More Hardware Based Infection Vectors
[index]
[1,557 page views]
A vulnerability analyst developed a proof of concept for infecting OS X computers with a persistent rootkit simply by plugging in a Thunderbolt device. A customized Thunderbolt device can send unsigned firmware updates into the host machine that are accepted into the host's Option ROM. Upon reboot, the rootkit begins execution before the OS even loads, allowing it to perform whatever nefarious functions it wants via hooks and patches on the loaded code before security software ever has a chance to see it. The technique is more dastardly version of existing techniques - exfiltrating/infiltrating data via FireWire DMA or the Dirty USB presented at 2014's BlackHat.