Why you shouldn’t panic about Thunderstrike Mac virus
Scare stories about a vulnerability in Mac OS X that can be used to deliver undetectable, unremovable malware to your computer have started doing the rounds today, but if you’re a Mac user, there’s no reason to start quaking at your keyboard just yet.
First things first, Thunderstrike is a real, and potentially serious vulnerability. Discovered by programmer and researcher Trammell Hudson, the vulnerability in the Mac’s ROM could allow a hacker to launch malware on the computer and completely avoid detection by any security software.
But there’s one important proviso – the attacker needs to physically get their hands on your computer first.
Most vulnerabilities are executed remotely by an attacker who could be sat over the other side of the world from their victim making use of a hole in the computer’s software (including its operating system). However, because these attacks are software based, they can be thwarted once the vulnerability been detected.
In memory attacks, like Thunderstrike, are more difficult to detect, avoid and mitigate because they make use of vulnerabilities in the way the hardware works. But because they require real-world contact with the device, they’re also harder to carry out.
That’s not to say such an attack has never happened, though. It’s thought the Stuxnet worm, which shut down Iran’s nuclear power stations by making their Siemens centrifuges spin out of control, was introduced by infected USB, as the computers in the facilities were not connected to any public network.
In the end, it’s unlikely you will fall victim to such a complex attack, but that’s not to say you should be reckless with your devices. “While it is unlikely that an ‘evil maid’ will fiddle with your machine while you’re in the hotel lobby, it’s entirely open to plain old theft or accidental damage which I’d be more concerned about,” Chris Boyd, malware intelligence analyst at security firm Malwarebytes told PC Pro.
“As with so many causes of infection, good old-fashioned user awareness will help head off this threat and prevent someone dongling around your mac ports,” he added.