Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

February 2, 2015

Apple malware ‘undetectable and unremoveable’

If you thought Apple devices were incapable of falling prey to cyber criminals, then think again. A security expert has unearthed a particularly dangerous vulnerability.

A new piece of malware called Thunderstrike poses a threat to Apple laptops, as it is almost impossible to detect and cannot be removed, even if the hard disk is replaced.

Discovered by security expert Trammell Hudson, who works for Two Sigma Investments, the attack could allow cyber-criminals to gain access to people’s confidential information. Mr Hudson found out about the weakness when his employer asked him to investigate the security of Apple laptops.

He first dismantled an Apple laptop in order to gain access to the boot ROM. This tiny chip contains a code which allows the computer to start up before the operating system is loaded. Malicious code can be hidden in this chip and cannot be removed, unlike a normal virus which lives on the hard drive. This code can be manipulated to do whatever the attacker wants and is known as a bootkit attack.

Previous researchers found that changing the code within the ROM usually just results in an Apple laptop becoming unusable, as the computer’s sophisticated security system is able to detect alterations, and subsequently shuts them down. However, Mr Hudson was able to bypass these checks and stated that anyone who can access the contents of a ROM can do the same. He suggested that Apple uses a hardware chip that cannot be changed to perform the checks instead.

Mr Hudson also discovered that the attack can be conducted without even taking the machine apart. Almost any device could be infected with the malicious code using the Thunderbolt port. All the attacker would have to do is plug it in and follow the step-by-step instructions. However, they would still need to gain physical access to the device.

Meanwhile, Apple noted it has already come up with a temporary solution for the security issue.

Do you have a Mobile Device Security policy, or a Bring Your Own Device (BYOD) plan - Would they for instance, address this vulnerability? We are always happy to advise and share our experience and ideas. Please just drop us a call or an email.