Quantcast
Monday , August 21 2017
Breaking News
Home / Science & Technology / Apple Security investigators declare Thunderbolt interface insecure for MacBook
Apple Security investigators declare Thunderbolt interface insecure for MacBook

Apple Security investigators declare Thunderbolt interface insecure for MacBook

NEW YORK: Apple administrators are learning that assailants have the capacity to hit MacBook computers with highly proficient boot root kits by connecting a malicious device to any MacBook computer via Thunderbolt interface.
This new attack, which is being called “Thunderstrike,” will install malicious code in a MacBook’s boot ROM (the ‘read-only-memory’), stored in one chip on the motherboard. This vulnerability was engineered by a security researched by the name of Trammell Hudson based on an existing vulnerability from two years ago. He will demonstrate how this works next week, at the 31st Chaos Communication Congress in Hamburg.
“It is possible to use a Thunderbolt Option ROM to circumvent the cryptographic signature checks in Apple’s EFI firmware update routines,” explains Hudson in a description of his presentation. “This allows an attacker with physical access to the machine to write untrusted code of the SPI flash ROM on the motherboard and creates a new class of firmware bootkits for the MacBook systems.”