Business IT
  • Home
  • News
  • Hardware

Thunderstrike 2: A new worm that can kill your Apple MacBook

By a Staff Writer on Aug 5, 2015 3:38PM
Thunderstrike 2: A new worm that can kill your Apple MacBook

Editor's Picks

Building a modern workplace for a remote workforce

Right to repair: Large scale IT buyers can influence product design... and they should

Five minimum features needed in your choice of a business laptop

Venom BlackBook Zero 15 Phantom

The worm works by hiding on infected peripherals, and can even infect Macs not connected to the internet

Security researchers have created a worm specifically for OS X, and it has the potential to infect every Apple computer. Dubbed Thunderstrike 2 by its creators – Xeno Kovah and Corey Kallenberg of LegbaCore and Trammell Hudson of Two Sigma Investments – the worm exploits a vulnerability in OS X, and can even affect machines not connected to the internet. Once installed, Thunderstrike 2 is virtually undetectable and there's no easy way to remove it.

The security researchers are expected to unveil their method of hacking this Thursday, at a Black Hat conference in Las Vegas.

What is Thunderstrike 2?

Thunderstrike 2 is the latest worm created by the research team, and starts its life on infected Thunderbolt peripherals. After being connected to an Apple machine, Thunderstrike 2 uses a vulnerability to write itself into the computer's firmware. At this point, the worm exists "below" the area used by traditional worms, as it's embedded into a computer's BIOS rather than its operating system.

As a result, it's almost impossible to detect – or remove. Even worse, the worm is able to copy itself to any other peripherals used by an infected machine, so it can easily be transmitted to other computers.

Thunderstrike 2 can usually write itself into a computer's BIOS immediately, but in several instances it must wait until the machine is restarted.

A new type of hacking

One of the most worrying things about Thunderstrike 2 is its ability to affect offline Macs. By infecting Thunderbolt hard drives, USB sticks, Ethernet adapters or anything else that could be connected to your Apple Mac, Thunderstrike 2 could infect machines that have never been used on the internet.

The makers of the worm believe it opens up an entirely new method of hacking, and one that manufacturers and consumers still aren't prepared for. For example, hackers could distribute infected devices using eBay stores, and quickly gain access to thousands of Macs.

“People are unaware that these small cheap devices can actually infect their firmware,” Kovah explained to Wired. “You could get a worm started all around the world that's spreading very low and slow. If people don't have awareness that attacks can be happening at this level then they're going to have their guard down and an attack will be able to completely subvert their system.”

How do you remove Thunderstrike 2?

Thanks to its ability to infect a computer's firmware, Thunderstrike 2 cannot be detected by an operating system. As a result, the security team say the only way to remove the worm would be to reflash the hard drive.

Is there a fix for Thunderstrike 2?

According to a blog post by one of the researchers, the issue was partially fixed by an Apple patch last month. However, OS X is still vulnerable to the hack, and Apple is working with the researchers to fix the issue.

This article originally appeared at alphr.com

Newsletter Signup

Get the latest business tech news, reviews and guides delivered to your inbox.

I have read and accept the privacy policy and terms and conditions and by submitting my email address I agree to receive the Business IT newsletter and receive special offers on behalf of Business IT, nextmedia and its valued partners. We will not share your details with third parties.
Copyright © Alphr, Dennis Publishing
Tags:
apple apple computer hardware sigma investments thunderstrike 2 xeno kovah
By a Staff Writer
Aug 5 2015
3:38PM
0 Comments

Related Articles

  • Rise of the Chromebooks continues: IDC, Canalys
  • The dangers of Apple AirTags and how to ensure you are not being tracked
  • Five minimum features needed in your choice of a business laptop
  • Don't miss Australia’s premiere IoT Conference on 9th June
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Right to repair: Large scale IT buyers can influence product design... and they should

Right to repair: Large scale IT buyers can influence product design... and they should

IoT Explained: What is the Internet of Things in Australia (June 2022)

IoT Explained: What is the Internet of Things in Australia (June 2022)

Building a modern workplace for a remote workforce

Building a modern workplace for a remote workforce

Five minimum features needed in your choice of a business laptop

Five minimum features needed in your choice of a business laptop

Poll

What would you like to see more of on BiT?
News
Reviews
Features
How To's
Lollies
Photo Galleries
Videos
Opinion
View poll archive
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.