Profile cover photo
Profile photo
For Better Tomorrow
For Better Tomorrow


Facebook's latest feature Alerts You if Someone Impersonates Your Profile

Online harassment has been elevated a step with the advent of popular social networks like Facebook.
Cyber stalkers create fake profiles impersonating other Facebook users and start doing activities on their behalf until and unless the owners notice the fake profiles and manually report it to Facebook. Even in some cases, cyber stalkers block the Facebook account holders whom they impersonate in order to carry out mischievous tasks through fake profiles without being detected by the actual account holders. But now, online criminals can no longer fool anyone with impersonation method, as Facebook is currently working on a feature that automatically informs its 1.6 Billion user base about the cloned accounts. If the company detects a duplicate Facebook account of a user, it will automatically send an alert to the original account holder, who'll be prompted to identify if the profile in question is indeed a fake profile impersonating you or if it actually belongs to someone else.
How would Facebook identify the Clone Profiles?
The new feature would reportedly inform Facebook users about their cloned accounts when it finds a perfect match of both profile pictures and profile names.
However, it seems like Facebook would use its one of the world's best face recognition technologies to identify users' fake profiles.
While uploading a group pic of you with your friends, you might have noticed how Facebook automatically detects your friend's face and suggests the correct names without manually feeding into it.
This face recognition technology could be utilized by Facebook's new feature that eliminates the chance of profile duplication and ends up the doppelganger business.
Here you might be thinking that if 2 accounts are made identical, then how would Facebook identify the legit user? Right?
This difference would be decided by Facebook's core security team by analyzing and comparing the user's activities and date of account creation.
But one question still remains in my head:
If Facebook identifies the difference on the basis of account creation, then What if someone creates a fake profile of a user, who hasn't joined the network yet?
Okay, if Facebook cannot stop this, as the company can not compare the fake user to the original user, who doesn’t exist on its platform.
But what if the user joins the network later? Then in this case, Facebook would notify to whom? The stalker who owns the fake profile, as it was created first?
I have already reached out to Facebook for a comment and will update the article as soon as I get to hear from it.
Why is Impersonation Dangerous?
According to the Facebook Head of Global Safety Antigone Davis, impersonation is a source of harassment, particularly for women, on the social media platform, despite Facebook's longstanding policy against it.
"We heard feedback [before] the roundtables and also at the roundtables that this was a point of concern for women," Davis told Mashable. "It's a real point of concern for some women in certain regions of the world where [impersonation] may have certain cultural or social ramifications."
We have seen a plethora of impersonation examples spanning around the Facebook case studies.
the Impersonation is a tool in the sextortionist's bag.
Threatening to use women's photos to associate them with prostitution was one trick used by Michael C. Ford, the former US Embassy worker who was sentenced to nearly 5 years in jail after pleading guilty to sextorting, phishing, breaking into email accounts, stealing explicit images and cyberstalking hundreds of women around the world.
Facebook's new security measure would also give a degree of trust to women who are stepping back to upload their real images on the platform due to the fear of impersonation.
Facebook has already introduced this new feature to 75% of the World, including India, Brazil, some South American countries and South East Asian zones, where the usage of the social network is prevalent. The feature will be rolled out in November for the rest of the world.
Features Yet to Release!
Parallely, Facebook is also working on similar two technologies which report non-consensual intimate images and a Photo Checkup feature.
Non-consensual intimate images reporting facilitates the user to report any nudity in the Facebook and additionally it also avails the option to identify themselves as the subject of the photo (if so).
The Photo Checkup feature is similar to Facebook's Privacy Dinosaur, which helped users check their privacy settings such as profile info, status info and which apps have the access to the accounts in a single popup window.
Likewise, Photo Checkup is exclusively dedicated to figuring out: Who can view your photos and who cannot!
Facebook is rolling out many security-centric features, which bolsters the security and privacy of User Information in the virtual world.

Post has attachment
Apple is working on New iPhone Even It Can't Hack

Amid an ongoing dispute with the United States government over a court order to unlock iPhone 5C of one of the San Bernardino shooters Syed Farook…
...Apple started working on implementing stronger security measures "even it can't hack" to achieve un-hackability in its future iPhones.
The Federal Bureau of Investigation (FBI) is deliberately forcing Apple to create a special, backdoored version of iOS that could let them brute force the passcode on Farook's iPhone without erasing data.
However, the FBI approached the company to unlock the shooter's iPhone 5C in various ways like:
Create a backdoor to shooter's iPhone.
Disable the Auto-destruct feature after numerous tries.
Increase the brute force time to try out all combinations.
Minimize the time of waiting for a window after each try. Apple is still fighting the battle even after the clear refusal to the court that it will not provide any backdoor access to the agency that would affect its users’ privacy and security in near future.
New iPhones will be Unhackable
Apple has taken this sensitive issue on top priority in their stack to solve the privacy and security of public by covering any existing way out (if any).
According to the New York Times, Apple is working on new security measures that would prevent the governments or federal enforcements from using passcode bypassing techniques to access iPhones or any iOS devices in the future.
This breakthrough would ensure that the upcoming Apple products would not be subjected to any susceptibility by any means.
In short, the main highlight of this move is that even Apple could not be able to intercept into their customer data whether it is for criminal identification demand from FBI or any government spying agency like NSA.
In San Bernardino shooter's case, Apple helped the FBI in every possible way by providing iCloud Backup of Farook and suggesting other alternative ways to view his iPhone data.
But, Apple refused to the FBI Request and Californian Judge demands for the backdoor creation in order to pull out the terrorist data from iPhone 5C.
"The only way we know would be to write a piece of software that we view as sort of the software equivalent of cancer. We think it's bad news to write. We would never write it. We have never written it," stated Apple CEO Tim Cook in an interview.

Post has attachment
USBKill — Code That Kills Computers Before They Examine USBs for Secrets..

USBkill — A new program that once activated, will instantly disable the laptop or computer if there is any activity on USB port.

Hey Wait, don’t compare USBkill with the USB Killer stick that destroy sensitive components of a computer when plugged-in.

"USBKill" is a new weapon that could be a boon for whistleblowers, journalists, activists, and even cyber criminals who want to keep their information away from police and cyber thieves.

It is like, if you are caught, kill yourself. In the same fashion as terrorists do.

Here I am not talking about to kill yourself, but to kill the data from your laptop if the law enforcement has caught your laptop.

USBkill does exactly this by turning a thumb drive into a kill switch that if unplugged, forces systems to shut down.

Hephaestos (@h3phaestos), the author of USBkill, reports that the tool will help prevent users from becoming the next Ross Ulbricht, founder of the infamous underground drug marketplace Silk Road, who was arrested in a 2013 FBI raid in which his laptop was seized by law enforcement agencies.
"USBKill waits for a change on your USB ports, then immediately kills your computer," a Github document states.
Completely Wipe up any pieces of evidence before Feds caught you:

Generally, the kind of activities on USB port include the police installing a mouse jiggler – a tool that prevents computer systems from going to sleep, and any USB drive being removed from the computer.

"If this happens you would like your computer to shut down immediately," Hephaestos says. Simply, tie a flash USB key to your ankle, and instantly start USBkill when the police or any other law enforcement official caught you with a laptop.

In case, they steal or take your laptop or computer with them, they would definitely remove the USB drive that will immediately shut down your laptop.

The author of USBkill states that the program could be very effective when running on a virtual machine, which would vanish when you reboot.

The author says that USBKill will be added to additional commands and functions. However, it does work correctly and efficiently in its current state as well.

Post has attachment
Record-breaking 1Tbps Speed achieved Over 5G Mobile Connection..

New Generations usually bring new base technologies, more network capacity for more data per user, and high speed Internet service, for which Internet service providers usually advertise. However, it is believed that the fifth generation (5G Technology) of mobile network will be beyond our thoughts.
Security researchers from the University of Surrey have just achieved Record-Breaking data speeds during a recent test of 5G wireless data connections, achieving an incredible One Terabit per second (1Tbps) speed – many thousands of times faster than the existing 4G connections.
After 4G, 5G is the next generation of mobile communication technology that aims at offering far greater capacity and be faster, more energy-efficient and more cost-effective than anything that has seen before. The boffins say 5G will be different – very different.
The 5G test was conducted at the university's 5G Innovation Centre (5GIC), which was founded by a host of telecoms industry partners including Huawei, Fujitsu, Samsung, Vodafone, EE, Aircom, BT, Telefonica, Aeroflex, BBC and Rohde & Schwarz.


1Tbps of speeds are far faster than previously announced 5G tests – Samsung’s 7.5 gigabits per second (Gbps) record, which was 30 times faster than 4G LTE (Long-Term Evolution) speed and just less than 1% of the Surrey team's speed.
"We have developed 10 more breakthrough technologies and one of them means we can exceed 1Tbps wirelessly. This is the same capacity as fiber optics but we are doing it wirelessly," 5GIC director Prof Rahim Tafazolli told the news website V3.
With 1Tbps, it is possible to download a file 100 times the size of a feature film in just three seconds. This incredible speed is over 65,000 times faster than the current 4G download speeds.
The test was carried out over a distance of 100 meters using equipment built at the university. The head of the 5GIC said he planned to demonstrate the technology to the public in 2018. It’s believed that 5G could possibly be available in the UK by 2020.
UK communications regulator Ofcom has been supportive of efforts to get 5G to the public. Ofcom previously said it expected 5G mobile should be able to deliver speeds between 10 and 50Gbps, compared with the 4G average download speed of 15 Megabits per second (Mbps).
According to Prof Tafazolli, there were hurdles to overcome before 5G would be ready, he said, "An important aspect of 5G is how it will support applications in the future. We don't know what applications will be in use by 2020, or 2030 or 2040 for that matter, but we know they will be highly sensitive to latency."
There is a need to bring "end-to-end latency down to below one millisecond" in order to enable latest technologies and applications which would just not be possible with 4G. Tafazolli mentioned 3D holographic chess games on smartphones, controlling connected cars over 5G and other possible future applications requiring such low latency.
5G will, no doubt, provide a high speed Internet connectivity that would be really a great news for all, but that would be a distinction for cyber criminals as well. In Future, by leveraging 5G technology, it would be very easy for hackers and cybercriminals to take down almost any website on the Internet using Distributed Denial of Service (DDoS) attacks.
In Era of expected 50Gbps Internet speed at home or business, there would be no need for cyber criminals to make a critical infrastructure of botnets by compromising hundreds of thousands of devices, rather they only need few devices with 5G Internet connection to launch the ever largest DDoS attack of around 1 Tbps.
To resolve such issues in future, High speed Internet service providers and online communications service providers need to setup real time monitoring, reporting, limiting, and mitigation and protection mechanism against DDoS attacks in an attempt to protect online users.

Post has attachment
NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware..

The U.S. National Security Agency (NSA) may be hiding highly-sophisticated hacking payloads in the firmware of consumer hard drives over the last 15 to 20 years in a campaign, giving the agency the means to eavesdrop on thousands of targets’ computers, according to an analysis by Kaspersky labs and subsequent reports.
The team of malicious actors is dubbed the the "Equation Group" by researchers from Moscow-based Kaspersky Lab, and describes them as "probably one of the most sophisticated cyber attack groups in the world," and "the most advanced threat actor we have seen."
The security researchers have documented 500 infections by Equation Group and believes that the actual number of victims likely reaches into the tens of thousands because of a self-destruct mechanism built into the malware.
Russian security experts reportedly uncovered state-created spyware hidden in the hard drive firmware of more than dozen of the largest manufacturers brands in the industry, including Samsung, Western Digital, Seagate, Maxtor, Toshiba and Hitachi.
These infected hard drives would have given the cyber criminals persistence on victims' computers and allowed them to set up secret data stores on the machines, which is only accessible to the malicious hackers.
One of the most sophisticated features of these notorious piece of hacking tools is the ability to infect not just the files stored on a hard drive, but also the firmware controlling the hard drive itself. The malware is hidden deep within hard drives in such a way that it is difficult to detect or remove it. If present, once the victim insert that infected storage (such as a CD or USB drive) into an internet-connected PC, the malicious code allows hackers to snoop victims' data and map their networks that would otherwise be inaccessible.
Because the malware isn't sitting in regular storage, so it is almost impossible for a victim to get rid of it or even detect it. Such an exploit could survive a complete hard drive wipe, or the re-installation of an operating system, and "exceeds anything we have ever seen before," the company's researchers wrote in a re​p​ort.
The firm recovered two modules belonging to Equation group, dubbed EquationDrug and GrayFish. Both were used to reprogram hard drives to give the malicious hackers ability to persistently control over a target machine.
GrayFish can install itself into computer's boot record — a software code that loads before the operating system itself — and stores all of its data inside a portion of the operating system known as the registry, where configuration data is normally stored.EquationDrug, on the other hand, was designed to be used on older versions of Windows operating systems, and "some of the plugins were designed originally for use on Windows 95/98/ME" — very old versions of Windows OS that they offer a good indication of the Equation Group's age.
The campaign infected tens of thousands of personal computers with one or more of the spying programs in more than 30 countries, with most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
The targets included government and military institutions, telecommunication providers, banks and financial institutions, energy companies, nuclear researchers, mass media organisations, and Islamic activists among others.
Security researchers are calling the malware as the "ancestor" of Stuxnet and Flame, the most sophisticated and powerful threats that were specially designed to spy and sabotage ICS and SCADA systems.
Kaspersky declined to publicly name the country or agency behind the spying campaign, but said it was closely linked to Stuxnet — the NSA-led cyberweapon that was used to sabotage the Iran's uranium enrichment facility.
Also, the similarities when combined with previously published NSA hard drive exploits have led many to speculate that the campaign may be part of the NSA program. NSA is the agency responsible for global surveillance program uncovered by Whistleblower Edward Snowden.
Another reason is that most of the infections discovered by the Moscow-based security firm have occurred in countries that are frequently US spying targets, such as China, Iran, Pakistan and Russia.
Meanwhile, Reuters reported sources formerly working with the NSA confirmed the agency was responsible for the attacks and developed espionage techniques on this level.
In case, if NSA found to be involved, the malicious program would have given the NSA unprecedented access to the world's computers, even when the computers are disconnected from the outer web. Computer viruses typically get activated as soon as a device is plugged in, with no further action required, and this because the viruses are stored on a hard drive's firmware.
Back in July, independent security researchers discovered a similar exploit targeting USB firmware — dubbed BadUSB — however there was no indication of the bugs being developed and deployed by Equation Group at this scale.
The issue once again raises the questions about the device manufacturers' complicity in the program. They should take extensive and sustained reverse engineering in order to successfully rewrite a hard drive's firmware.
For its part, the NSA declined to comment on the report.

Post has attachment
Hackers Stole $300 Million from 100 Banks Using Malware..

Despite increased online and mobile banking security, banks are more often being targeted by hackers. A hacker group has infiltrated a number of banks and financial institutions in several countries, stealing hundreds of Millions of dollars in possibly the biggest bank heist the world has ever seen.
According to a report published by the New York Times on Saturday, hackers have stolen as much as $1 Billion from more than 100 banks and other financial companies in almost 30 nations, making it "the most sophisticated attack the world has seen to date."n late 2013, banks in Russia, Japan, Europe, the United States and other countries fell victim to a massive, sophisticated malware hack that allowed the hackers to spy on bank officials in order to mimic their behavior, according to an upcoming report by Kaspersky Labs received by the NY Times.
In order to infect bank staffs, the hacker group sent malicious emails to hundreds of employees at different banks. Once open, the email downloads a malware program called Carbanak, that allegedly allowed perpetrators to transfer money from the banks to fake accounts or ATMs monitored by criminals.The exact figure of the stolen amount is unclear, though, according to the cybersecurity firm, the total theft could be more than $300 Million. Because, the hackers only swiped $10 million at a time and some banks were targeted more than once.
"This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert," Chris Doggett, manager of Kaspersky's North American office in Boston, told the Times.
However, the cyber security firm does not name the banks and financial institutions involved in the massive theft operation in its report. But, the interesting part is that no banks have come forward to reveal that they have been hacked in this largest theft.HISTORY OF CYBER HEIST
This is not first time when hackers have made banks and financial institutions as their target. In past, they had carried out a number of bank crimes. The list is given below:
In March, 2012 - A Russian hacker was sentenced to two years in US prison for his involvement in a global bank Million Dollar Fraud scheme that used hundreds of phony bank accounts to steal over $3 million from dozens of U.S.accounts. He was responsible for the Zeus banking malware that was used to carry out the fraud.
In October, 2012 - FBI arrested 14 people who used cash advance kiosks at casinos located in Southern California and Nevada and robbed over $1 million from Citibank.
In May, 2013 - A gang of cyber-criminals operating in 26 countries stole $45 Million by hacking into the database of prepaid debit cards, making it the biggest bank robbery in the history.
In July, 2013 - A hacker group allegedly broke into the computer networks of more than a dozen of major American and International corporations and stole 160 million credit card numbers over the course of 7 years, making it the largest data theft case ever prosecuted in the U.S.
In October, 2013 - The Dutch police arrested four people who used TorRat Malware to target two out of three major Banks in the Netherlands and stole over Millions of Dollars from Banking Accounts.
2 Photos - View album

Post has attachment
Ultra-secure Blackphone Vulnerability lets Hackers Decrypt Texts..

The makers of ultra secure BlackPhone titled by Silent Circle as, "world’s first Smartphone which places privacy and control directly in the hands of its users," have recently fixed a critical vulnerability in the instant messaging application that allows hackers to run malicious code on the handsets.
BlackPhone was also hacked last year at the BlackHat security conference, but the interesting factor about the recent hack was that the attackers only needed to send just a message on a targeted phone number in order to compromise the device.
The vulnerability was first discovered and disclosed by Mark Dowd, a principal security researcher at the Australia-based consultancy firm Azimuth Security. Dowd discovered the issue late in 2014, but waited to disclose it until Blackphone got their patches and fixes in place.
The flaw actually resides in Silent Text application — the secure text messaging application bundled with the BlackPhone handsets, which is also freely available as Android App on Google Play Store. Exploiting the vulnerability would have allowed hackers to perform following tasks:
Decrypt messages and read messages
Read and steal contacts
Monitor geographic locations of the phone
Write code or text to the phone's external storage
Enumerate the accounts stored on the device
"Successful exploitation can yield remote code execution with the privileges of the Silent Text application, which runs as a regular Android app, but with some additional system privileges required to perform its SMS-like functionality such as access to contacts, access to location information, the ability to write to external storage, and of course net access," Dowd said.
The vulnerability occurred due to a component known as libscimp — the BlackPhone implementation of the Silent Circle Instant Messaging Protocol (SCIMP) which runs on the Extensible Messaging and Presence Protocol (XMPP) — that contained a type of memory corruption flaw known as a type confusion vulnerability.
SCIMP is used by the creators of BlackPhone in an effort to create a secure end-to-end encryption channel between people sending text messages. It also handles the transportation of the encrypted data through the channel.
Now, this SCIMP implementation supplied with SilentText contains a type confusion vulnerability, typically allowing attackers to "directly overwrite a pointer in memory (either partially or in full), which when successfully exploited can be used to gain remote, unauthenticated access to the vulnerable device."
Dowd has given a solid technical description on his blog, so you may refer his blog post for more detailed explanation about the critical vulnerability.
The vulnerability has since been patched, but it is a powerful reminder for those who, no doubt, did a lot of things right to provide strong encryption to its users, but in this era of more complex software and advanced hacking, there is no such guarantee that your product can not be hacked.

Post has attachment
Chinese Spies Stole Australia’s New F-35 Lightning-II fighter Jet Design, Snowden Reveals..

The latest document release by Edward Snowden revealed the industrial-scale cyber-espionage operation of China to learn the secrets of Australia's next front-line fighter aircraft – the US-built F-35 Joint Strike Fighter (JSF).
Chinese spies stole "many terabytes of data" about the design of Australia’s Lockheed Martin F-35 Lightning II JSF, according to top secret documents disclosed by former US National Security Agency intelligence contractor Edward Snowden to German magazine Der Spiegel.
Chinese spies allegedly stole as much as 50 terabytes of data, including the details of the fighter’s radar systems, engine schematics, "aft deck heating contour maps," designs to cool exhaust gases and the method the jet uses to track targets.
So far, the F-35 Lightning II JSF is the most expensive defence project in the US history. The fighter aircraft, manufactured by US-based Lockheed Martin, was developed at a cost of around $400 billion (£230 billion).Beijing likely used the stolen information from American intelligence through espionage to help develop its latest "fifth-generation" fighters, military experts told the Morning Herald.
The Chengdu J-20 and China’s most advanced fighter jet, the Shenyang J-31 Falcon Hawk, have been extensively influenced by design information stolen from the US. The Falcon Hawk has roughly the same appearance as the F-35.
The disclosed documents reportedly confirm that the Australian government was informed of the cyber-espionage and aware of the "serious damage" caused due to the breach relating to development of the F-35 JSF.
The main data breach was believed to have taken place at the prime contractor, Lockheed Martin, in 2007, before orders for the F-35 Lightning II placed by Australia and Japan. However, in June 2013, Defense Department acquisitions chief Frank Kendall told the US Senate that he was "reasonably confident" that F-35 data was now better protected.The Snowden documents also revealed the NSA spying operation on China’s espionage agencies. According to the documents, the NSA hacked into the computer of a senior Chinese military official and stole information about Chinese intelligence targets in the US government and other foreign governments.
Among the sensitive military technologies and data stolen included in the breach was information relating to the B-2 stealth bomber; the F-22 Raptor stealth fighter; nuclear submarine and naval air-defence missile designs; and tens of thousands of military personnel records.

Post has attachment
FBI Director says 'Sloppy' Sony Hackers Left Clues that Point to North Korea..

The hackers group responsible for the last year’s largest hacking attack on Sony Pictures Entertainment left many clues which proves that the Sony's hackers, who called themselves Guardians of Peace (GOP), linked to North Korea, as claimed by the Federal Bureau of Investigation (FBI).
Speaking at the International Conference on Cyber Security (ICCS) at Fordham University in New York on Wednesday, the director of the FBI defended his bureau's claim and said that the North Korean government was involved in the massive cyber attack against Sony Pictures – saying skeptics "don't have the facts that I have."
"There's not much I have high confidence about," James Comey said, as reported by the FBI New York field office's official Twitter feed. "I have very high confidence... on North Korea."
According to Comey, the hackers usually relied on proxy connections to hide their real IP address each time they sent threatening emails and made other statements; but unfortunately on some occasions they failed to follow precaution.During those occasions, the hackers "got sloppy" and forgot to route their connection, revealing their own IP addresses, which were used exclusively by North Korean government. This clearly indicates that the North-Koreans are behind the cyber attack on Sony Pictures. Previously when the FBI linked the Sony Pictures incident to North Korea, it didn’t provide exact evidence. But on Wednesday, the FBI boss offered the most detailed explanation about the cyber attack yet of the government's reasoning, giving law enforcement a "very clear indication of who was doing this." Previously the hacker group also gave hint when it demanded Sony to cancel the release of "The Interview" — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un, citing terror threats against movie theatres. So far, it is unclear how the attackers penetrated Sony Pictures' network. However, Comey said that FBI was still investigating how the hackers got the way into the network that helped them to fetch huge amount of confidential data, but he also noted that the company had been targeted by "spear phishing" campaigns—including one that occurred in September. The FBI director also reaffirmed his concerns about the widely use of encryption on mobile devices, which would indirectly allow every individuals to "go dark" and avoid law enforcement surveillance. This would made it impossible for law enforcement to find out bad actors. "There are significant public safety issues here (and) we need to talk about it," Comey said. 

Post has attachment
Thunderstrike — Infecting Apple MacBooks with EFI Bootkit via Thunderbolt Ports

A security researcher has discovered an easy way to infect Apple’s Macintosh computers with an unusual kind of malware using its own Thunderbolt port.
The hack was presented by programming expert Trammell Hudson at the annual Chaos Computer Congress (30C3) in Hamburg Germany. He demonstrated that it is possible to rewrite the firmware of an Intel Thunderbolt Mac.
The hack, dubbed Thunderstrike, actually takes advantage of a years-old vulnerability in the Thunderbolt Option ROM that was first disclosed in 2012 but is yet to be patched. Thunderstrike can infect the Apple Extensible Firmware Interface (EFI) by allocating a malicious code into the boot ROM of an Apple computer through infected Thunderbolt devices.
The hack is really dangerous as, according to the researcher, there is no means for the user to detect the hack, or remove it even by re-installation of the complete OS X, only because the malicious code actually is in the system’s own separate ROM.
"Since the boot ROM is independent of the operating system, reinstallation of OS X will not remove it. Nor does it depend on anything stored on the disk, so replacing the hard drive has no effect. A hardware in-system-programming device is the only way to restore the stock firmware."
Hudson also showed that he could replace Apple's own cryptographic key with a new one, which will prevent legitimate firmware updates from being accepted.
"There are neither hardware nor software cryptographic checks at boot time of firmware validity, so once the malicious code has been flashed to the ROM, it controls the system from the very first instruction," Trammell Hudson said. "It could use SMM and other techniques to hide from attempts to detect it."
In addition to writing a custom code to the boot ROM, Hudson’s presentation also notes a method by which the bootkit could replicate itself to any attached Thunderbolt device, giving it the ability to spread across even air-gapped networks.
In short, an attacker could use the vulnerable Thunderbolt port to install a custom bootkit, which could even replicate itself to any other Thunderbolt-attached device, thereby spreading all over across the networks.
You can watch the entire presentation given by Hudson below and can also refer this blog post to know more about Thunder strike.As far as Hudson knows, there are no Mac firmware boot kits in the wild and at this time, it exists only as a proof-of-concept. So, we can presume that the vulnerability can only be exploited if the attacker has physical access to the Thunderbolt Mac. Therefore, a regular Mac user need not to worry about the hack.
Apple has already patched part of the vulnerability in the latest Mac mini and on the iMac with 5K Retina Display, which will soon be available for other Macs.
Wait while more posts are being loaded