During the Chaos Communication Conference in Hamburg during this week, a security expert has uncovered a method to infect a Mac thanks to the Thunderbolt connection . A device created specifically to connect to these ports would be able to infect Apple computers, making it nearly impossible to remove by injecting a bootkit in the EFI Boot ROM.Thunderbolt port vulnerability was discovered in 2012 and has not yet been resolved by Apple. Trammel Hudson, its discoverer, spoke yesterday at the conference to demonstrate the method that was used for infection. The malware, dubbed Thunderstrike, is capable of the following:
A vulnerability that allows the installation of firmware modifications that remain in the EFI Boot ROM popular Apple MacBooks. The bootkit can be easily installed through an infected via the Thunderbolt port and survive the reinstallation of OS X device, as well as replacing the hard drive. Once installed, you can avoid attempts to delete it and spread virally throughout air-gaps [networks not connected to internet] infecting additional Thunderbolt devices.
That is, once an Apple computer infected by this method, it is virtually impossible to remove. Not a reinstallation of the operating system or a “healthy” hard drive will be able to solve the problem. Nor would it be possible to fix the problem through a firmware update from Apple, as Thunderstrike is able to block these updates.
More details about the vulnerability:
Hudson specializes in reverse engineering. In the video posted on the website of the conference, his talk is divided into three parts:
- Reverse Engineering EFI Boot ROM.
- Development of vulnerability Thunderstrike.
- Mitigation strategies.
This high speed connection was opened on the renewal of the MacBook Pro early 2011 Technology has been. developed jointly by Intel and Apple :
The trade name Light Peak technology developed by Intel and placing on the market with technical collaboration from Apple that combines Mini DisplayPort with PCI Express connection [This is].