According to AppleInsider, Apple recently added a pair of firmware security experts to its ranks when it hired the team behind "deep system security" startup LegbaCore in November, “an apparent effort to bolster platforms like iOS and OS X.”
Former LegbaCore cofounders Xeno Kovah and Corey Kallenberg were brought on by Apple to work on unknown projects, the article adds. Earlier this year, security engineer Trammell Hudson developed and showed off a proof-of-concept firmware called Thunderstrike. The malware could hitch a ride on Thunderbolt-connected accessories that used Option ROMs and infect any Mac it was connected to at boot.
The infected Mac could then pass the malware to other accessories, which could infect other computers. Apple addressed the bug in OS X 10.10.4
According to its website, LegbaCore is a security consultancy focused on:
- Enterprise firmware vulnerability situational awareness and remediation;
- Detection and forensic analysis of suspicious firmware;
- Security audits of existing products and capabilities;
- Training courses focused on low level platform security analysis;
- Research and development of trusted computing capabilities to improve security and trust at the lowest levels of the system.