On Time Tech

A New, Undetectable Threat to Your Mac – Understanding the Risks of Thunderstrike

Written by Lance Stone | Jan 14, 2015 6:09:37 PM

Many consumers still assume that Macs are immune to network viruses – this is a common misconception and it’s just not true.

There’s a wide array of malware and viruses out there that can affect Mac computers, and the latest one is an especially huge threat: it’s nearly impossible to detect and remove.

A New Threat

A virus known as Thunderstrike has been discovered by security researcher Trammel Hudson who found that he could replace a MacBook’s Boot ROM by plugging a modified adapter into the laptop’s Thunderbolt port. The Boot ROM is the very first piece of code that runs on a computer when you turn it on, so if it gets replaced by a virus it would be unable to be detected by anti-virus software or virtually any other security features. Currently, there’s nothing in the OS X that can scan for Thunderstrike’s presence.

The bug controls the system from the time it first enters and can log keystrokes, including disc encryption keys, place backdoors into the OS X kernel and bypass firmware passwords. It can affect any MacBook Pro, Air or Retina that has a Thunderbolt port.

Protect Yourself

Apple is trying to develop a fix to prevent criminals from loading viruses into Macs via the Thunderbolt port. Unfortunately, until a fix is found, there’s not a lot consumers can do to protect themselves. There’s no software that can remove it since the bug controls the signing keys and update routines. Likewise, reinstallation of OS X won’t get rid of it, nor will replacing the SSD since there’s nothing stored on the drive.

The best protection possible is to keep an eye on your computer at all times.

Don’t leave your Mac unattached in public places or hotel rooms where someone could get the opportunity to plug a virus-infected adapter into your port. Even with Apple’s fix, your computer isn’t always completely safe. With a bit more effort, someone interested in messing with your computer can take it apart and get access to your boot ROM directly.

Understand the risks facing the sensitive personal and business data stored on your Mac, and keep yourself safe. For more information on Thunderstrike or other security solutions for your technology, contact {company} at {email}, or reach out to us directly by phone at {phone}.