto that machine and continue its infectious process.
An infected computer can relay its owner’s personal information to a nefarious third party. It can also be sucked into a botnet, a collection of computers used by a malicious actor to spread malware or spam.
Kovah and Hudson will show off more of their Thunderstrike 2 development at the Black Hat conference in Las Vegas on Aug. 6.