New firmware worm goes after Apple vulnerabilities

Attack impacts "software-only firmware attacks that also affect PC systems"
By Erin McCann
11:13 AM
Treating computer virus

A pair of IT security researchers have successfully designed a worm that will break into a Mac's operating system, widely considered more impenetrable than its PC counterpart. And there are huge implications for the healthcare industry.

PCs may be the preferred and most prevalent choice among health IT folks, but the lion's share of physicians -- nearly 80 percent in fact -- are tapping iOS for digital health. So the fact that IT security experts Xeno Kovah, co-founder of IT security consulting firm LegbaCore, and computer programmer Trammell Hudson, created a bug exploiting the "Thunderstrike vulnerability" that can break into a Mac, may have some big significance down the road for mHealth security and patient data.

The bug exploits a "significant" Apple EFI firmware vulnerability, they explained, "that allows untrusted code to be written to the boot ROM and can resist attempts to remove it."

As Kovah told Wired Aug. 3, the type of attack "is really hard to detect; it's really hard to get rid of, and it's really hard to protect against something that's running inside the firmware." When something like this occurs, he explained, "for most users that's really a throw-your-machine away kind of situation."

Kovah and Hudson will be presenting at Black Hat 2015 detailing how the Thunderstrike2 "firmworm" works on Apple's operating system. Contrary to traditional attacks against Mac firmware, which necessitate physical presence to initiate, this attack impacts "software only firmware attacks that also affect PC systems." 

Want to know exactly how Thunderstrike 2 works? Check out LegbaCore's YouTube video for a preview.