First Firmware Worm Attacks Apple Mac

Posted: Aug 3 2015, 10:59am CDT | by , in Report | Apple


First Firmware Worm attacks Apple Mac

Researchers developed the first firmware worm named Thunderstrike 2.

Wired magazine is on mission to scare the world with security vulnerabilities lately. First they show us how hackers remotely take over a Jeep Cherokee and then how hackers take control over a sniper rifle.

Now Wired says our beloved and supposedly save Apple Mac computers are under attack. Kim Zetter reports that two researchers found that Apple's firmware has similar vulnerability as PC firmware.

To proof it, they built the first Mac firmware worm that we know of. The worm is capable to spread automatically from MacBook to MacBook. It does not require that them to be networked.

“The attack is really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” says Xeno Kovah, one of the researchers who designed the worm. “For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”

Firmware attacks are a favorite with the NSA. 

The Apple Mac firmware worm research was conducted by Kovah, owner of LegbaCore, a firmware security consultancy, and Trammell Hudson, a security engineer with Two Sigma Investments. The findings of the Thunderstrike 2 firmworm will be presented at the Black Hat security conference in Las Vegas on August 6.

I assume Apple security engineers have already booked flights to Vegas.

This story may contain affiliate links.


The Author

<a href="/latest_stories/all/all/2" rel="author">Luigi Lugmayr</a>
Luigi Lugmayr () is the founding chief Editor of I4U News and brings over 15 years experience in the technology field to the ever evolving and exciting world of gadgets. He started I4U News back in 2000 and evolved it into vibrant technology magazine.
Luigi can be contacted directly at




comments powered by Disqus