Hackers Who Created The First Mac Firmware Virus Hired By Apple
In an effort to ramp up its firmware security efforts, Apple has hired dual confidence researchers who formerly worked on viruses targeting Mac computers. It is believed that LegbaCore founder Xeno Kovah, and his partner Corey Kallenberg, are working full time in Cupertino to improve Apple’s firmware security.
In November, Kovah suggested on Twitter that he and his partner, Kellenberg, had been hired by Apple to do “low turn security.” The pierce went neglected until MacRumors reported that security analyst Trammell Hudson disclosed this takeover during the 32nd Chaos Communication Congress (32C3) in December, even though it wasn’t confirmed back then. However, Kovah posted numerous tweets that confirm that he is working in Cupertino now.
LegbaCore was best known for developing a proof-of-concept virus-worm hybrid called Thunderstrike 2 that targeted Mac computers. The worm that Kovah developed was able to spread from MacBook to MacBook, even if the computers were not connected to the Internet.
interesting (and no-doubt unexpected) fact: today was @coreykal and my first day as full time employees of Apple!
— Xeno Kovah (@XenoKovah) November 10, 2015
As we were having discussions with Apple in the wake of our presentation this summer…
— Xeno Kovah (@XenoKovah) November 10, 2015
…it became clear that Apple had some *very* interesting and highly impactful work that we could participate in
— Xeno Kovah (@XenoKovah) November 10, 2015
What did Apple hire us to do? We can’t say. 🙂 Well, we can probably say something like “low level security” (I don’t know our job titles)
— Xeno Kovah (@XenoKovah) November 10, 2015
“[The conflict is] unequivocally tough to detect, it’s unequivocally tough to get absolved of, and it’s unequivocally tough to strengthen opposite something that’s using inside a firmware,” Kovah told Wired in July.
According to Wired, Kovah’s worm virus was the first to attack Macs at the firmware level, which means it targeted the software that boots up before the computer’s primary operating system, OS X. It’s a valued kind of attack because it usually can’t be detected by antivirus and other security software.
The virus could spread to certain peripherals such as an Apple-branded Thunderbolt Ethernet adapter, after Thunderstrike 2 installed itself on a target’s computer, which would then spread the virus to other Macs it was plugged into.
Thankfully, Kovah and his team informed Apple of the vulnerabilities, and these have been patched up since. Even though Apple does not compensate “bug bounties” to researchers for anticipating confidence problems, it seems to found a suitable job for the founders of LegbaCore. With Kovan and his team on board, looks like the Mac platform is going to be more secure than ever before from the threats of firmware modification and malware.
