{"id":8511,"date":"2015-08-03T22:30:58","date_gmt":"2015-08-04T02:30:58","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8511"},"modified":"2015-08-03T22:30:58","modified_gmt":"2015-08-04T02:30:58","slug":"macs-can-be-remotely-infected-with-firmware-malware-that-remains-after-reformatting","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/08\/03\/macs-can-be-remotely-infected-with-firmware-malware-that-remains-after-reformatting\/","title":{"rendered":"Macs can be remotely infected with firmware malware that remains after reformatting"},"content":{"rendered":"<p>When companies claim their products are unhackable or invulnerable, it must be like waving a red flag in front of bulls as it practically dares security researchers to prove otherwise. Apple previously claimed that Macs were not vulnerable to the same firmware flaws that could backdoor PCs, so researchers proved they could remotely infect Macs with a firmware worm that is so tough to detect and to get rid of that they suggested it presents a toss your Mac in the trash situation.<\/p>\n<p>Corey Kallenberg, Xeno Kovah and Trammell Hudson will present \u201cThunderstrike 2: Sith Strike\u201d at Black Hat USA on August 6. \u201cAlthough several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform,\u201d they wrote in the description of their talk. \u201cInterestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Macs are in fact vulnerable to many of the software-only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of.\u201d<\/p>\n<p>The researchers previously used LightEater when they presented \u201cHow Many Million BIOSes Would you Like to Infect?\u201d After they revealed that about 80 percent of PCs have firmware vulnerabilities, Apple claimed Macs did not. But Kovah said that\u2019s not true; he told Wired, \u201cIt turns out almost all of the attacks we found on PCs are also applicable to Macs.\u201d In fact, the researchers said five of the six vulnerabilities studied affect Mac firmware.<\/p>\n<p>Firmware runs when you first boot a machine; it launches the operating system. For Apple computers, the firmware is called the extensible firmware interface (EFI). Most people believe Apple products are superior when it comes to security, but the researchers want to \u201cmake it clear that any time you hear about EFI firmware attacks, it\u2019s pretty much all x86 [computers].\u201d Attackers need only a few seconds to remotely infect Mac firmware. Macs infected with Thunderstrike 2 would remain infected even if a user were to wipe the hard drive and reinstall the OS, as that doesn\u2019t fix a firmware infection.<\/p>\n<p>Read More: <a href=\"http:\/\/www.pcworld.com\/article\/2955707\/security\/macs-can-be-remotely-infected-with-firmware-malware-that-remains-after-reformatting.html\" target=\"_blank\">Macs can be remotely infected with firmware malware that remains after reformatting | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When companies claim their products are unhackable or invulnerable, it must be like waving a red flag in front of [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2],"tags":[638,655],"class_list":["post-8511","post","type-post","status-publish","format-standard","hentry","category-apple","tag-mac","tag-malware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-2dh","jetpack-related-posts":[{"id":9430,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/05\/the-prosecco-experience-this-week-in-tech-691\/","url_meta":{"origin":8511,"position":0},"title":"The Prosecco Experience &#8211; This Week in Tech 691","author":"NCCT","date":"November 5, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9Pm9vDm1-sg Apple\u2019s new Macs and iPads, CIA\u2019s not-so-secret websites, Twitter voter suppression, and more. -- Apple announces new MacBook Air and Mac Mini, then blows them both away with its new iPad Pro. -- Apple will no longer tell us how many iPhones it sells. -- How to kill an\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9Pm9vDm1-sg\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9940,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/the-blue-and-the-gray-m4-macbook-air-m4-max-mac-studio-apple-intelligence\/","url_meta":{"origin":8511,"position":1},"title":"The Blue and the Gray &#8211; M4 MacBook Air, M4 Max Mac Studio, Apple Intelligence","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/e_K-4_7i08k Is Apple's 'Sky Blue' really blue? Apple is delaying its 'more personalized Siri' Apple Intelligence features. Is anyone excited about RollerCoaster Tycoon coming to Apple Arcade? And Dropbox now supports Live Photos! ... after ten years. \u2022 Sky (blue)\u2019s the limit: M4 MacBook Air offers lower price, improved camera,\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/e_K-4_7i08k\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9655,"url":"https:\/\/nccomputertech.com\/techtalk\/2021\/03\/09\/fuquay-varina-and-holly-springs-computer-repair\/","url_meta":{"origin":8511,"position":2},"title":"Fuquay Varina and Holly Springs Computer Repair","author":"NCCT","date":"March 9, 2021","format":false,"excerpt":"Welcome to our blog. NC Computer Tech services Fuquay Varina, Holly Springs, and surrounding NC areas. We offer prompt, professional, courteous service with over twenty years of experience dealing with residential and small business clients offering them solutions and fixing their computer and network issues at reasonable rates. Our services\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9378,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/07\/13\/smart-home-security-tips\/","url_meta":{"origin":8511,"position":3},"title":"Smart Home Security Tips","author":"NCCT","date":"July 13, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ESqqAf3IGok Megan Morrone and Florence Ion talk to Stacey Higginbotham about tips for securing your smart home. The advantages and disadvantages of running devices on a guest network. Plus, how do you know if your devices are getting regular firmware updates.","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ESqqAf3IGok\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9320,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/08\/this-week-in-tech-661-the-ant-man-canon\/","url_meta":{"origin":8511,"position":4},"title":"This Week in Tech 661: The Ant Man Canon","author":"NCCT","date":"April 8, 2018","format":false,"excerpt":"https:\/\/youtu.be\/BOkNYwQ_k1Y Facebook issues the latest in a long string of apologies.YouTube shooter and the lure of fame. Apple plans its own chips for 2020, Mac Pro for 2019. Is Amazon spending too much on video? Terry Myerson out at Microsoft - the end of the Windows era. FBI seizes Backpage.com.","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/BOkNYwQ_k1Y\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9812,"url":"https:\/\/nccomputertech.com\/techtalk\/2024\/11\/08\/slow-and-steady-m4-macbook-pro-apple-q424-pixelmator\/","url_meta":{"origin":8511,"position":5},"title":"Slow and Steady &#8211; M4 MacBook Pro, Apple Q424, Pixelmator","author":"NCCT","date":"November 8, 2024","format":false,"excerpt":"https:\/\/youtu.be\/etW5-oInyGA As expected following the end of last week's MacBreak Weekly, Apple announced the new M4, M4 Pro, and M4 Max MacBook Pros. Jason recaps the results of Apple's Q424. And Apple acquires Pixelmator. \u2022 Early Apple M4 Pro and M4 Max benchmarks hint at a massive performance boost. \u2022\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/etW5-oInyGA\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8511"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8511\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}