Macs vulnerable to virtually undetectable virus that “can’t be removed”
Filed under: MAC / APPLE, Wasaga Beach Geeks, Wasaga Beach Geeks
A security researcher has discovered a way to infect Macs with malware virtually undetectable and that ‘can’t be removed.’
The attack, which has been called Thunderstrike, installs the malicious code into the Boot ROM of the system via the Thunderbolt port.
Want to automatically respond to incoming text messages? This simple step-by-step guide will show you how to do it yourself in 10 minutes.
Trammell Hudson, who works for hedge fund Two Sigma Investments and is also the creator of the Magic Lanternopen-source programming
environment for Canon DSLRs, discovered the vulnerability after his employer asked him to look into the security of Apple notebooks.
“A few years ago we were considering deploying MacBooks and I was asked to use my reverse engineering experience to look into the reports of rootkits on the Mac
to see if it was possible to patch the firmware to be secure against them,” wrote Hudson in a summary of the vulnerability.
After initially discovering that the Boot ROM could be tampered with if the notebook was physically dismantled to give access to the chip soldered onto
the motherboard, he then refined this technique so the attack could be carried out via the system’s Thunderbolt port.
“It turns out that the Thunderbolt port gives us a way to get code running when the system boots,” Wrote Hudson. “Thunderbolt brings the PCIe bus
to the outside world and at boot time the EFI firmware asks attached devices if they have any Option ROMs to be run.”
Hudson discovered that he could use a modified Apple gigabit Ethernet Thunderbolt adapter to carry out the attack.
“Since it is the first OS X firmware bootkit, there is nothing currently scanning for its presence. It controls the system from the very first instruction,
which allows it to log keystrokes, including disk encryption keys, place backdoors into the OS X kernel and bypass firmware passwords,” Hudson said.
And once it is on your system, it is incredibly hard to remove.
“It can’t be removed by software since it controls the signing keys and update routines. Reinstallation of OS X won’t remove it.
Replacing the SSD won’t remove it since there is nothing stored on the drive.”
“The classic ‘evil-maid’ attacks also are feasible. Given a few minutes alone with your laptop, Thunderstrike allows the boot ROM firmware to be replaced,
regardless of firmware passwords or disk encryption,” explains Hudson. “So while you are getting breakfast at the hotel during a conference and leave the machine
in your room and house-cleaning comes by to make up the bed, install the firmware backdoors, and replace the towels.”
According to Hudson, Thunderstrike “is effective against every MacBook Pro/Air/Retina with Thunderbolt.”
Fortunately, Hudson reports that Apple is working on an update that will prevent malicious code from being written to the Boot ROM via the Thunderbolt port. However, this update would not protect the system from having the Boot ROM tampered with directly.
One defense against this would be to paint over the case screws with glitter nail polish and take close-up photos of the seal you created. The glitter in the nail polish sets into a random pattern that would be impossible to replicate, and as long as you keep the photos safe, you can make sure they screws haven’t been messed with.
Wasaga Beach Geeks Launch Civil Defamatory & Copyright Infringement Suit
Filed under: NEWS, Wasaga Beach Geeks, Wasaga Beach Geeks
Finally after 2 months of Legal Action, John Prentice and a Local Computer Store My Computer People had their slanderous webpage removed from the Internet and a Civil Law Suit that is in place for Defamation & Intellectual Property Copyright Infringement.
This was regarding the site http://www.hoganscottcourrier.com that was created with the intent to discredit Wasaga Beach Geeks and Hogan Courrier. You will notice if you click on the link it gives a 404 error now.
Here is the letter from Dreamhost Hosting Company;
Hello Hogan,
I am in receipt of the court filing document indicated below, and in
accordance with U.S. law we will not allow further hosting of a page
containing the alleged infringing image on our network until such time as
the court renders its decision and finds the image does not violate your
copyright.
If you have further questions about this please let me know.
On Wed, 12 Nov 2014, you wrote:
> As per 17 USC 512(g)(2)(B), I have filed my claim and faxed it to you.
Wasaga Beach Geeks 705-812-8122
The Wasaga Beach Geeks will strive to bring you the best in professional computer related service, support and knowledge.
The Geek is the specialist when it comes to Resolution, Repair, Service & Support.
Try And See! Don’t Freak, Call The Geek!
PHONE NUMBER – 705-812-8122
24 HOUR SUPPORT LINE -705-984-GeeK (4335)
Email The Geek Here! geek@geekguy.ca
Listen To 97.7 The Beach every 3rd Wednesday for Ask The Geek with Rod West & Hogan Courrier.
Wasaga Beach Geeks Anti Virus Guarantee
Filed under: Community News, Software Support, Wasaga Beach Geeks
1 Year Guarantee Virus FREE or we clean for FREE.
You cannot find a deal like this anywhere, and the GEEKS will back it up in writing.
Vipre Internet Security, on sale now at Wasaga Beach Geeks with 1 Year Warranty.
ONLY $49.95 Per Year to be Virus Free Guaranteed!
This is a deal that will bring you peace and security for a full year!
This deal will not last long, call The Geeks ASAP and get the confidence of the GEEK behind you.
1-705-812-8122 or 705-984-4335
Wasaga Beach Geeks
798 Mosley Street, Wasaga Beach Ontario, L9Z2H5
geeks@wasagabeachgeeks.com
Wasaga Beach Geeks Computer Repair & Service
705-812-8122 or 705-984-4335
Providing Quality Computer Repairs, Service & Sales
PC & Apple Tune Ups and Virus Removal
High Speed Web Hosting
Free Internet Hotspot & Internet Café
IPhone & Android Smart Phone & Tablet Repair
Free Local Faxing & Printing Services
Laminating, Flyers, Resume’s
Unbeatable Prices on Ink & Toner
Onsite & Depot Service For PC & Apple
Networking & Security Specialists
Computer Parts & Accessories
New & Refreshed Laptops & Systems
The Geeks are your source for knowledge, service, price and quality, Try us and see, we will not disappoint, you the customer.
We treat our customers with Kindness and Respect.
Wasaga Beach Geeks
Wasaga Beach Geeks Is NOW OPEN For Business
We are located at 798 Mosley Street in Wasaga Beach Ontario
Phone 705-812-8122 or 613-210-0896
Starting May 10th to to May 17th we will be offering Kaspersky Internet Security 2014 for $15.00 off the regular price of $49.95. This includes a one year warranty, (if you get a virus or infection while running Kaspersky, we will clean it at no charge). There is only one computer store that offers this type of secure protection and that’s “The Geeks” at Wasaga Beach Geeks.
Looking for a Computer System, Laptop or Network Solution for your home or business? Call Wasaga Beach Geeks today to let us inform you of all the options that are available for you.
We provide FREE Local Faxing and offer printing to serve all your printing needs. We provide the best price on Printer Ink’s and Toner Guaranteed, we will beat any advertised price on Ink and Toner, we guarantee any ink cart by next business day if not in stock with FREE shipping.
The Geeks can fix your cracked or broken Smart Phone too.