Thunderstrike 2: Prepare For A Thunderstorm

Thunderstrike 2Are you a Mac user who doesn’t think they need anti-virus? Think again.

Thunderstrike 2 should give you some doubts. It’s a worm created by Xeno Kovah and Trammell Hudson, security researchers from LegbaCore and Two Sigma Investments, that uses an exploit in your Mac’s firmware.

“The attack is really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” Kovah told Wired.

“For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically program the chip.”

During the process of creating Thunerstrike 2, the pair also discovered five other bugs that exist in Dell, HP, Lenovo and Samsung computers. These also cause vulnerabilities in Mac systems.

“People hear about attacks on PCs and they assume that Apple firmware is better,” Kovah said. “So we’re trying to make it clear that any time you hear about EFI firmware attacks, it’s pretty much all x86 computers.”

The pair has contacted Apple about their discovery. Apple has already released one patch and they’re in the process of creating a second. So far, nothing has been released about the other three remaining.

Hopefully, the creation of Thunderstrike 2 will be the wake-up call that many Mac users need. Despite popular belief, Mac systems are not bulletproof or secure against all attack and vulnerabilities.

(Image Source: iCLIPART)