August 18, 2015

Apple devices have long been known to be secure against virus and malware attacks. However, a team of security researchers have claimed to discover the first firmware worm, Thunderstrike 2 that can spread between different Mac computers without any internet connection. The recently discovered firmware attack has been known to be a sequel to Thunderstrike, a proof-of-concept MAC vulnerability found earlier this year.

Thunderstrike 2 virus has been created by a security engineer, Trammell Hudson and Xeno Kovah, owner of a firmware security consultancy LegbaCore. The virus infects Mac computers at the firmware level, which makes it resistant to security and software updates.

How Thunderstrike 2 Works?

Unlike the initial version of the virus, Thunderstrike 2 can infect a Mac computer undetectably through a malicious email or website and hides inside the firmware. Once the system is infected, the virus can easily replicate itself to other Macs by way of several peripheral devices such as Apple Thunderbolt connected to the USB or Ethernet port, RAID controllers, external hard drives etc. The virus is capable of targeting air-gapped systems that are difficult to infect through active network connections.

According to Xeno Kovah, “The Thunderstrike 2 attack is really hard to detect and it can be difficult for the users to safeguard their Mac computers against a virus operating at the firmware level. For most users, the situation might even make the users dispense with their systems as they do not have the wherewithal to physically open up the system and re-encode the firmware chip.”

Adding further, he states, “People are not aware that these small peripheral devices actually have the potential to infect their firmware. A worm started from another corner of the world and spreading very low and slow can easily get into their systems. If they are unaware about the security threats present at this level, they are more likely to get the virus that can completely sabotage their system.”

How To Remove The Virus?

According to the security researchers, the virus can only be removed at the hardware level of the Mac computers, which makes the entire process quite complex. Apple has already been notified about the firmware virus and the company has not yet fixed the vulnerabilities than can allow similar types of attacks on Macs.

For the meantime, the users are advised not to click on links, download files or install plugins from unreliable sources.