{"id":8511,"date":"2015-08-03T22:30:58","date_gmt":"2015-08-04T02:30:58","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8511"},"modified":"2015-08-03T22:30:58","modified_gmt":"2015-08-04T02:30:58","slug":"macs-can-be-remotely-infected-with-firmware-malware-that-remains-after-reformatting","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/08\/03\/macs-can-be-remotely-infected-with-firmware-malware-that-remains-after-reformatting\/","title":{"rendered":"Macs can be remotely infected with firmware malware that remains after reformatting"},"content":{"rendered":"<p>When companies claim their products are unhackable or invulnerable, it must be like waving a red flag in front of bulls as it practically dares security researchers to prove otherwise. Apple previously claimed that Macs were not vulnerable to the same firmware flaws that could backdoor PCs, so researchers proved they could remotely infect Macs with a firmware worm that is so tough to detect and to get rid of that they suggested it presents a toss your Mac in the trash situation.<\/p>\n<p>Corey Kallenberg, Xeno Kovah and Trammell Hudson will present \u201cThunderstrike 2: Sith Strike\u201d at Black Hat USA on August 6. \u201cAlthough several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform,\u201d they wrote in the description of their talk. \u201cInterestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Macs are in fact vulnerable to many of the software-only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of.\u201d<\/p>\n<p>The researchers previously used LightEater when they presented \u201cHow Many Million BIOSes Would you Like to Infect?\u201d After they revealed that about 80 percent of PCs have firmware vulnerabilities, Apple claimed Macs did not. But Kovah said that\u2019s not true; he told Wired, \u201cIt turns out almost all of the attacks we found on PCs are also applicable to Macs.\u201d In fact, the researchers said five of the six vulnerabilities studied affect Mac firmware.<\/p>\n<p>Firmware runs when you first boot a machine; it launches the operating system. For Apple computers, the firmware is called the extensible firmware interface (EFI). Most people believe Apple products are superior when it comes to security, but the researchers want to \u201cmake it clear that any time you hear about EFI firmware attacks, it\u2019s pretty much all x86 [computers].\u201d Attackers need only a few seconds to remotely infect Mac firmware. Macs infected with Thunderstrike 2 would remain infected even if a user were to wipe the hard drive and reinstall the OS, as that doesn\u2019t fix a firmware infection.<\/p>\n<p>Read More: <a href=\"http:\/\/www.pcworld.com\/article\/2955707\/security\/macs-can-be-remotely-infected-with-firmware-malware-that-remains-after-reformatting.html\" target=\"_blank\">Macs can be remotely infected with firmware malware that remains after reformatting | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When companies claim their products are unhackable or invulnerable, it must be like waving a red flag in front of [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[2],"tags":[638,655],"class_list":["post-8511","post","type-post","status-publish","format-standard","hentry","category-apple","tag-mac","tag-malware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-2dh","jetpack-related-posts":[{"id":6169,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/04\/researchers-uncover-fundamental-usb-security-flaw-no-fix-in-sight\/","url_meta":{"origin":8511,"position":0},"title":"Researchers uncover fundamental USB security flaw, no fix in sight","author":"NCCT","date":"August 4, 2014","format":false,"excerpt":"A pair of security researchers from SR Labs have uncovered a fundamental flaw in the way USB devices work. It affects every single USB device out there and worse yet, there's no line of defense short of prohibiting USB stick sharing or filling your USB ports with superglue. The flaw\u2026","rel":"","context":"In &quot;Hardware&quot;","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6466,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/09\/24\/apple-releases-icloud-drive-for-windows-mac-users-have-to-wait-until-yosemite-is-out\/","url_meta":{"origin":8511,"position":1},"title":"Apple releases iCloud Drive for Windows, Mac users have to wait until Yosemite is out","author":"NCCT","date":"September 24, 2014","format":false,"excerpt":"Apple started rolling a revamped version of iCloud this week with the arrival of iOS 8. Dubbed iCloud Drive, the cloud storage service is now more akin to Dropbox and Google Drive in that you can actually access and store stuff through a file system. But while iPhone users who\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8004,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/10\/latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root\/","url_meta":{"origin":8511,"position":2},"title":"Latest version of OS X closes Backdoor-like bug that gives attackers root","author":"NCCT","date":"April 10, 2015","format":false,"excerpt":"For at least four years, a bug in Apple's OS X gave untrusted users\u2014and possibly remote hackers with only limited control of their target\u2014unfettered \"root\" privileges over Macs. The vulnerability is being called a \"hidden backdoor\" by Emil Kvarnhammar, the security researcher who discovered the bug and privately reported it\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=525%2C300 1.5x"},"classes":[]},{"id":9148,"url":"https:\/\/nccomputertech.com\/techtalk\/2017\/04\/16\/this-week-in-tech-610-zombie-shopping-malls\/","url_meta":{"origin":8511,"position":3},"title":"This Week in Tech 610: Zombie Shopping Malls","author":"NCCT","date":"April 16, 2017","format":false,"excerpt":"https:\/\/www.youtube.com\/watch?feature=player_detailpage&v=uUz9eOtDBhc United \"overbooking\": what's the real story? A murder streamed on Facebook Live. Apple sues Qualcomm, Qualcom sues Apple right back. Windows 10 Creators Update is here - are you excited for 3D Paint? The internet Archive emulates early Macs. Princeton creates an unblockable ad blocker. Nintendo stops selling the\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/uUz9eOtDBhc\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9430,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/05\/the-prosecco-experience-this-week-in-tech-691\/","url_meta":{"origin":8511,"position":4},"title":"The Prosecco Experience &#8211; This Week in Tech 691","author":"NCCT","date":"November 5, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9Pm9vDm1-sg Apple\u2019s new Macs and iPads, CIA\u2019s not-so-secret websites, Twitter voter suppression, and more. -- Apple announces new MacBook Air and Mac Mini, then blows them both away with its new iPad Pro. -- Apple will no longer tell us how many iPhones it sells. -- How to kill an\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9Pm9vDm1-sg\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3213,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/20\/researchers-manage-to-get-malware-published-in-apples-ios-app-store\/","url_meta":{"origin":8511,"position":5},"title":"Researchers manage to get malware published in Apple&#039;s iOS App Store","author":"NCCT","date":"August 20, 2013","format":false,"excerpt":"While the posting of malware remains a rare occurrence on Apple's iOS App Store, a team of security researchers figured out a way to get a malicious piece of software past Apple's certification team. The team from Georgia Tech said that the app was approved and published by Apple in\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8511"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8511\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}