Skip to main content

Mac Thunderbolt Hack Could Leave Your Computer Vulnerable

By January 5, 2017March 1st, 2023Cybersecurity

macxthunderboltDo you use any sort of Thunderbolt device on your Mac? If you do, and you haven’t been keeping your OS up to date, you’ll definitely want the latest security patch. Recently, a security researcher named Ulf Fisk found a devastating security flaw that allows a corrupted Thunderbolt device to gain complete access to your system.

This is actually possible thanks to a pair of security flaws.

The corrupted device opens its attack by forcing the computer it is attached to into a reboot mode. This is crucial, because it reveals the computer’s first vulnerability. Mac’s do not protect themselves from DMA (Direct Memory Access) attacks before the computer is started.

The second flaw is more egregious, and it is that Apple’s encryption technology, FileVault, keeps its password stored in plain text in memory. It is not scrubbed when the disk is unlocked.

Apple does take some steps to keep the password from the hands of hackers because it can be stored in multiple locations and moves after each reboot. Unfortunately, a bit of reverse engineering of the system will reveal all possible storage locations, at which point it will be an easy matter to simply intercept the password, use it to unlock the system and gain complete access.

Apple moved quickly to patch the flaw, but this recent revelation underscores the fact that hackers are increasingly targeting Apple’s desktop ecosystem.

While it’s true that Apple computers tend to be somewhat more secure than their Windows-based counterparts, no system is perfect. For years, the company skated under the radar simply because Windows-based PCs were so much more numerous. That is changing, thanks to Apple’s dominance in the smartphone market, and it makes it more important than ever for Mac users to pay more attention to security issues than they have in the past.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.