Computer Worm Could Harm your Apple without Your Knowledge

News.vice. com published news on 5th August, 2015 quoting a warning of creators of the worm as "there is a new kind of computer worm which can break into Apple systems without being detected."

Security researchers Xeno Kovah and Corey Kallenberg developed the worm, known as Thunderstrike 2, to raise knowledge about security flaws of Apple.

Thunderstrike 2 is very deceptive as it can swell between computers which are not connected on the matching network. To distribute the worm, a cybercriminal must first damage the firmware on a Macintosh by sending malware through a link or a phishing email. The malware could be preset to taint the firmware of anything which is plugged into the system like an Ethernet adapter and if that adapter is plugged into another system then the malware would widen. Whenever the second machine is switched on, the worm would stretch to its firmware and become not detectable.

Wired.com published news on 3rd August, 2015 quoting Kovah as saying "This attack is really difficult to detect and it is also really difficult to get rid of it and equally tough to protect against something that is running inside the firmware. It becomes actually a throw-your-machine-away sort of situation for most of the users. Most people and organisations don't have the ability to physically open their machines and reprogram the chip electrically."

Kovah compares Thunderstrike 2 with the spreading of Stuxnet to Iran's uranium enrichment plant at Natanz through infected USB sticks few years ago.

Expertise and financial resources are required to execute which make firmware attacks exceptionally complex to pull off. In February 2015, security researchers of security firm Kaspersky revealed a firmware attack which was developed and executed by a nation-state actor namely Equation Group.

Interestingly, Thunderstrike 2 is quite deceptively named after the original Thunderstrike virus which was shown off at the Chaos Computer Congress in Germany early this year.

As a consequence, Thunderstrike targeted Mac firmware and could not be detected. However, original virus required physical access to the machine through Thunderbolt peripherals while Thunderstrike 2 can also be delivered remotely. Apple recognized Thunderstrike six months ago and addressed the vulnerabilities and hence there is much hope of patching the new vulnerabilities which Thunderstrike 2 targets also.

» SPAMfighter News - 8/18/2015