Apple hires firmware security experts who worked on Thunderstrike 2 exploit
Apple recently added a pair of firmware security experts to its ranks when it hired the team behind "deep system security" startup LegbaCore in November, an apparent effort to bolster platforms like iOS and OS X.
Former LegbaCore cofounders Xeno Kovah and Corey Kallenberg were brought on by Apple to work on unknown projects, according to tweets Kovah posted over the past few months. The hires were revealed in a December presentation by security researcher Trammell Hudson, who discovered the Thunderbolt-based Thunderstrike vulnerability in 2014 and worked to create the subsequent Thunderstrike 2 proof-of-concept with LegbaCore in August.
Thunderstrike took advantage of a documented flaw in Thunderbolt Option ROM to insert nefarious EFI boot ROM code on any Mac with a Thunderbolt port. The follow-up Thunderstrike 2, based on code from LegbaCore research, used the same attack vectors, but installed a worm capable of replicating and transferring itself between Macs.
Initially reported by MacRumors as an acquisition, it is more likely that LegbaCore simply shut down operations after Kovah and Kallenberg accepted jobs at Cupertino. LegbaCore had no valuable IP or tangible assets associated with its name.
The timing of Kovah's tweets suggest Apple took notice of his work after the Thunderstrike 2 presentation and ultimately hired both LegbaCore cofounders in November. In a subsequent tweet, Kovah said they were working on "low level security" projects, but had yet to be given official titles.