Apple MacBook Pro computers with Retina displays stand at a table at a Gravis Apple retailer on November 6, 2012 in Berlin, Germany
Apple MacBook Pro computers with Retina displays stand at a table at a Gravis Apple retailer on November 6, 2012 in Berlin, Germany

Apple bug Thunderstrike 2 leaves Macs vulnerable to worm, could give hackers control of computers and go entirely undetected

Apple's MacBooks and iMacs could be infected with the attack — and their users would never know

Andrew Griffin@_andrew_griffin
Tuesday 04 August 2015 16:19

Security researchers have found a vulnerability that would let them take control of Apple’s Mac computers and spread to other computers.

Apple’s computers have long been said to be much more secure than PCs, and for a long time were advertised as not being able to get viruses. But the researchers claim to have created the first attack that would be able to spread from computer to computer, taking control of them as they go.

The worm is known as Thunderstrike 2 — the sequel to another, similar, Mac attack that could infect a computer by plugging in an infected accessory and was patched up soon after it was made public. But the new worm doesn’t require physical access to the computer to work, and can be spread through a bad link, which could be sent through a harmless looking email.

The attack works by attacking the firmware that is the most basic software in the computer, powering its different parts and allowing them to talk to each other. Apple’s firmware was long considered to be safe from attacks, because the company keeps its products so locked down, but researchers claim that the new attack works by exploiting its vulnerabilities.

Hacks that exploit firmware are considered particularly dangerous because they are especially hard to find —because security software meant to find it doesn’t scan firmware — and then get rid of. It would also be hard for Apple to protect against, according to the researchers, and extra difficult to get rid of once it happens because users would have to reset the whole chip.

That would mean that the attack would likely sit forever on the chip once it was installed, giving hackers lasting control over the device.

“[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” Xeno Kovah, one of the researchers who designed the worm, told Wired. “For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”

The security researchers who found the vulnerabilities hope to show them at security conferences this year.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments