Apple has hired two security researchers who previously worked on viruses targeting Mac computers.
LegbaCore founder Xeno Kovah revealed on Twitter in November that he and his partner, Corey Kellenberg, had been hired by Apple to do "low level security." The move went unnoticed until another security researcher revealed it during a presentation at a security conference in December.
LegbaCore was best known for developing a proof-of-concept virus-worm hybrid called Thunderstrike 2 that targeted Mac computers. The worm that Kovah developed was able to spread from MacBook to MacBook, even if the computers were not connected to the Internet.
interesting (and no-doubt unexpected) fact: today was @coreykal and my first day as full time employees of Apple!— Xeno Kovah (@XenoKovah) November 10, 2015
As we were having discussions with Apple in the wake of our presentation this summer...— Xeno Kovah (@XenoKovah) November 10, 2015
...it became clear that Apple had some *very* interesting and highly impactful work that we could participate in— Xeno Kovah (@XenoKovah) November 10, 2015
What did Apple hire us to do? We can’t say. :) Well, we can probably say something like “low level security” (I don’t know our job titles)— Xeno Kovah (@XenoKovah) November 10, 2015
"[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware," Kovah told Wired in July.
Kovah's worm virus was the first to attack Macs at the firmware level, according to Wired, which means it targeted the software that boots up before the computer's primary operating system, OS X. It's a valuable kind of attack because it usually can't be detected by antivirus and other security software.
After Thunderstrike 2 installed itself on a target's computer, it could spread to certain peripherals, such as a Apple-branded Thunderbolt Ethernet adapter, which would then spread the virus to other Macs it was plugged into.
But instead of exploiting their findings or selling it to the highest bidder, Kovah and team notified Apple of the vulnerabilities, which have since been fully patched. Although Apple does not pay "bug bounties" to researchers for finding security problems, the high road seems to have worked out for the founders of LegbaCore.