Apple Inc. is the king of premium tech products and its success in the high-end tech market remains unrivaled. In April, Apple opened up pre-orders of the Apple Watch along with the launch of a new MacBook. The new laptop sold out on the very day its order opened, a clear statement that users are smitten with the new MacBook.
One of the reasons behind the undying love for MacBook apart from its premium specs is the quality of its perceived security relative to PCs. Apple usually touts that its Macs are not at the risk of known PC firmware attacks. However, Apple might be falling off its high horse as some security researchers reveal serious vulnerabilities in Mac computers.
MacBook Malware is Nasty
Earlier this year Researchers Xeno Kovah and Corey Kallenberg of LegbaCore and Trammell Hudson of Two Sigma Investments showed that Macs are also at risk of malware attacks. The experts said they infect a Mac’s firmware with malware with the use of malicious devices via Thunderbolt, Apple’s high-speed data transfer interface. They aptly named the attack the Thunderstrike.
Now, the experts have unveiled deeper vulnerabilities in Macs as they plan to unveil Thunderstrike 2 on Thursday. Thunderstrike 2 shows that a malware attack on MacBook can spread to other Macs (even if they are isolated) through the use of computer peripherals. The nasty part of the malware attack is that it can remain unseen and it can even survive a whole system reboot.
In Kovah’s words, “People are unaware that these small cheap devices can actually infect their firmware… If people don’t have awareness that attacks can be happening at this level then they’re going to have their guard down and an attack will be able to completely subvert their system.”
Apple Weakness Might Strengthen Microsoft
Apple apparent security flaws might turn out to be another selling point for Microsoft’s new Windows 10. Microsoft is already setting the pace for Apple with Windows 10 and the fact that Macs are not any safer than PCs might cause Apple fans sitting on the fence to cross over to the PC.
In Kovah’s word, “People hear about attacks on PCs and they assume that Apple firmware is better… So we’re trying to make it clear that any time you hear about EFI firmware attacks, it’s pretty much all x86 [computers]”. If Macs are as weak as PCs, there is not much point in shelling out a premium for Macs for people whose computing needs could be met by a PC or MacBook.
It remains to be seen how Apple will respond to the weakness in the Macbook. The six bugs that makes the Mac unsafe have been found in HP, Lenovo, Dell, and Samsung PCs – now five of those bugs are present in Macbooks. In an interview with Wired, Kovah says, Apple has “fully patched one and partially patched the other. But three of the weak points remain unpatched”.
Robert Hackett, writing for Fortune sums it up all nicely in his opening statement, ” if you think Apple computers are safer than their Windows-powered cousins, think again.”