Remember Thunderstrike 2? Last summer, Xeno Kovah and Trammell Hudson unveiled several known vulnerabilities affecting the Mac firmware and letting malware creators update the firmware without any way to reset it to its factory status — you’d need to reflash the firmware chip. And it looks like Apple didn’t just fix the vulnerability — it has also hired LegbaCore co-founders Kovah and Corey Kallenberg to work on security.
Thunderstrike 2 infected Thunderbolt devices like Ethernet adaptors or external DVD drives. If you reboot your Mac with an infected Thunderbolt device plugged in, the Mac firmware will execute the option ROM on the Thunderbolt accessory before booting OS X. It lets malware creators insert malicious code in the firmware.
The best part is that the accessory remains infected, letting someone infect as many Macs as they want. It was a powerful demo and the team alerted Apple has soon as possible.
In November 2015, Hudson from Two Sigma revealed that Apple had acquired LegbaCore at the 32C3 conference. Kovah also confirmed that he was working for Apple now:
Since then, LegbaCore has stopped accepting new customers for its security consultancy activity.
It’s unclear whether it’s an acqui-hire or Apple just hired the two persons behind LegbaCore. In both cases, it looks like Kovah and fellow LegbaCore co-founder Corey Kallenberg can’t continue working on LegbaCore and are now working for Apple full time.
And it makes sense that Apple would hire these security experts. Many tech companies hire hackers to fix security holes before they become public. It’s a great way to make sure that your products remain as secure as possible.
Via Mac Rumors