If it takes too long for Apple to fix it, people may start making and selling infection devices.
They're probably already on the next version of the NSA ANT catalog
Too late, and too small a vulnerability (however nasty). I just learned that only one version of OS X is affected (10.10 Yosemite), and, as previously reported, the REMOTE part of the Vulnerability has been patched in 10.10.2 and fortified in 10.10.4. Apparently, the beta builds of 10.11 (El Capitan) are already patched, 'natch.
And I am sure Apple is working hard now on closing the "Evil Maid" vulnerability, too.
Last week, a report from market research firm NPD Group claimed the Apple Watch was partially behind the largest slump in U.S. watch sales since 2008
Apple Watch certainly wasn't the first SmartWatch; but I don't remember any Report like the one from NPD Group until after the Apple Watch was available.
It's not just a "theoretical vulnerability", since the researchers had a proof of concept that was working at Black Hat a few weeks ago. That said, the latest versions of OS X 10.10 and 10.11 both have patches in place that break the proof of concept, and as I recall, the bug that permitted this in the first place was introduced in 10.10, which means that all vulnerable systems already have a patch available to prevent infection.
I didn't catch that this was introduced in 10.10 (Yosemite); so my Mavericks (10.9) and earlier systems are ok then?
No. Systemd is so crappy because it's a bad ripoff of the IDEA behind launchd. Launchd has been booting Macs and doing lotsa other stuff on them pretty much without incident since OSX 10.4 (Tiger). That's about a decade ago.
Thanks for adding "Fumble-fuck around", You make it seem like the thunderbolt connector is hard to use. If the device was plugged in to a macbook already, it would be easier to infect the macbook directly.
Also for your assumption in step two than you'd have to use a laptop. You could use anything you can build a thunderbolt interface on. Like any FPGA with PCI Express interfaces or anything you can connect to a Thunderbolt interface chip, like the Si52131.
I have a MacBook Pro and routinely use the TB Connector to plug in a DVI monitor adapter. I guarantee you that, under the conditions you describe, most humans would not be able to simply stab the male end into the exact spot on the first try, while trying to also be surreptitious.
LOL, you been watching too many spy movies! So you spend several weeks/months Building up and coding/debugging an FPGA and TB chip gadget (and you better hope the protocol isn't too hairy), just so you can infect a few laptops before someone catches you and smashes both you AND your gadget into Raspberry Pie?!? Hilarious!
Seconds, since all you need to to to infect a TB-Ethernet adapter is plug it in to something.
Any thunderbolt device with an Option ROM can be infected in seconds.
citation
So you're postulating that, while someone is present, another person can:
1. Pull out their Ethernet dongle (which presumably has a network cable attached)
2. Fumble-fuck around, trying to surreptitiously Stick the victim's dongle into a waiting infection-donor (which would likely have to be another laptop, probably a Mac)
3. Wait (n) seconds for the dongle to enumerate and get the infection uploaded
4. Pull it back out of the "donor" computer
5. Fumble-fuck around trying to surreptiously plug it back into the victim's laptop (and possibly reconnecting the network cable)...
ALL in a FEW SECONDS, and WITHOUT BEING CAUGHT!?!?!???
Maybe The Flash (no pun) could do it; but for us non -superhumans...
It is cute to do this but when you have hardware access, all bets are off and you could write the EFI regardless. Signing firmware for EFI only makes alternative software and homebrew harder (eg SecureBoot tripe) but doesn't make it any harder to hack
You're right. I wonder if that's why Apple didn't run straight toward that obvious solution?
Never let any of those peripherals out of your sight either! Someone could infect them in just a few seconds of inattention.
No.
Someone could conceivably REPLACE them with already-infected ones, or use already-infected ones nefariously to infect you, in just a few seconds; BUT I'm pretty sure that no one could infect YOUR TB-Ethernet Adapter in "just a few seconds of inattention." A few MINUTES, sure; but not a few seconds.
And remember, this still requires essentially physical access to the machine (or at least the peripheral). For now, it looks like, contingent on the conditions of my first post, above, the REMOTE threat is over.
Someone want to correct me on that, with citations?
Um, Mr Robot took it from ancient (in internet terms anyways) history:
I just took the most recent reference that popped into my head; but at least whoever writes that show has SOME geek-knowledge. That's still (a lot!) better than most.
It'd be real nice if Microsoft paid more attention to isolating software components from the core OS.
I thought that's what the HAL (Hardware Abstraction Layer), part of NT/XP/Vista/Windows 7-10 since I don't know when, was for.
I also thought that NT (like NextStep) was designed to be hardware-agnostic from the ground up. Heck, there was even an (unreleased?) version of NT for PowerPC (and I think they had it running on PowerMac 6100s, too).
And what do I do to stay unscrewed? a serious question from a Macbooker./I'm expecting much hate but some wisdom embedded in the barbs
It looks like if you are either:
1. An owner of a Mac MANUFACTURED after June, 2014; and/or,
2. Running at least OS X 10.10.4
You are safe from any REMOTE Thunderstrike(2) Attacks.
HOWEVER, you STILL have to be vigilant against the "Evil Maid" (someone deliberately sticking an infected Thunderbolt Ethernet Adapter, or an infected Thunderbolt-connected SSD into your computer while you aren't present/looking), and DON'T borrow/lend either of those two classes of Thunderbolt devices to/from ANYONE.
And you should, for all intents and purposes, be ok.
If dropping infected USB sticks into a parking lot and seeing who picks them up and plugs them in works
Yeah, I watch Mr. Robot, too...
Social engineering is a remarkable way around security.
I love the way most of the hacker movies depict a scenario like in Swordfish, where someone applies mad Developer (hacker) skills to navigate through arrays of 3D cubes representing (what, exactly?), and then breaks into the "Network" using those skill alone. That's why I always like the movie "Sneakers" (despite its depiction of 3D Operating Systems, too), because it depicted that Social Engineering was at the heart of most, if not all, "Cracking".
But this still doesn't answer the question as to whether Apple has successfully thwarted the REMOTE aspect (e.g., visit a malicious website, get a bad email...), or not.
Apple has released at least 2 Patches to OS X 10.10 (Yosemite), one in January, 2015, and another in June, 2015, to address these issues.
From what I have learned from the tubes, that leaves what admittedly amounts to a largely theoretical vulnerability, as far as "workable in the field" goes.
But what I haven't been able to sort out through all the eighth-grader cutesy names, is is this still a REMOTE-ABLE vulnerability, or is it back to the "Evil Maid" scenario only?
Also, I have heard that Macs built after June, 2014 are invulnerable (presumably due to some hardware design changes). Is that still true, or not?
A moment of silence for our fallen innocence of citizen's trust. Da da daaaa... da da daaaaaaa.... *puts hat back on* So yea, you can do encryption with a pencil and paper, do we need to think about backdoors when we're doing that?
Yes, if you use an algorithm based on some of the intentionally-weakened numerical tables or algorithms, courtesy of No Such Agency.
Its not a conspiracy as you allude to, its just ambulance chasing. Being an avid shooter, I'm well versed in the authoritarians "never letting a tragedy go to waste."
So, explain the USAPATRIOTACT all-trussed-up and ready-to-go.
Explain all the mysterious, 600 BILLION-TO-ONE-odds Stock "Puts" on the SAME AIRLINES that were involved. When was THAT ever investigated? Talk about "Follow the Money"...
Of course I could go on and on. Like how do two buildings, struck at ENTIRELY different places, with ENTIRELY different (and wildly assymetric!!!) damage-profiles, go down in pretty-much PRECISELY the same manner, in pretty-much their own footprint (as much as possible with a 110-story building)?
The reason you don't have to divulge passwords is because doing so would be compelling people to be witnesses against themselves. The right to remain silent. That's completely different from biometric security, where you have freely made the choice to use it. There is no right to not disclose one's fingerprints or retina pattern.
Then the trick, if you have time and an iPhone with a fingerprint sensor, is to force a shutdown. That way, when it is powered up again, it will REQUIRE a typed-in password; fingerprint won't do. Same thing if it has been a sufficient amount of time since the last login.
Slashdot Mirror
If it takes too long for Apple to fix it, people may start making and selling infection devices. They're probably already on the next version of the NSA ANT catalog
Too late, and too small a vulnerability (however nasty). I just learned that only one version of OS X is affected (10.10 Yosemite), and, as previously reported, the REMOTE part of the Vulnerability has been patched in 10.10.2 and fortified in 10.10.4. Apparently, the beta builds of 10.11 (El Capitan) are already patched, 'natch.
And I am sure Apple is working hard now on closing the "Evil Maid" vulnerability, too.
Last week, a report from market research firm NPD Group claimed the Apple Watch was partially behind the largest slump in U.S. watch sales since 2008
Apple Watch certainly wasn't the first SmartWatch; but I don't remember any Report like the one from NPD Group until after the Apple Watch was available.
Hmmmm. Coincidence?
I never even considered an Apple watch but if it looks like a calculator watch, I might go buy one. Maybe I could run a calculator app full screen!
I think pretty much everything runs full screen on the Apple Watch.
It's not just a "theoretical vulnerability", since the researchers had a proof of concept that was working at Black Hat a few weeks ago. That said, the latest versions of OS X 10.10 and 10.11 both have patches in place that break the proof of concept, and as I recall, the bug that permitted this in the first place was introduced in 10.10, which means that all vulnerable systems already have a patch available to prevent infection.
I didn't catch that this was introduced in 10.10 (Yosemite); so my Mavericks (10.9) and earlier systems are ok then?
GREAT Update, Anubis!
Mods: Mod Parent UP, UP, UP!!!
ah so that's why it's so crappy.
No. Systemd is so crappy because it's a bad ripoff of the IDEA behind launchd. Launchd has been booting Macs and doing lotsa other stuff on them pretty much without incident since OSX 10.4 (Tiger). That's about a decade ago.
Systemd is just an amateur-hour horrorshow.
Yes
Thanks for adding "Fumble-fuck around", You make it seem like the thunderbolt connector is hard to use. If the device was plugged in to a macbook already, it would be easier to infect the macbook directly.
Also for your assumption in step two than you'd have to use a laptop. You could use anything you can build a thunderbolt interface on. Like any FPGA with PCI Express interfaces or anything you can connect to a Thunderbolt interface chip, like the Si52131.
I have a MacBook Pro and routinely use the TB Connector to plug in a DVI monitor adapter. I guarantee you that, under the conditions you describe, most humans would not be able to simply stab the male end into the exact spot on the first try, while trying to also be surreptitious.
LOL, you been watching too many spy movies! So you spend several weeks/months Building up and coding/debugging an FPGA and TB chip gadget (and you better hope the protocol isn't too hairy), just so you can infect a few laptops before someone catches you and smashes both you AND your gadget into Raspberry Pie?!? Hilarious!
Seconds, since all you need to to to infect a TB-Ethernet adapter is plug it in to something.
Any thunderbolt device with an Option ROM can be infected in seconds. citation
So you're postulating that, while someone is present, another person can:
1. Pull out their Ethernet dongle (which presumably has a network cable attached)
2. Fumble-fuck around, trying to surreptitiously Stick the victim's dongle into a waiting infection-donor (which would likely have to be another laptop, probably a Mac)
3. Wait (n) seconds for the dongle to enumerate and get the infection uploaded
4. Pull it back out of the "donor" computer
5. Fumble-fuck around trying to surreptiously plug it back into the victim's laptop (and possibly reconnecting the network cable)...
ALL in a FEW SECONDS, and WITHOUT BEING CAUGHT!?!?!???
Maybe The Flash (no pun) could do it; but for us non -superhumans...
It is cute to do this but when you have hardware access, all bets are off and you could write the EFI regardless. Signing firmware for EFI only makes alternative software and homebrew harder (eg SecureBoot tripe) but doesn't make it any harder to hack
You're right. I wonder if that's why Apple didn't run straight toward that obvious solution?
Apologies if I misinterpreted.
No problem. I am always too defensive when on /. anyway, LOL!
Never let any of those peripherals out of your sight either! Someone could infect them in just a few seconds of inattention.
No.
Someone could conceivably REPLACE them with already-infected ones, or use already-infected ones nefariously to infect you, in just a few seconds; BUT I'm pretty sure that no one could infect YOUR TB-Ethernet Adapter in "just a few seconds of inattention." A few MINUTES, sure; but not a few seconds.
And remember, this still requires essentially physical access to the machine (or at least the peripheral). For now, it looks like, contingent on the conditions of my first post, above, the REMOTE threat is over.
Someone want to correct me on that, with citations?
Um, Mr Robot took it from ancient (in internet terms anyways) history:
I just took the most recent reference that popped into my head; but at least whoever writes that show has SOME geek-knowledge. That's still (a lot!) better than most.
It'd be real nice if Microsoft paid more attention to isolating software components from the core OS.
I thought that's what the HAL (Hardware Abstraction Layer), part of NT/XP/Vista/Windows 7-10 since I don't know when, was for.
I also thought that NT (like NextStep) was designed to be hardware-agnostic from the ground up. Heck, there was even an (unreleased?) version of NT for PowerPC (and I think they had it running on PowerMac 6100s, too).
Sorry, but this is what happens when you let a country under the sway of a totalitarian government build you computers.
I didn't know that Lenovo was built in the U.S.A.
Also, command line is not difficult to learn or use; and it is incredibly powerful.
Whoosh!
Not like *that* would never be abused by the first script kiddie [^h][^h][^h][^h][^h][^h][^h][^h]Government Agency to notice it...
FTFY.
The Malware's baked-in-goodness from the factory!
And what do I do to stay unscrewed? a serious question from a Macbooker. /I'm expecting much hate but some wisdom embedded in the barbs
It looks like if you are either:
1. An owner of a Mac MANUFACTURED after June, 2014; and/or,
2. Running at least OS X 10.10.4
You are safe from any REMOTE Thunderstrike(2) Attacks.
HOWEVER, you STILL have to be vigilant against the "Evil Maid" (someone deliberately sticking an infected Thunderbolt Ethernet Adapter, or an infected Thunderbolt-connected SSD into your computer while you aren't present/looking), and DON'T borrow/lend either of those two classes of Thunderbolt devices to/from ANYONE.
And you should, for all intents and purposes, be ok.
It's not needed. Everybody knows that macs don't get malware and come with a free unicorn.
No. It's not needed because Apple already has launchd, which is from which systemd was copied.
If dropping infected USB sticks into a parking lot and seeing who picks them up and plugs them in works
Yeah, I watch Mr. Robot, too...
Social engineering is a remarkable way around security.
I love the way most of the hacker movies depict a scenario like in Swordfish, where someone applies mad Developer (hacker) skills to navigate through arrays of 3D cubes representing (what, exactly?), and then breaks into the "Network" using those skill alone. That's why I always like the movie "Sneakers" (despite its depiction of 3D Operating Systems, too), because it depicted that Social Engineering was at the heart of most, if not all, "Cracking".
But this still doesn't answer the question as to whether Apple has successfully thwarted the REMOTE aspect (e.g., visit a malicious website, get a bad email...), or not.
I heard the Titanic was "unsinkable". Be careful with words like "invulnerable".
Point taken; but, in my defense, I think that's what the original article I read said.
Apple has released at least 2 Patches to OS X 10.10 (Yosemite), one in January, 2015, and another in June, 2015, to address these issues.
From what I have learned from the tubes, that leaves what admittedly amounts to a largely theoretical vulnerability, as far as "workable in the field" goes.
But what I haven't been able to sort out through all the eighth-grader cutesy names, is is this still a REMOTE-ABLE vulnerability, or is it back to the "Evil Maid" scenario only?
Also, I have heard that Macs built after June, 2014 are invulnerable (presumably due to some hardware design changes). Is that still true, or not?
No, apple should have it say: I'm afraid I won't do that.
Actually, the first statement is correct. By Design, Siri has absolutely no ability to honor that Request.
A moment of silence for our fallen innocence of citizen's trust. Da da daaaa... da da daaaaaaa.... *puts hat back on* So yea, you can do encryption with a pencil and paper, do we need to think about backdoors when we're doing that?
Yes, if you use an algorithm based on some of the intentionally-weakened numerical tables or algorithms, courtesy of No Such Agency.
Its not a conspiracy as you allude to, its just ambulance chasing. Being an avid shooter, I'm well versed in the authoritarians "never letting a tragedy go to waste."
So, explain the USAPATRIOTACT all-trussed-up and ready-to-go.
Explain all the mysterious, 600 BILLION-TO-ONE-odds Stock "Puts" on the SAME AIRLINES that were involved. When was THAT ever investigated? Talk about "Follow the Money"...
Of course I could go on and on. Like how do two buildings, struck at ENTIRELY different places, with ENTIRELY different (and wildly assymetric!!!) damage-profiles, go down in pretty-much PRECISELY the same manner, in pretty-much their own footprint (as much as possible with a 110-story building)?
Yes. Sometimes it really IS a Conspiracy.
The reason you don't have to divulge passwords is because doing so would be compelling people to be witnesses against themselves. The right to remain silent. That's completely different from biometric security, where you have freely made the choice to use it. There is no right to not disclose one's fingerprints or retina pattern.
Then the trick, if you have time and an iPhone with a fingerprint sensor, is to force a shutdown. That way, when it is powered up again, it will REQUIRE a typed-in password; fingerprint won't do. Same thing if it has been a sufficient amount of time since the last login.