Some Apple Macs have a particularly terrible flaw that lets
hackers sneak in and remain undetected, a security researcher has found.
It means a hacker could -- from far away -- force a Mac into
a coma. Personal, corporate or government Macs could be spied on in a way that
even the best security checks wouldn't discover -- until it's way too late.
"This is scary," said Sarah Edwards, a forensic
analyst at the SANS Institute who specializes in reviewing computers for
evidence of hacks. "I would never see this. There could be funky stuff
going on in the computer system, and I would never know why."
What makes this one so bad? It's a computer bug that runs
especially deep in the machine.
All computers have some kind of basic input/output system
(BIOS), the core program that brings a machine to life. It's the kind of thing
you should never tamper with. And it should obviously remain heavily guarded.
But Macs purchased one year ago or before, apparently, leave
a door open.
When a Mac goes into sleep mode and wakes back up, it allows
direct access to the BIOS. It's a weird quirk that lets someone tamper with the
code there. That's what was discovered recently by Pedro Vilaça, a curious
independent computer security researcher in Portugal.
He revealed this vulnerability publicly in a blog post last
Friday. He told CNNMoney he alerted Apple directly soon thereafter.
Apple (AAPL, Tech30) did not respond to questions about this
flaw -- nor would it say when it plans to release an update to fix it.
Several cybersecurity experts confirmed to CNNMoney that
this is a real problem, and they plan to research further in the next few
weeks.
This isn't an easy hack. An attacker first needs
administrative access to a machine. But what this means is that if a Mac gets
hacked with a low-level computer virus, it can bury so deep you'll never find
it.
That's the real problem here. It gives hackers more time to
plot a massive bank heist or a huge corporate takedown, like the Sony Pictures
hack.
So, who's in real danger? High-value targets: think company
executives, bankers, politicians, the wealthy, journalists, or anyone else
worth spying on for a long period of time.
The average Mac user doesn't have to worry about this one,
because they're actually susceptible to cheaper, easier hacks -- that are
easier to spot and fix. So says Katie Moussouris, an executive at HackerOne,
which helps companies fix dangerous computer bugs.
Tod Beardsley, a security research manager at cybersecurity
firm Rapid7, stressed that most Mac users aren't likely to get hacked because
of this bug. He said the flaw is "certainly surprising ... but the bar of
difficulty is pretty high."
This is the second major flaw in Apple devices discovered in
the last week. Recently, people discovered that you can crash someone's iPhone
simply by sending it a text message.
Vilaça decided not to name this bug. But every major
computer flaw nowadays deserves a name. Given that it involves a poisonous kiss
that wakes a sleeping Mac, Moussouris suggests this one: Prince Harming.
Original Source: http://money.cnn.com/2015/06/03/technology/mac-bug/
No comments:
Post a Comment