Message boards :
Number crunching :
Macs Vulnerable To Virus - not Removable
Message board moderation
Author | Message |
---|---|
Cliff Harding Send message Joined: 18 Aug 99 Posts: 1432 Credit: 110,967,840 RAC: 67 |
Saw this on one of my favorite sites this morning. The Guru of 3D site is highly reliable and I would suggest that all mac users take note. http://www.guru3d.com/news-story/macs-vulnerable-to-virus-is-not-removable.html I don't buy computers, I build them!! |
TBar Send message Joined: 22 May 99 Posts: 5204 Credit: 840,779,836 RAC: 2,768 |
Uh, did you read this part? Hudson discovered that he could use a modified Apple gigabit Ethernet Thunderbolt adapter to carry out the attack. This would be similar to You letting someone sit down and Flash a new BIOS onto your machine. How likely do you suppose that is? This reminds me of someone posting on the Apple board about how he had been Hacked. Come to find out, he had let an advanced UNIX user sit at his keyboard and gave him the password. The NIX guy installed a backdoor to the machine why the owner was sitting there watching him...didn't have a clue about what the guy was doing. I don't even have a Thunderbolt port and certainly would Not let a stranger near it if I did. Most people that have the ports never even use it. |
Woodgie Send message Joined: 6 Dec 99 Posts: 134 Credit: 89,630,417 RAC: 55 |
Saw this on one of my favorite sites this morning. The Guru of 3D site is highly reliable and I would suggest that all mac users take note. As with all things Cyber Security related I think this needs to be understood in context. Absolutely this is a potential horror story, I don't deny it and I am not trying to come across as an Apple apologist (though full disclosure, my everyday job is IT Manager of a large Mac network) but in mitigation, the original attack needed unfettered access to the machine and enough time to disassemble it to access chips directly on the logic board. Fair enough, the subsequent attack can use a modified Thunderbolt device. This is indeed easier to use but not necessarily to implement as it would involve an understanding of how to access the PCIe bus and write firmware to the ROMs at a very low level. Get that part wrong and you're at best not going to get the results you want and at worst the machine will fail to boot causing the user to either have the logic board replaced or get a new computer. Annoying for them to be sure but a complete failure to launch for the potential villain. Yes, there will now no doubt come a time when Thunderbolt RootKits are available to Joe Skriptkiddie but by then the hole will largely have been patched and some new vulnerability will be the latest-greatest thing. Security is all about risk mitigation. While I agree the attack is not good I think there are things like Heartbleed and Poodle which are far more likely to cause problems in your everyday lives. Also, please don't think I'm dismissing Cyber Security entirely! I certainly am not. I'm just saying I have far more luck with Social Engineering than I ever do with 'hacking'. [edit for spelling x2] ~W |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30608 Credit: 53,134,872 RAC: 32 |
The real danger here hasn't been posted yet. Joe Gambling Debt works at the Thunderbolt device maker. He takes the cash to change the ROM image that is placed in every device off his production line. As long as the Nation State behind this has done their job there aren't going to be any crashes from bad code. Now they have unfettered access to your security keys, and you haven't a clue. That is the real danger in this hack, or the same for the USB interface hack. Do you trust the maker of the device you are about to plug in from the factory sealed box? |
Woodgie Send message Joined: 6 Dec 99 Posts: 134 Credit: 89,630,417 RAC: 55 |
The real danger here hasn't been posted yet. Joe Gambling Debt works at the Thunderbolt device maker. He takes the cash to change the ROM image that is placed in every device off his production line. As long as the Nation State behind this has done their job there aren't going to be any crashes from bad code. Now they have unfettered access to your security keys, and you haven't a clue. That is the real danger in this hack, or the same for the USB interface hack. Do you trust the maker of the device you are about to plug in from the factory sealed box? That is true but again, while it IS possible I think it unlikely. Especially if the manufacturer has half decent QC in place. That's not to say it can't happen, you could have a company whose sole purpose is to produce rooted devices. An extreme example of this is all the fake Cisco kit which hit the market a few years ago, imagine the implications THAT has! ~W |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30608 Credit: 53,134,872 RAC: 32 |
Especially if the manufacturer has half decent QC in place. Like Sony's IT department. |
TBar Send message Joined: 22 May 99 Posts: 5204 Credit: 840,779,836 RAC: 2,768 |
Well, there are already manufactures who deliberately snoop on you. So, we've already passed that point. This USB wall charger secretly logs keystrokes from Microsoft wireless keyboards nearby Privacy and security researcher Samy Kamkar has released a keylogger for Microsoft wireless keyboards cleverly hidden in what appears to be a rather large, but functioning USB wall charger. Called KeySweeper, the stealthy Arduino-based device can sniff, decrypt, log, and report back all keystrokes — saving them both locally and online.... http://venturebeat.com/2015/01/12/this-usb-wall-charger-secretly-logs-keystrokes-from-microsoft-wireless-keyboards-nearby/ If it has the ability to send the data online, it's not a stretch to imagine who is on their cc: list. Heck there doesn't need to be a cc: list, we know the No Such Agency can intercept All net traffic. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30608 Credit: 53,134,872 RAC: 32 |
Well, there are already manufactures who deliberately snoop on you. So, we've already passed that point. If they can read keystrokes, I'm sure with just a hare more tinkering they can send keystrokes too. Then you could remote order a computer to download and install a nice rootkit, when your target is away. |
Woodgie Send message Joined: 6 Dec 99 Posts: 134 Credit: 89,630,417 RAC: 55 |
Here's a little update: http://www.macrumors.com/2015/01/26/os-x-10-10-2-thunderstrike-exploit-fix/ ~W |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.