Hackers at the popular Chaos Computer Congress in Hamburg, Germany, managed to demonstrate an interesting type of attack on some OS X computers that, if successful, cannot be detected or removed.
The attack takes advantage of the Thunderbolt port found on all Macs launched after February 2011, a high-speed interface that lets users connect all sorts of peripherals and monitors to OS X computers, allowing hackers to inject malicious code on the infected machine.
The good news is that not only is Apple aware of the problem — a fix is already available in the latest iMac with Retina display and Mac mini generation — but attackers actually need physical access to a Thunderbolt port to deploy the “Thunderstrike” software.
Assuming that’s something they can do, once the malicious software is installed on a Mac using Thunderbolt ports as a point of entry, the affected users will have no way of telling what’s going on with the machine. Furthermore, the firmware can’t be removed, as it replaces the RSA key, making future firmware updates from Apple impossible.
The software is also clever enough to copy itself to different devices connected to the infected Mac.
This particular attack on OS X computers isn’t currently in use, or at least researcher Trammel Hudson, who presented the security issue, is not aware of such attacks. The full presentation detailing this particular Mac hack is available at the source link, with one slide from it following below.