Apple hires firmware security experts who worked on Thunderstrike 2 exploit
Apple recently added a pair of firmware security experts to its ranks when it hired the team behind "deep system security" startup LegbaCore in November, an apparent effort to bolster platforms like iOS and OS X.
Former LegbaCore cofounders Xeno Kovah and Corey Kallenberg were brought on by Apple to work on unknown projects, according to tweets Kovah posted over the past few months. The hires were revealed in a December presentation by security researcher Trammell Hudson, who discovered the Thunderbolt-based Thunderstrike vulnerability in 2014 and worked to create the subsequent Thunderstrike 2 proof-of-concept with LegbaCore in August.
Thunderstrike took advantage of a documented flaw in Thunderbolt Option ROM to insert nefarious EFI boot ROM code on any Mac with a Thunderbolt port. The follow-up Thunderstrike 2, based on code from LegbaCore research, used the same attack vectors, but installed a worm capable of replicating and transferring itself between Macs.
Initially reported by MacRumors as an acquisition, it is more likely that LegbaCore simply shut down operations after Kovah and Kallenberg accepted jobs at Cupertino. LegbaCore had no valuable IP or tangible assets associated with its name.
The timing of Kovah's tweets suggest Apple took notice of his work after the Thunderstrike 2 presentation and ultimately hired both LegbaCore cofounders in November. In a subsequent tweet, Kovah said they were working on "low level security" projects, but had yet to be given official titles.
Former LegbaCore cofounders Xeno Kovah and Corey Kallenberg were brought on by Apple to work on unknown projects, according to tweets Kovah posted over the past few months. The hires were revealed in a December presentation by security researcher Trammell Hudson, who discovered the Thunderbolt-based Thunderstrike vulnerability in 2014 and worked to create the subsequent Thunderstrike 2 proof-of-concept with LegbaCore in August.
Thunderstrike took advantage of a documented flaw in Thunderbolt Option ROM to insert nefarious EFI boot ROM code on any Mac with a Thunderbolt port. The follow-up Thunderstrike 2, based on code from LegbaCore research, used the same attack vectors, but installed a worm capable of replicating and transferring itself between Macs.
Initially reported by MacRumors as an acquisition, it is more likely that LegbaCore simply shut down operations after Kovah and Kallenberg accepted jobs at Cupertino. LegbaCore had no valuable IP or tangible assets associated with its name.
The timing of Kovah's tweets suggest Apple took notice of his work after the Thunderstrike 2 presentation and ultimately hired both LegbaCore cofounders in November. In a subsequent tweet, Kovah said they were working on "low level security" projects, but had yet to be given official titles.
Comments
As as many have said, Apple acquires talent, not companies.
Kovah looks way dodgy
A certain government-organization-that-must-not-be-named, and organized crime rings, actively look for exploits to steal data. By "steal" I mean to take without your knowledge and/or permission.
If I were a company that was very serious about keeping a promise to protect your data, then yes, I would hire people who would know the ins and outs of my systems, and ask them to be white hat vulnerability researchers.