Thunderstrike 2: Mac firmware worm details

This is the annotated transcript of our DefCon 23/BlackHat 2015 talk, which presented the full details of Thunderstrike 2, the first firmware worm for Apple’s Macs that can spread via both software or Thunderbolt hardware accessories and writes itself to the boot flash on the system’s motherboard. The original slides are available.

While I think it’s unlikely this worm will pose any real threat in the real world, I find it amazing that we’re living in a world where this is possible in the first place.


  1. 2015-08-11 11:34 pm
    • 2015-08-12 3:05 am
  2. 2015-08-12 2:28 am
    • 2015-08-12 4:56 am
    • 2015-08-12 5:15 am