If you read the comments from the beginning, you will see very little "defending" of Apple here. Get off your horse, Sir Maxsix. Apple needs to fix these vulnerabilities, and it's research like this, combined with the public exposure, such as this article, that will pressure them to do that.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
First Firmware Worm Able to Infect Macs Created by Researchers
- Thread starter MacRumors
- Start date
- Sort by reaction score
If you read the comments from the beginning, you will see very little "defending" of Apple here. Get off your horse, Sir Maxsix. Apple needs to fix these vulnerabilities, and it's research like this, combined with the public exposure, such as this article, that will pressure them to do that.
Wish we could see how win 10 stacks up and interesting that Safari didn't make the top vulnerable applications yet isn't it a gateway for stuff like this?
It would be delivered to the first computer as a trojan, and then spread itself as a worm from machine to machine.
Apple can (and has) implemented initial levels protection against such infections, such as Gatekeeper and requiring admin passwords. But it only takes one inept person to run an installer without knowing what it is, infect their computer, a peripheral, and then the worm takes over from there.
Wow, that guy's voice is hard to listen to. Sorry, whoever you are!
First thing that strikes me about this is that it needs to install a driver. Thanks to driver signing security on Yosemite this isn't straight forward. IN other words, this ain't Windows. The only way this could work would be if the exploit turned off driver signing, which would require an admin password prompt... and if you're going to get a root password then you can do any old crap to destroy data without the need for something as sophisticated as this.
Of course, if driver signing is already turned off -- if you use the Continuity hack that originated here, or the old TRIM support hack -- then you could be in trouble. But Apple's already introduced a TRIM enable tool.
EDIT: AH, listening again to that I see that it requires a kernel exploit. This is a bit like somebody saying that they've invented a gadget that can steal your household possessions, but all you need to do first is leave the door unlocked...
First thing that strikes me about this is that it needs to install a driver. Thanks to driver signing security on Yosemite this isn't straight forward. IN other words, this ain't Windows. The only way this could work would be if the exploit turned off driver signing, which would require an admin password prompt... and if you're going to get a root password then you can do any old crap to destroy data without the need for something as sophisticated as this.
Of course, if driver signing is already turned off -- if you use the Continuity hack that originated here, or the old TRIM support hack -- then you could be in trouble. But Apple's already introduced a TRIM enable tool.
EDIT: AH, listening again to that I see that it requires a kernel exploit. This is a bit like somebody saying that they've invented a gadget that can steal your household possessions, but all you need to do first is leave the door unlocked...
You know what they say about "assumptions" ...
Why are you making a personal attack?
Have you failed to read the forum rules?
Respectfully...before you assume that you know exactly what I had in mind, look in the mirror and check yourself. I was offering a comment based on a big picture view of many defenders, at no time did I reference it strictly to the article or this thread. And yes I _always_ read the post I'm responding to, thank you.
No, there was a time when the Mac was just not worth infecting. One of the very first viruses (called "Elk Cloner") was actually created for an Apple II. Windows has always been a much larger target with many more attack vectors, so that's why the virus creators targeted that platform for so many years. Yes, the Mac is very secure, with many layers of protection, but no computer will ever been perfectly secure. It will always be a constant cat-and-mouse game, so let's hope that Apple is invested sufficiently into this to stay ahead of the game.
Things definitely don't "just work" anymore. My iPhone still starts in landscape and rotates to portrait, then any app i open starts in landscape and rotates to portrait. And yosemite has major stuttering issues, mouse cursors not changing, etc
I agree 100%. It seems as mac market grows so does the vulnerability. In fact it's almost a perfect relationship based on the graphs on the links that Steve121178 provided.
The issue with such a low level hack, though, is that even by requiring passwords, any myriad of exploits (across many/any level/version of the OS) used in tantrum to circumvent permission checking allows access to writing firmware through a common exploit that becomes permanent and reproducible. That's what makes this bug severe, imo.
It's not as bad as XP's permission system, but it could potentially be a crappy exploit. An example in tombiscuit's context is: leaving your window cracked (but you think locked at that level) and a robber using a coat hanger, crafted in a very specific shape, to release the crack-locks and opening the window, then using the device to steal your house
You know what they say about "assumptions" ...
Why are you making a personal attack?
Have you failed to read the forum rules?
Respectfully...before you assume that you know exactly what I had in mind, look in the mirror and check yourself. I was offering a comment based on a big picture view of many defenders, at no time did I reference it strictly to the article or this thread. And yes I _always_ read the post I'm responding to, thank you.
My apologies about the Sir remark, but that could've been a compliment.
But let me remind you about your original comment:
Apple enthusiasts busy defending Apple, while living in complete denial about the risks, are just what Apple counts on, so they can push security down their list of priorities.
I think you're the one assuming that:
- Apple is relying on enthusiasts to live in complete denial...
- ...so that they can push secure down their list of priorities.
There will always be new vulnerabilities discovered, and it's important that we don't take the stance of blaming a company for not discovering them first.
The article describes an initial exploit that uses a trojan to infect a Mac's firmware, which then spreads to attached peripherals' option ROMs. This is just an example though.
The real problem is that plugging those infected peripherals into a clean computer will infect that computer silently without user interaction.
This is what bothers me
This is what bothers me about google and NSA. EVERYTHING is hackable at one point or another. If not now, then in the future.
This is what bothers me about google and NSA. EVERYTHING is hackable at one point or another. If not now, then in the future.
The most effective worms, viruses and malware haven't required much if any user intervention. I might be wrong but I can't think of a single example that's been a major threat AND that's also required the user to input an admin password in order to spread. Most have immediately and dirtily exploited bugs in the OS, such as Blaster, or ILoveYou.
I suspect this malware sounds worse than it ever could be in reality. As somebody's already mentioned, with Gateway and Xprotect within OS X, Apple has the ability to kill things quickly and immediately, without the user even being aware. And with the death of Flash taking place before our eyes... And who have you ever shared a Thunderbolt device with?
It all sounds a bit too unlikely, I'm afraid.
This worm has nothing to do with OS X, except it's the initial attack vector. Once installed, this is a pre-OS infection. It's a hardware infection. That's why it's so scary, and it ALSO demonstrates that this has nothing to do with Macs. PCs and peripherals of ANY brand could be infected in the same way if their firmware is not properly secured. That's where Apple needs to be investing its energy... security at the hardware level, which includes Macs, cables, Airport routers, Apple TVs, iPods, iPhones and iPads. Pretty much any device with firmware chips in it.
the linked wired article clarifies this. certainly, the initial infection would occur via a trojan. but from there on it becomes a worm that spreads by infecting any peripherals that contain firmware chips (e.g Apple thunderbolt ethernet adapter) and plug into the infected computer. they also mention things like intentionally infected peripherals sold on E-Bay and elsewhere. As you say all this stuff lives directly in firmware so no OS level protection (rootless, El Capitan or whatever) will help. Firmware level protection is required to deal with this. The article suggests that PC manufactures cryptographically sign their firmware and firmware updates and include some kind authentication mechanism for verifying these signatures. Apple could and IMO should do that.
I very much agree that the audience that will be affected will be slim - it requires exploiting at too many different levels or a delivery under a variety of guises to spread and exploit at a massive scale, but I don't think that discounts the severity of the bug at all, it is very severe because of how low on the totem it is.
So do the security researchers release the exploits they discover into the wild? And if so, thats very irresponsible of them. Shouldnt they be preventing malware spread not being an accessory?
Yes and it isn't irresponsible. Time and time again this is the only way to get vendors to fix their products. Even then vulnerabilities still get ignored.
1. don't buy cables from shady sources
2. don't borrow cables from anyone
3. don't use cables at all (now we know why Apple removed all the ports)
4. don't visit shady websites
5. Pray that the non-shady websites are not infected
6. Pray that Apple puts out a patch soon
2. don't borrow cables from anyone
3. don't use cables at all (now we know why Apple removed all the ports)
4. don't visit shady websites
5. Pray that the non-shady websites are not infected
6. Pray that Apple puts out a patch soon
MacRumors and Co. do anything to turn this into FUD and clicks.
This is stupid, to infect the Ethernet dongle, you need to have an infected machine, to have an infected machine you either need a machine running an old firmware, with physical access, and that person to lend the thunderbolt accessory to the other...
Thats like saying we're gonna continue to let criminals murder and rape people until we have better law enforcement. We know thats not the answer, prevention is. Its an idiotic mindset.
