Slashdot Mirror

← Back to Stories (view on slashdot.org)

Thunderbolt Rootkit Vector

Posted by Soulskill on Tuesday December 23, 2014 @07:46AM from the like-USB-but-better dept.

New submitter Holi sends this news from PC World: Attackers can infect MacBook computers with highly persistent boot rootkits by connecting malicious devices to them over the Thunderbolt interface. The attack, dubbed Thunderstrike, installs malicious code in a MacBook's boot ROM (read-only memory), which is stored in a chip on the motherboard. It was devised by a security researcher named Trammell Hudson based on a two-year old vulnerability and will be demonstrated next week at the 31st Chaos Communication Congress in Hamburg.

3 of 163 comments (clear)

Min score:

Reason:

Sort:

Hasn't this been known? by maccodemonkey · 2014-12-23 08:04 · Score: 5, Insightful

Firewire, USB 3.0, and Thunderbolt all have DMA, which means any device hooked to a host can pretty much do anything they want to the host, no matter what the host hardware or OS is. I didn't think this sort of thing was still news?
Re:uh - by design? by Holi · 2014-12-23 08:10 · Score: 5, Informative

It can. See BadUSB.

--
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Attacker does *not* need physical access ... by perpenso · 2014-12-23 09:13 · Score: 5, Insightful

An attacker with physical access to the target is usually a bad thing (tm),
The attacker does not need physical access. All the attacker needs to do is sell hacked thunderbolt cables on ebay or alibaba.