24 Dec 2014 at 00:53, Darren Pauli
Researcher Trammel Hudson has developed a means to foist a new class of bootkits onto Macs, using Thunderbolt devices using a form of USB 'evil maid' attacks.
Hudson will present the finding at the upcoming Chaos Communications Congress in Germany next week and said the attacks are easy to perform using the Thunderbolt ports and would persist across reboots.
The bootkit would also survive reinstallation of operating systems and replacement of hard drives.
"Once installed, it can prevent software attempts to remove it and could spread virally across air-gaps by infecting additional Thunderbolt devices," Hudson said in the synopsis of his talk.
"It is possible to use a Thunderbolt Option ROM to circumvent the cryptographic signature checks in Apple's EFI firmware update routines.
full article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.