ThunderStrike 2: Sith Strike presented at Defcon 2015

by Xeno Kovah, Corey Kallenberg, Trammel Hudson,

Summary : The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising over the past few years. Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform. Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable.
This talk will provide conclusive evidence that Mac's are in fact vulnerable to many of the software only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of.
Trammell Hudsonenjoys taking things apart and understanding how they work. He presented the Thunderstrike firmware vulnerability at 31C3, created the Magic Lantern firmware for Canon cameras, and teaches classes at the Brooklyn hackerspace NYC Resistor.