For many years, two major computer operating systems have been considered to be more secure than Microsoft’s Windows. Both Mac OS and Linux have been less plagued by viruses, worms, trojan horses, and all kinds of malicious software, even though the number of threats against Linux systems is on the rise. But now it seems like even Mac OS is not as secure as many people would like to think.
First Firmware Worm for Mac Arrives
One of the main reasons why Mac OS has been so secure is Apple’s “legendary” security integration. Many developers, engineers, and white-hat hackers have attempted to break through this security in order to expose vulnerabilities in the Macintosh operating system, to no avail.
However, it looks like Mac OS’ security is not as impregnable as security experts assumed, as the first firmware worm for Mac has been announced by a team of white-hat hackers. Similar to other operating systems, this “Thunderstrike 2” attack can be delivered through phishing emails or even executed from a peripheral device like USB sticks or ethernet adapters.
It has to be said, though, the development of this firmware worm for Mac packs quite a punch. Additional machines not connected to the network can become infected as well, due to this worm targeting a machine’s option ROM, and by living in the machine’s peripherals ROM. Any peripheral device used on an infected machine can help distribute the firmware worm to an additional device, regardless of network connection to the infected host.
To make matters even worse, getting rid of this Mac firmware worm is not as easy as one might think. The only available option is to manually reflash the ROM chip. That is, assuming the end user figures out they are infected, as the worm remains undetectable for any existing security software available today.
Xeno Kovah, one of the white-hat hackers responsible for creating the firmware worm, explained:
“Let’s say you’re running a uranium refining centrifuge plant and you don’t have it connected to any networks, but people bring laptops into it and perhaps they share Ethernet adapters or external SSDs to bring data in and out. Those SSDs have option ROMs that could potentially carry this sort of infection. Perhaps because it’s a secure environment they don’t use WiFi, so they have Ethernet adapters. Those adapters also have option ROMs that can carry this malicious firm.”
Bitcoin Implications Could be Dire
At this point, it remains unclear as to what the exact capabilities of this Thunderstrike 2 attack are in terms of accessing sensitive data. However, the more worrying part is that if a small team of white-hat hackers can bypass Apple’s security measures, who knows what else will be developed by people genuinely trying to harm Macintosh computers.
Firmware hacking is nothing new these days, as various governments around the world are exploring this “market” as we speak. On top of that, there are vast underground communities of black-hat hackers who enjoy nothing more than wreaking havoc on computer systems of unsuspecting users.
In terms of Bitcoin users being affected, Macintosh is no longer the most secure operating system in the world for storing Bitcoins. Now that the major three systems — Linux, Windows and Macintosh — are clearly vulnerable to worms and god knows what else, Bitcoin’s security becomes even more important that it was before.
What are your thoughts on this firmware worm for Macintosh and its potential implications? Let us know in the comments below!
Images courtesy of Apple and Shutterstock