Two researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of Macs, claims Wired (http://tinyurl.com/nmkesyl).
What’s more, the article says that researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.
“[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,”says Xeno Kovah, one of the researchers who designed the worm, told Wired. “For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”
The Mac firmware research was conducted by Kovah, owner of LegbaCore, a firmware security consultancy, and Trammell Hudson, a security engineer with Two Sigma Investments. They’ll be discussing their findings on August 6 at the Black Hat security conference in Las Vegas.