Stealth Worm Infects Mac Computers Via Email, Websites, Accessories, Lets Hackers Take Over
SAN FRANCISCO (CBS SF) -- Mac owners may think their computers are invincible when it comes to viruses but they are not. Researchers have designed a worm that can attack and infect Mac computers, simply from opening a phishing email, visiting a malicious web site or using an infected accessory. Hackers can take control of infected computers and go completely undetected.
The firmware worm was dubbed Thunderstrike 2 by its creators and presented to Wired. It lives inside the firmware of the computer, so security software can't find it and wiping the hard drive won't eradicate it. An infected Ethernet adapter will automatically spread it from one computer to another.
"[The attack is] really hard to detect, it's really hard to get rid of, and it's really hard to protect against something that's running inside the firmware," Xeno Kovah, one of the researchers who designed the worm, told Wired. "For most users that's really a throw-your-machine-away kind of situation. Most people and organizations don't have the wherewithal to physically open up their machine and electrically reprogram the chip."
Kovah described a nuclear doomsday scenario in which hackers could gain control of a uranium refining centrifuge plant where workers bring their laptops and plug in using infected Ethernet adapters and external hard drives. This hasn't happened, but firmware security consultants believe it could.
"People are unaware that these small cheap devices can actually infect their firmware," said Kovah. "You could get a worm started all around the world that's spreading very low and slow. If people don't have awareness that attacks can be happening at this level then they're going to have their guard down and an attack will be able to completely subvert their system."
Kovah said Dell and Lenovo have been working to remove vulnerabilities from their firmware. "Most other vendors, including Apple as we are showing here, have not. We use our research to help raise awareness of firmware attacks, and show customers that they need to hold their vendors accountable for better firmware security."
CBSSF.com writer, producer Jan Mabry is also executive producer and host of The Bronze Report. She lives in Northern California. Follow her on Twitter @janmabr.
