Security researchers have created a worm specifically for OS X, and it has the potential to infect every Apple computer. Dubbed Thunderstrike 2 by its creators – Xeno Kovah and Corey Kallenberg of LegbaCore and Trammell Hudson of Two Sigma Investments – the worm exploits a vulnerability in OS X, and can even affect machines not connected to the internet. Once embedded, Thunderstrike 2 is virtually undetectable and there’s no easy way to remove it.
The security researchers are expected to unveil their method of hacking this Thursday, at a Black Hat conference in Las Vegas.
What is Thunderstrike 2?
Thunderstrike 2 is the latest worm created by the researach team, and builds upon the original Thunderstrike created earlier this year.
The new worm starts its life on malicious websites or emails. Once on your system, Thunderstrike 2 uses a vulnerability to write itself into the computer’s firmware. At this point, the worm exists “below” the area used by traditional worms, as it’s embedded into a computer’s BIOS rather than its operating system.
As a result, it’s almost impossible to detect – or remove. Even worse, the worm is able to copy itself to any other Thunderbolt peripherals used by an infected machine, so it can easily be transmitted to other computers.
Thunderstrike 2 can usually write itself into a computer’s BIOS immediately, but in several instances it must wait until the machine is restarted.
A new type of hacking
One of the most worrying things about Thunderstrike 2 is its ability to affect offline Macs. By infecting Thunderbolt hard drives, Ethernet adapters or anything else that could be connected to an infected Apple Mac, Thunderstrike 2 can theoretically be spread to machines that have never been used on the internet.
The makers of the worm believe it opens up an entirely method of hacking, and one that manufacturers and consumers still aren’t prepared for. For example, hackers could distribute infected devices using eBay stores, and quickly gain access to thousands of Macs.
“People are unaware that these small cheap devices can actually infect their firmware,” Kovah explained to Wired. “You could get a worm started all around the world that’s spreading very low and slow. If people don’t have awareness that attacks can be happening at this level then they’re going to have their guard down and an attack will be able to completely subvert their system.”
Am I at risk from Thunderstrike 2?
According to a post from security expert Rich Mogull, the answer is probably not. A blog post by one of the researchers also states the issue was partially fixed by an Apple patch last month. What’s more, the hack itself was the work of secturity researchers, so the research will be used to patch and improve Mac OS X rather than exploit it. Therefore it’s extremely unlikely users are at risk.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
