Apple hires firmware security experts who worked on Thunderstrike 2 exploit

Posted:
in General Discussion edited February 2016
Apple recently added a pair of firmware security experts to its ranks when it hired the team behind "deep system security" startup LegbaCore in November, an apparent effort to bolster platforms like iOS and OS X.




Former LegbaCore cofounders Xeno Kovah and Corey Kallenberg were brought on by Apple to work on unknown projects, according to tweets Kovah posted over the past few months. The hires were revealed in a December presentation by security researcher Trammell Hudson, who discovered the Thunderbolt-based Thunderstrike vulnerability in 2014 and worked to create the subsequent Thunderstrike 2 proof-of-concept with LegbaCore in August.

Thunderstrike took advantage of a documented flaw in Thunderbolt Option ROM to insert nefarious EFI boot ROM code on any Mac with a Thunderbolt port. The follow-up Thunderstrike 2, based on code from LegbaCore research, used the same attack vectors, but installed a worm capable of replicating and transferring itself between Macs.

Initially reported by MacRumors as an acquisition, it is more likely that LegbaCore simply shut down operations after Kovah and Kallenberg accepted jobs at Cupertino. LegbaCore had no valuable IP or tangible assets associated with its name.

The timing of Kovah's tweets suggest Apple took notice of his work after the Thunderstrike 2 presentation and ultimately hired both LegbaCore cofounders in November. In a subsequent tweet, Kovah said they were working on "low level security" projects, but had yet to be given official titles.







Comments

  • Reply 1 of 5
    This is a good move by Apple.  Low level security issues can be a critical pathway to vulnerabilities.   I'm glad that Apple is taking security and privacy so seriously.
    brian greencalibestkeptsecretlostkiwipalomineai46lolliver
  • Reply 2 of 5
    Rayz2016Rayz2016 Posts: 4,603member
    Interesting. 

    As as many have said, Apple acquires talent, not companies. 

    ai46
  • Reply 3 of 5

    Kovah looks way dodgy

  • Reply 4 of 5
    lkrupplkrupp Posts: 7,088member
    Was Thunderstrike ever observed in the wild? Was there an actual, authenticated case of the exploit compromising a Thunderbolt equipped machine?
    cornchipai46
  • Reply 5 of 5
    lkrupp said:
    Was Thunderstrike ever observed in the wild? Was there an actual, authenticated case of the exploit compromising a Thunderbolt equipped machine?
    Are you asking out of curiosity or out of relevance?

    A certain government-organization-that-must-not-be-named, and organized crime rings, actively look for exploits to steal data. By "steal" I mean to take without your knowledge and/or permission. 

    If I were a company that was very serious about keeping a promise to protect your data, then yes, I would hire people who would know the ins and outs of my systems, and ask them to be white hat vulnerability researchers. 
Sign In or Register to comment.