It was only a matter of time before these idiots decided to turn their attentions to Apple products.

It was only a matter of time before these idiots decided to turn their attentions to Apple products.

It's a matter of how much you can get out of hacking a mac. Put macs in the right places, or in abundant numbers, and you have a valid because profitable target for people programming such rootkits or whatever.

It was only a matter of time before these idiots decided to turn their attentions to Apple products.

Simple fix is don't use the thunderbolt port

What about TB ports on non-Apple branded PCs?

It was only a matter of time before these idiots decided to turn their attentions to Apple products.

"Security Researchers" are always looking for security flaws in Apple products. It's nothing new. It's just rare that we ever hear anything about it.

TB will die silently, just like FireWire.

It's a matter of how much you can get out of hacking a mac. Put macs in the right places, or in abundant numbers, and you have a valid because profitable target for people programming such rootkits or whatever.

What many of you don't realize is Mac is naturally malware-resistant due to it's Unix structure. Even if Mac were the most popular OS, it would still be infected less often than Windows. Look at smartphones - devices that are GREAT to steal information from or destroy from the inside-out. Yet phone malware is rare enough that you almost never need something to scan them. This is also because of the unix-like design. There are and have been enough Mac users to target, and with Google's ads being user-specific, it becomes that much easier to target them. Anyway, what I personally don't understand is why Thunderbolt in particular is needed for this? Assuming the way it works is through an external HDD over thunderbolt, why couldn't you say the same about a USB HDD that happens to have boot priority before the Mac HDD? I'm not familiar with the boot process of a real Mac so maybe it isn't common for USB HDDs to boot first. Also, I find it VERY hard to believe this problem can't be fixed. I've had BIOS viruses in the past that I managed to fix.

Anyway, what I personally don't understand is why Thunderbolt in particular is needed for this? Assuming the way it works is through an external HDD over thunderbolt, why couldn't you say the same about a USB HDD that happens to have boot priority before the Mac HDD? I'm not familiar with the boot process of a real Mac so maybe it isn't common for USB HDDs to boot first. Also, I find it VERY hard to believe this problem can't be fixed. I've had BIOS viruses in the past that I managed to fix.

Thunderbolt exposes PCIe lanes directly to external devices. At boot the system queries PCIe devices to see if they have any device-specific code (OPROM) that needs to be run. You've likely seen the results of this when booting a PC if your system has a Marvell RAID controller on board. The RAID controller has an OPROM that displays the Marvell splash screen showing the connected drives and tells you to press some keys to configure the RAID. USB doesn't expose PCIe lanes to external devices and the system handles USB devices differently at boot. This same hack couldn't be done by plugging in an infected flash drive because this relies on communicating directly through PCIe rather than through a USB controller.

Thunderbolt exposes PCIe lanes directly to external devices. At boot the system queries PCIe devices to see if they have any device-specific code (OPROM) that needs to be run. You've likely seen the results of this when booting a PC if your system has a Marvell RAID controller on board. The RAID controller has an OPROM that displays the Marvell splash screen showing the connected drives and tells you to press some keys to configure the RAID. USB doesn't expose PCIe lanes to external devices and the system handles USB devices differently at boot. This same hack couldn't be done by plugging in an infected flash drive because this relies on communicating directly through PCIe rather than through a USB controller.

What you said makes sense, but, you can still infect/alter a low-level OPROM/EEPROM/CMOS through an OS, such as a bootable USB. I guess through thunderbolt, it would be a little easier to accomplish.

What you said makes sense, but, you can still infect/alter a low-level OPROM/EEPROM/CMOS through an OS, such as a bootable USB. I guess through thunderbolt, it would be a little easier to accomplish.

That's exactly right. USB has this same kind of vulnerability: BadUSB. Essentially, if a USB device supports "Boot Mode" the it's firmware may be compromised to carry attack code. The attack code doesn't reside in the flash memory, it hides in the firmware. When you plug in a compromised USB device then the compromised firmware goes to work wrecking your PC. The good news is that what you need to do to protect yourself is fairly simple: Lock your own USB disks away when you're not using them, keep them (in a lockable drawer, cabinet, etc.) and don't ever use a second-hand USB drive. If someone needs to send you a file then they can dam well send it over the LAN/internet,etc.. If it needs to be done off-network from security reasons then use NFC or WiFi Direct or Bluetooth OBEX or some other peer-to-peer solution. (God knows there's enough of them.) And of course never flash your BIOS from a USB or Thunderbolt device unless you're absolutely certain the device's fireware is clean. Or just flash from a SATA-connected disk (HDD, ODD, SSD, etc). Hell, even a floppy drive will do, but not a USB-connected floppy because we have to assume that those could be compromised too. In the enterprise enviroment that means that the IT guys are going to have to catalogue and test and vet ever single USB and/or Thunderbolt device in the work-space. Oh joy. More work for IT. :banana:

While I'm not saying this is not a big deal, but this is something that is being spread like this because of the name Apple. Things like this have happened before with different products from different companies, and attention was not brought to them as much. Only reason I'm not too worried about it, it would take a lot for someone to actually load a thunderbolt device with this.

In the enterprise enviroment that means that the IT guys are going to have to catalogue and test and vet ever single USB and/or Thunderbolt device in the work-space. Oh joy. More work for IT.

Working in the IT field, it's not as bad as you think. Symantec pretty much does all the detecting for us, and iBoss does the scanning from the internet side.

Things like this have happened before with different products from different companies, and attention was not brought to them as much. Only reason I'm not too worried about it, it would take a lot for someone to actually load a thunderbolt device with this.

If a hacker wants to use social engineering to try this avenue of attack because he thinks it can succeed then he might just try it. That means that you better defend your enterprise just like you defend against any other potential vulnerability. Configure your enterprise so he will think this kind of attack will not succeed. I hear what you're saying; If your enterprise isn't a likely target then you think you can relax. What I'm saying is why expose yourself if you don't have to? That hacker only has to succeed once to put your computers in a world of hurt. Better to have a defence against that than not. 🙂

If a hacker wants to use social engineering to try this avenue of attack because he thinks it can succeed then he might just try it. That means that you better defend your enterprise just like you defend against any other potential vulnerability. Configure your enterprise so he will think this kind of attack will not succeed. I hear what you're saying; If your enterprise isn't a likely target then you think you can relax. What I'm saying is why expose yourself if you don't have to? That hacker only has to succeed once to put your computers in a world of hurt. Better to have a defence against that than not. 🙂

True, but everything has vulnerabilities. Windows has many, Google Chrome has memory leaks galore, Android is an easy target, iOS has a few too. The actual systems that people are are very vulnerable, that's what SEPP(a good one too) is for. Anyone in enterprise IT knows that the last thing you want to do is expose your systems vulnerabilities. Not a perfect system out there. The local school district I work for uses Google hosting for email, and I can't tell you how many times I get notifications on Google Admin about an account being compromised. We usually reset the password, if it's a machine we own we ghost it to a week before the account was compromised just in case anything was downloaded, and we mark the machine to watch.

Actually, this 'virus' CAN be fixed via software, just not re-installing OS X is all. What needs to be done is a firmware flash/update for Thunderbolt; In theory this should work (I can not confirm since I don't have Thunderbolt).