-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Sunshine, I'm just going to throw some information in here as a security person because this is some interesting (and scary) stuff.
A lot of research is being done in these areas, because a lot of firmware is vulnorable to attacks, but lets back up a second and talk about what firmware really is and why it matters. On a lot of hardware (processors, harddrives, etc) there exists what is known as firmware. To be more specific, it's called microcode on a processor, but that's slightly different). The firmware is a set of instructions that works much like a program, but on a lower level. For example the firmware on a harddrive might check on broken sectors and store that somewhere that can be retrieved. There's a lot more under the hood, but this is basically what makes individual pieces of hardware function. You've probably heard of BIOS updates, this is the exact same thing. Researchers and attackers are now finding out that it's really useful and handy to attack this stuff at a lower level; as you already stated, reformatting doesn't help. If I infect your harddrive, there's nothing a reformat can do; especially if I'm able to inject code that will install the virus back on your system when it vanishes. Granted it is a lot more complicated than that, but the idea still stands. This is mostly possible because firmware is written at a really low level. The goal, especially for processors is to gain as much speed as possible, while writing the smallest code possible. So until recently, people didn't really start hacking firmware to be molicious and security never was an issue. Now that security is an issue and this is becoming a problem (infected firmware on flash drives is a great example), we're starting to take a look at ways to prevent this. While this may be useful, it has a huge number of problems. If this problem were to be solved, or at least mostly solved next month, it wouldn't apply to current and even some newer stuff until the problem fix could be encorporated. Even then you have a few issues: 1) Does antivirus software have to start checking for firmware? What happens if it finds hacked firmware? 2) Should hacked firmware be found, how would you handle it? 3) You could restore someone's firmware through an update, but what would prevent a virus from reinstalling the molicious firmware? Also to the same point, if you allow for updates to happen, would it also be easy for an attacker to inject their own firmware? How do you securely allow for updating? Now PCS have a better time of it, because there's such a wide range of hardware out there that it's going to be hard to target everyone. The thing with a lot of tablets, androids (most popular models) is that there's a smaller range of hardware. The scary thing about Apple devices is if you were to attack iPhones you could focus on say 5, 5S, 6 and 6+ which pretty much insures you'll get a huge chunk of people. This is probably why this is going to be more common in the near future. HTH, On 8/3/2015 5:51 PM, Sunshine wrote: > Thought you all might want to read this. > > > http://betanews.com/2015/08/03/macs-are-vulnerable-to-thunderstrike-2-firmware-malware-that-survives-formatting/ > > > > > - -- Take care, Ty twitter: @sorressean web:http://tysdomain.com pubkey: http://tysdomain.com/files/pubkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVwDhVAAoJEAdP60+BYxejQvQH/A5I9c1g8UcdAYhU/hg0NqFO 4DEpxFcO+WSy9sY8N8tBlcdHuZWkoPUGJaVZXN9GJDc2rnm8ruTW3R9BfNuDF20Z sAgBct0RiynSpgq3xJ5uNOWkMnNJ1IQvhL+6Ltza03TW6+mHVnivXAgQoUbLOovk zKzenFNiggfD82ovFhhKD33yG/vAacYIfBG73M6oIxh8yVtXbmxu5jATDZo3zNoQ PuK87YSbw6lCvsmfcO6M4z2n1UA6v4EraVehyJVIa1B9t93stqGaMg0XzGlD3N1k wpnDatLB+Ryp5O0A2pbJdq6g3qWp008RBBtmPD3AJCe5JYJJBNkXa4iIAZJPkx4= =1Oc9 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at http://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
