Apple preparing fix for Thunderstrike malware in upcoming OS X 10.10.2 release
It's long been said, both by Apple and independent security experts, that Apple's computers are more secure than those running Windows. That does not mean, however, that Macs are invulnerable to malware threats.
One particularly terrifying example is called Thunderstrike. It allows a malicious actor to replace the firmware in Macs with something much more nefarious. The firmware controls extremely low-level functions of the computer, everything that happens from the moment the power button is pressed.
On a Macintosh, it's normally completely invisible to the user -- part of Apple's quest to keep things simple. And, as long as everything works, it's not a big deal.
Thunderstrike allows someone to use a Thunderbolt device, perhaps something as simple as a Thunderbolt-to-HDMI dongle, to reboot the computer and replace its firmware with custom designed backdoors. It could, in theory, completely bypass any existing protections on the computer. It would also survive reformatting of the hard drive and reinstallation of the OS X operating system, because it would be installed at the very lowest levels of the computer. Ars Technica has much more on exactly how it works.
It only requires brief physical access to the machine, say from someone posing as a hotel maid or a customs agent inspecting a computer at a border crossing, to plug in the compromised Thunderbolt attachment and restart the computer.
Without a fix from Apple, the only viable protection was to either permanently disable Thunderbolt entirely (not easy, since you'd need to do bad things to the main logic board) or keep ironclad control of your Mac at all times. Those really aren't the greatest options.
Apple has already rolled out temporary fixes to the Retina 5K iMac and new Mac Mini, which was introduced late last year. According to iMore, a more permanent solution is coming in OS X Yosemite 10.10.2, and it's expected to be released soon.
"To secure against Thunderstrike, Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again. According to people with access to the latest beta of OS X 10.10.2 who are familiar with Thunderstrike and how it works, that's exactly the deep, layered process that's been completed."
Luckily, no malicious versions of Thunderstrike have been discovered in the wild, but given the disclosures of US intelligence activities that have come from Edward Snowden, it wouldn't be surprising for the NSA to be examining the vulnerability for potential intelligence uses.
It's a good reminder that just because we use Apple products, that doesn't mean we're immune from security concerns -- and it's always a good idea to make sure you're running the latest versions of Apple's operating systems on all your devices.
How do you protect your Apple products from potential security vulnerabilities? Let us know in the comments below.
