Thunderstrike MacBook malware attacks computers via Thunderbolt port

The Thunderstrike malware goes undetected in the system and sits inside the ROM

MacBook users are being warned about a new piece of malware dubbed Thunderstrike that can infect their devices using the Thunderbolt port.

US-based online security expert Trammell Hudson revealed the security hole at the Chaos Computer Congress (CCC) in Germany.

The rootkit malware can be loaded and installed onto the computer using Thunderbolt-enabled devices, writing custom code to a MacBook's boot ROM. It can also easily be transferred between machines using the port.

Hudson explained how sitting inside the computer's ROM, rather than the hard drive, means it can go undetected, allowing hackers access to a computer's confidential files without the user knowing. 

He said: "For an attacker with sufficient Option ROM space, the job is done: put your payload in the device's ROM, pass a pointer to it to process firmware volume and it will be flashed for you.

"Option ROMs can circumvent flash security by triggering recovery mode boots with signed firmware and causing the untrusted code to be written to the ROM. And the attacker now controls the signing keys on future firmware updates, preventing any software attempts to remove them."

Although previous research into how malware can be used on Macs demonstrates the computer is more likely to be rendered useless when the ROM is rewritten using software, Hudson discovered this isn't the case with Thunderstrike. It could allow hackers to embed new codes to make it behave differently.

"Since it is the first OS X firmware bootkit, there is nothing currently scanning for its presence. It controls the system from the very first instruction, which allows it to log keystrokes, including disk encryption keys, place backdoors into the OS X kernel and bypass firmware passwords," Hudson said.

Apple is reportedly issuing a partial fix for the security hole, which will be rolled out as a firmware update.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

IT security awareness and training firm KnowBe4 acquires MediaPRO
Acquisition

IT security awareness and training firm KnowBe4 acquires MediaPRO

3 Mar 2021
High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

3 Mar 2021
Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021