From arstechnica.net: Thunderstrike allows anyone with even brief access to install stealthy malware. http://arstechnica.com/security/201...otkit-for-os-x-can-permanently-backdoor-macs/ I believe that something similar was posted in the iMac forum discussing a Thunderbolt security issue in 2012. The post by snare was quite interesting, but it appears that the attack has been developed since the last discussion. While it would seem that physical access is needed, there might be a number of possible attack scenarios: 1. iMac or other non portable Mac in a office where cleaners and other staff have access. 2. User operates portable Mac in office or other shared space, but doesn't keep in sight at all times. 3. User purchases a used Mac including a shop demo. 4. User purchases refurbished Mac - can we be sure that Apple checks/reflashes firmware during the refurb process? 5. User purchases or attaches a used or untrusted Thunderbolt device. More technical details here: https://trmm.net/Thunderstrike_31c3 Hour long presentation on the talk describing the reverse engineering process and details here: https://www.youtube.com/watch?v=5BrdX7VdOr0 The video covers the same ground as the annotated version of the presentation, but helps if you want a better understanding of a complex (for most people) topic.