- #Macos malware runonly avoid detection for movie
- #Macos malware runonly avoid detection for update
- #Macos malware runonly avoid detection for full
- #Macos malware runonly avoid detection for code
Hudson, together with two other researchers named Xeno Kovah and Corey Kallenberg, have figured out Thunderstrike 2, which they’ll be showing off at Black Hat USA 2015 and Def Con, two security events taking place back-to-back this week in Las Vegas. Unfortunately, it seems that Apple didn’t close all the doors. One door closes, another one opensĪpple introduced security patches in OS X 10.10.2, released at the end of January 2015, in an attempt to shut off the Thunderstrike hole. Thus the name Thunderstrike – an infected Thunderbolt device, such as Apple’s own readily-available Ethernet Adaptor, could be used as a vector for unauthorised firmware updates. Trying to restore Apple’s official firmware would fail.
#Macos malware runonly avoid detection for update
Worse still, he could change the cryptographic key stored in the firmware.įrom then on, the usual firmware update process would only accept firmware images that Hudson himself had created and signed.
Once the firmware had booted up, it enabled various hardware lockout mechanisms so that from OS X, or any other operating system, you couldn’t change anything. The cryptographic key used to verify the digital signature was stored, of course, in the firmware.
#Macos malware runonly avoid detection for code
Digital signaturesĪpple and many other motherboard manufacturers eventually went one step further, and organised things so that the firmware chip could only be updated by code already contained in the firmware.įor additional security (and control), firmware updates would only go ahead if the new firmware version was digitally signed by the motherboard vendor. In other words, only by using special hardware configuration settings could the firmware be updated, which prevented accidental overwrites. (They’re still commonly called “Boot ROMs,” but they are no longer truly read-only.)
#Macos malware runonly avoid detection for full
To fix bugs, you had to extract the chip and replace it with a new one – a troublesome task on a single computer, let alone in an office full of them.įor convenience, therefore, Boot ROMs were ultimately replaced by Flash chips that were usually write-protected, but could be rewritten under controlled conditions. So, Boot ROMs couldn’t be infected with malicious code, which was very handy but they couldn’t be updated or patched, either. In the early days, computer firmware was stored in a special Boot ROM chip – a read-only memory device that was programmed in the factory, plugged into your computer, and remained forever unmodified and unmodifiable. To explain: the firmware is a sort-of hardware-level operating system, stored in a special chip on the motherboard, that prepares your computer for running a regular operating system such as OS X or Windows. The sequel builds on work reported at the start of 2015 that used security holes in the firmware on your Mac to inject malicious code into the very earliest part of the boot process, where it can run long before OS X itself.
#Macos malware runonly avoid detection for movie
– Thunderstrike courtesy of Shutterstock –Īnd like your favourite movie sequel, it’s called Thunderstrike 2.
0 kommentar(er)
