Jump to content

Here's a Worm That Can Infect Your Mac Without You Even Knowing


Batu69

Recommended Posts

Most viruses are more than meets the eye

Macs were known as the most secure of all computers, while iOS users always seemed to pride themselves with their operating system's invincibility. Until now.

Macs were mostly avoided by hackers because they're not as common as their PC counterparts, but it seems that if someone really decides to hack a Mac, they’ll be able to do it just as easily as in the case of a regular PC, since the two machines have the same vulnerabilities.

Apparently, accessing a phishing email or a malicious site from your Mac could compromise the computer, your Thunderbolt adapter, the motherboard boot flash, and Thunderbolt option ROMs. And as it turns out, you can't do almost anything to remove the virus since it integrates in the firmware and the motherboard boot flash, and any security software won't scan those devices since it considers them safe from the start. The only way to get rid of the virus is to re-flash the boot flash chip on the motherboard.

It seems that this issue appears because the firmware isn't encrypted out of the factory and doesn't authenticate from the manufacturer. The problem is that it affects both air-gapped (computers with no access to the Internet) and non-air-gapped computers by simply using the same infected Thunderbolt adapter from a computer to another. Also, no sign of the infection will be visible until rebooting your Mac. Since it embeds in your boot flash, the machine has to activate said memory containing the firmware in order to get your Mac fully infected.

And now you'll know why this worm is important

However, Wired also put an inevitable political spin to this virus story. It seems this little worm was a method preferred by NSA to hack into air-gapped computers equipped with Option ROMs that can carry this virus via SSDs or RAID controllers, ethernet adapters, or laptops that could be brought in nuclear power plants to gather data. Any sort of access given to the unencrypted boot flash chips would compromise the entire network of computers through the enclosed Ethernet network.

A way to counter this would be for vendors or manufacturers to introduce checksums that will generate a unique identifier code composed of letters and numbers when run through an algorithm at boot. If the algorithm detects changed data when it boots, the BIOS would create another checksum for the firmware. This basically means re-flashing the firmware every time your computer starts, thus rendering any attack through the boot flash chip useless even before the OS starts to run on the computer.

Source

Link to comment
Share on other sites


  • Views 461
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...