Physical malware—what is it, exactly?

When you buy a used computer, the first thing to do is run the system utilities

from the install-restore DVD media or from Recovery (or online utilities if none)

or buy replacement DVDs for the computer (last system on DVD 10.6.3) if it

had any, from Apple... And totally secure erase, reformat and reinstall a new

OS X system into the computer, which would resolve older items stored there.

•Tech Guides:

http://www.thesafemac.com/tech-guides/

That also gets rid of the former user content. However be sure to correctly identify

the computer before you invest in update and upgrade in hardware & system OS X.

Good luck & happy computing! 🙂

Lately there are talks about a compromised firmware (EFI) that may give hackers access to your computer, even formatting the disk and clean install OSX does not help against that one says. I don't think it is already spread, you may read about it here:

http://www.hackmac.org/forum/forum/19-efi-firmware/

I think you do not have to worry about it.

There are said to be more possibilities to infect firmware/hardware:

Thunderstrike is one of them. There are also hacked routers seen and thunderbolt screens, and such. it is relatively new. In general I concluded that for Mac it seems to be very unlikely that one gets infected.

Of course all sorts of malware can be installed by someone who has physical access. But most of the time that it gets on a computer because the owner installs it (unknowingly) him self: If you download softwares with a torrent downloader, first of all the torrent downloader app is not safe and could have a connection to malware, but more often the software that is downloaded has malware built in in the installer of that software, for example you download Photoshop that is stolen or hacked with a key generator, and while installing there gets malware on your computer. This is common practice. That is why I always propose to get rid of uTorrent, bittorrent and so on, and uninstall the so downloaded software, then do a scan with ClamXav, and run Adwaremedic.

Lex

egg151 wrote:

1. What are some examples of this physical ~malware that I could be up against? I read a little about keyloggers, but not sure what else is even out there.

There are two things I can think of that could be referred to as "physical malware." One is malware installed into the firmware. This is difficult to do, but an experienced and knowledgeable hacker can sometimes figure out how to do it given physical access. Thunderstrike is an example, though the vulnerability has been closed, and I'm not aware of any other way to do the equivalent on a modern Mac. That doesn't mean that it's impossible for other methods to exist, but it's unlikely a Mac purchased on eBay would have this done to it. It would be too much work to aim at a random target.

The other is to actually make some kind of physical modifications to the hardware of the computer for malicious purposes. This is something that only a very knowledgeable hardware hacker would be able to do, and the work and expense would be unlikely to be worthwhile for a Mac that was going to be sold to a random stranger on eBay.

In all, it's very unlikely that you have to worry about this... but nobody can say the chances are zero. I'd say, for all practical purposes, though, that you could consider it to be zero.

2. What can I do to get rid of this malware, if there even is any?

For the malicious modifications described above, the only solution may be to replace the machine.

When it comes to the more likely conventional "software" malware, the only reliable way to be rid of it is to erase the hard drive and reinstall everything from scratch. This is one reason why this is the first thing you should do with any machine bought second-hand. Regardless of what the seller says he/she has done with the machine, you should always erase a used Mac's hard drive before you begin using it.

Thanks Thomas, I was hoping you would jump in 😎

Lex