Macs Vulnerable To Virus - not Removable

Message boards : Number crunching : Macs Vulnerable To Virus - not Removable
Message board moderation

To post messages, you must log in.

AuthorMessage
Profile Cliff Harding
Volunteer tester
Avatar

Send message
Joined: 18 Aug 99
Posts: 1432
Credit: 110,967,840
RAC: 67
United States
Message 1627114 - Posted: 13 Jan 2015, 12:31:58 UTC

Saw this on one of my favorite sites this morning. The Guru of 3D site is highly reliable and I would suggest that all mac users take note.

http://www.guru3d.com/news-story/macs-vulnerable-to-virus-is-not-removable.html


I don't buy computers, I build them!!
ID: 1627114 · Report as offensive
TBar
Volunteer tester

Send message
Joined: 22 May 99
Posts: 5204
Credit: 840,779,836
RAC: 2,768
United States
Message 1627127 - Posted: 13 Jan 2015, 13:08:26 UTC - in response to Message 1627114.  
Last modified: 13 Jan 2015, 13:09:26 UTC

Uh, did you read this part?
Hudson discovered that he could use a modified Apple gigabit Ethernet Thunderbolt adapter to carry out the attack.

This would be similar to You letting someone sit down and Flash a new BIOS onto your machine. How likely do you suppose that is?

This reminds me of someone posting on the Apple board about how he had been Hacked. Come to find out, he had let an advanced UNIX user sit at his keyboard and gave him the password. The NIX guy installed a backdoor to the machine why the owner was sitting there watching him...didn't have a clue about what the guy was doing.

I don't even have a Thunderbolt port and certainly would Not let a stranger near it if I did. Most people that have the ports never even use it.
ID: 1627127 · Report as offensive
Profile Woodgie
Avatar

Send message
Joined: 6 Dec 99
Posts: 134
Credit: 89,630,417
RAC: 55
United Kingdom
Message 1627132 - Posted: 13 Jan 2015, 13:15:54 UTC - in response to Message 1627114.  
Last modified: 13 Jan 2015, 13:21:35 UTC

Saw this on one of my favorite sites this morning. The Guru of 3D site is highly reliable and I would suggest that all mac users take note.

http://www.guru3d.com/news-story/macs-vulnerable-to-virus-is-not-removable.html


As with all things Cyber Security related I think this needs to be understood in context.

Absolutely this is a potential horror story, I don't deny it and I am not trying to come across as an Apple apologist (though full disclosure, my everyday job is IT Manager of a large Mac network) but in mitigation, the original attack needed unfettered access to the machine and enough time to disassemble it to access chips directly on the logic board.

Fair enough, the subsequent attack can use a modified Thunderbolt device. This is indeed easier to use but not necessarily to implement as it would involve an understanding of how to access the PCIe bus and write firmware to the ROMs at a very low level. Get that part wrong and you're at best not going to get the results you want and at worst the machine will fail to boot causing the user to either have the logic board replaced or get a new computer. Annoying for them to be sure but a complete failure to launch for the potential villain.

Yes, there will now no doubt come a time when Thunderbolt RootKits are available to Joe Skriptkiddie but by then the hole will largely have been patched and some new vulnerability will be the latest-greatest thing.

Security is all about risk mitigation. While I agree the attack is not good I think there are things like Heartbleed and Poodle which are far more likely to cause problems in your everyday lives.

Also, please don't think I'm dismissing Cyber Security entirely! I certainly am not. I'm just saying I have far more luck with Social Engineering than I ever do with 'hacking'.

[edit for spelling x2]
~W

ID: 1627132 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1627177 - Posted: 13 Jan 2015, 14:48:36 UTC - in response to Message 1627132.  

The real danger here hasn't been posted yet. Joe Gambling Debt works at the Thunderbolt device maker. He takes the cash to change the ROM image that is placed in every device off his production line. As long as the Nation State behind this has done their job there aren't going to be any crashes from bad code. Now they have unfettered access to your security keys, and you haven't a clue. That is the real danger in this hack, or the same for the USB interface hack. Do you trust the maker of the device you are about to plug in from the factory sealed box?
ID: 1627177 · Report as offensive
Profile Woodgie
Avatar

Send message
Joined: 6 Dec 99
Posts: 134
Credit: 89,630,417
RAC: 55
United Kingdom
Message 1627191 - Posted: 13 Jan 2015, 15:12:56 UTC - in response to Message 1627177.  

The real danger here hasn't been posted yet. Joe Gambling Debt works at the Thunderbolt device maker. He takes the cash to change the ROM image that is placed in every device off his production line. As long as the Nation State behind this has done their job there aren't going to be any crashes from bad code. Now they have unfettered access to your security keys, and you haven't a clue. That is the real danger in this hack, or the same for the USB interface hack. Do you trust the maker of the device you are about to plug in from the factory sealed box?


That is true but again, while it IS possible I think it unlikely. Especially if the manufacturer has half decent QC in place.

That's not to say it can't happen, you could have a company whose sole purpose is to produce rooted devices. An extreme example of this is all the fake Cisco kit which hit the market a few years ago, imagine the implications THAT has!
~W

ID: 1627191 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1627307 - Posted: 14 Jan 2015, 6:11:44 UTC - in response to Message 1627191.  

Especially if the manufacturer has half decent QC in place.

Like Sony's IT department.
ID: 1627307 · Report as offensive
TBar
Volunteer tester

Send message
Joined: 22 May 99
Posts: 5204
Credit: 840,779,836
RAC: 2,768
United States
Message 1627749 - Posted: 15 Jan 2015, 1:34:00 UTC

Well, there are already manufactures who deliberately snoop on you. So, we've already passed that point.

This USB wall charger secretly logs keystrokes from Microsoft wireless keyboards nearby
Privacy and security researcher Samy Kamkar has released a keylogger for Microsoft wireless keyboards cleverly hidden in what appears to be a rather large, but functioning USB wall charger. Called KeySweeper, the stealthy Arduino-based device can sniff, decrypt, log, and report back all keystrokes — saving them both locally and online....
http://venturebeat.com/2015/01/12/this-usb-wall-charger-secretly-logs-keystrokes-from-microsoft-wireless-keyboards-nearby/
If it has the ability to send the data online, it's not a stretch to imagine who is on their cc: list. Heck there doesn't need to be a cc: list, we know the No Such Agency can intercept All net traffic.
ID: 1627749 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1627795 - Posted: 15 Jan 2015, 4:49:30 UTC - in response to Message 1627749.  

Well, there are already manufactures who deliberately snoop on you. So, we've already passed that point.

This USB wall charger secretly logs keystrokes from Microsoft wireless keyboards nearby
Privacy and security researcher Samy Kamkar has released a keylogger for Microsoft wireless keyboards cleverly hidden in what appears to be a rather large, but functioning USB wall charger. Called KeySweeper, the stealthy Arduino-based device can sniff, decrypt, log, and report back all keystrokes — saving them both locally and online....
http://venturebeat.com/2015/01/12/this-usb-wall-charger-secretly-logs-keystrokes-from-microsoft-wireless-keyboards-nearby/
If it has the ability to send the data online, it's not a stretch to imagine who is on their cc: list. Heck there doesn't need to be a cc: list, we know the No Such Agency can intercept All net traffic.

If they can read keystrokes, I'm sure with just a hare more tinkering they can send keystrokes too. Then you could remote order a computer to download and install a nice rootkit, when your target is away.
ID: 1627795 · Report as offensive
Profile Woodgie
Avatar

Send message
Joined: 6 Dec 99
Posts: 134
Credit: 89,630,417
RAC: 55
United Kingdom
Message 1633519 - Posted: 27 Jan 2015, 12:34:23 UTC

ID: 1633519 · Report as offensive

Message boards : Number crunching : Macs Vulnerable To Virus - not Removable


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.