Leave a comment

Macs are wide open to a virus you can't see and can't remove

Macs are wide open to a virus you can't see and can't remove
Oleg GawriloFF / Shutterstock.com

I get plenty of questions from readers about the Mac-versus-PC debate and many of them think Mac computers are immune to viruses. It's a common misconception that's definitely not true. There's plenty of malware and viruses out there for Mac computers. And, the latest one is a real doozy because it's nearly impossible to detect or remove.

The Thunderstrike virus was discovered by security researcher Trammel Hudson, who found that he could replace a MacBook's Boot ROM by plugging a modified adapter into the laptop's Thunderbolt port. The Boot ROM is the first piece of code that runs on a computer when you turn it on, so if it's replaced by a virus it wouldn't be detected by anti-virus software or other security features.

"Since it is the first OS X firmware bootkit, there is nothing currently scanning for its presence. It controls the system from the very first instruction, which allows it to log keystrokes, including disk encryption keys, place backdoors into the OS X kernel and bypass firmware passwords," Hudson said.

Once Thunderstrike is loaded onto the computer, it could log your keystrokes and access other vulnerable parts of your computer. It could work with any MacBook Pro, Air or Retina that has a Thunderbolt port.

Apple is currently developing a fix to prevent criminals from loading the virus onto your computer via the Thunderbolt port. Until then, there's not much you can do.

"It can't be removed by software since it controls the signing keys and update routines. Reinstallation of OS X won't remove it. Replacing the SSD won't remove it since there is nothing stored on the drive" [Hudson said].

The best advice I can give you is to keep an eye on your computer at all times. Don't leave it unattended in public places or hotel rooms where someone could potentially plug a virus-filled adapter into your Thunderbolt port.

Even with Apple's fix, the computers aren't completely safe. A criminal could still mess with your boot ROM directly by taking the computer apart, though that would take a little more effort and time.

Next Story
Source: ZDNet
View Comments ()
Facebook will notify you when a child goes missing near you
Previous Happening Now

Facebook will notify you when a child goes missing near you

Anonymous attacks militant Islamists
Next Happening Now

Anonymous attacks militant Islamists