The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. October 16, 2019, 05:43:49 AM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: Another example of Apple's great security  (Read 3310 times)
nop_90
Global Moderator
Lifer
*****
Offline Offline

Posts: 2203


View Profile
« on: July 23, 2011, 02:23:32 PM »

All Apple MacBooks can be hacked through the battery
http://digitizor.com/2011/07/23/macbook-hacked-battery/
 ROFLMAO ROFLMAO ROFLMAO
Almost as good as the Safari run a bat file security breach.

Anyway everyone knows the Apple is the most secure OS.
Steve Jobs has told me repeatedly Wink

Logged
kurdt
Lifer
*****
Offline Offline

Posts: 1153


paha arkkitehti


View Profile
« Reply #1 on: July 23, 2011, 11:06:09 PM »

All Apple MacBooks can be hacked through the battery
http://digitizor.com/2011/07/23/macbook-hacked-battery/
 ROFLMAO ROFLMAO ROFLMAO
Almost as good as the Safari run a bat file security breach.

Anyway everyone knows the Apple is the most secure OS.
Steve Jobs has told me repeatedly Wink
You might want to read the story from it's source and not some summary site... here's quote from Miller "That attack would require finding another vulnerability in the interface between the chip and the operating system.". This reminds me of cryptohacking - theoritically possible but infeasible in real-life unless some unknown vector is found. Of course there might be some unknown vector that compromises the whole system but in the other hand meteor could hit earth in next 5 minutes. Both unknown variables that we can't predict to be found or not found.

After reading Forbes original article, you should check this http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/. Now that Apple bothered to make proper ASLR implementation in Lion, it's more secure than Linux and Windows 7.
Logged

I met god and he had nothing to say to me.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #2 on: July 24, 2011, 12:37:10 AM »

Correct Kurdt - but you do have to admit it's a pretty damn funny story. Cripes it hit about every blog and stream I read - some really great FUD.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
kurdt
Lifer
*****
Offline Offline

Posts: 1153


paha arkkitehti


View Profile
« Reply #3 on: July 24, 2011, 03:55:44 AM »

Correct Kurdt - but you do have to admit it's a pretty damn funny story. Cripes it hit about every blog and stream I read - some really great FUD.
Yeah, it is kinda funny but now that I think about it; how else would you actually design it? I mean batteries need to be changeable in laptops and if there's communication between laptop and battery, then how do you make it secure? Change the password in the battery? Well, then what prevents somebody from snooping that? I mean it has to be stored somewhere in the system in the first place if system needs it. I think the fundamental flaw in the design is that OS has too much access to the battery. It should be that OS can only read stats but can't actually initiate charging or anything else that modifies battery's statue. Controlling battery would be done with separate microcontroller that communicates between the battery and charger. Current model sounds like a classic case of breaking the principle of least privilege.
Logged

I met god and he had nothing to say to me.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #4 on: July 24, 2011, 11:45:19 AM »

I thought you were more on in your first post. I mean, AS IF this is really a flaw. You know, if I look over your shoulder and grab a password so I can violate your battery, does it matter what OS you're running?

I think it's funny ho the FUD machine gets going to attract eyeballs.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
daviator
Expert
****
Offline Offline

Posts: 333


View Profile
« Reply #5 on: July 24, 2011, 07:19:03 PM »

As soon as I read this in the news, I threw away all of my batteries in all of my portable devices.  Now I feel so much safer.
 ROFLMAO
Logged
kurdt
Lifer
*****
Offline Offline

Posts: 1153


paha arkkitehti


View Profile
« Reply #6 on: July 24, 2011, 09:42:49 PM »

I thought you were more on in your first post. I mean, AS IF this is really a flaw. You know, if I look over your shoulder and grab a password so I can violate your battery, does it matter what OS you're running?

I think it's funny ho the FUD machine gets going to attract eyeballs.
It's not just about OS. Many people haven't yet realized it but new era of viruses has begun with Stuxnet. Virus makers are now targeting devices that can affect physical world like simple networked logic boards. It's really a nightmare because those simple machines can't just load up some antivirus so once they get infected, maintenance won't even notice until it's too late. Many times when designing manufacturers don't think how their machines could be used to do damage like that recent incident when folks hacked those traffic displays. Slight undetected clever misinformation on those could cause serious accidents. Also you don't have to use one particular infected machine to do the damage, you can create cascading failure which will minimize the risk of infection being detected. Now with this battery hack you are basically carrying a small hand-grenade in your laptop. Anybody who has seen http://www.youtube.com/watch?v=SMy2_qNO2Y0 understands how much damage bigger battery could cause.

So even if it's theoretically unfeasible or very easy (depending on the unknown vector) to exploit, there's still a design flaw that can be exploited to potentially make somebody expire.
Logged

I met god and he had nothing to say to me.
nop_90
Global Moderator
Lifer
*****
Offline Offline

Posts: 2203


View Profile
« Reply #7 on: July 25, 2011, 02:20:25 AM »

"That attack would require finding another vulnerability in the interface between the chip and the operating system.". This reminds me of cryptohacking - theoritically possible but infeasible in real-life unless some unknown vector is found. Of course there might be some unknown vector that compromises the whole system but in the other hand meteor could hit earth in next 5 minutes. Both unknown variables that we can't predict to be found or not found.
From my understanding most modern attacks are this type of attack.
A 2 stage attack, the era of the "buffer overflow" is dead.

"Security" for a product like an internet browser is viewed in isolation. (As in the browser itself).
But you have to view the products as in how they interact with each other.
So a browser will have default with telnet or gopher protocol programs.
The default telnet might have been designed for only keyboard input so by itself is "secure".
So not as rare as you think.

Obviously it is like the USB attack and autorun.
It would be used as a social engineering type attack. (obviously buying laptop batteries and leaving them lying around is not feasible)
Logged
Alejandro
n00b
*
Offline Offline

Posts: 4



View Profile
« Reply #8 on: October 04, 2011, 10:11:30 PM »

I agree with the flawless security system of apple products whether it is iPhone  or iPad or Mac what ever the product.
They have have developed a system which is less vulnerable to internet hazards.
Logged
Kathy_carter
n00b
*
Offline Offline

Posts: 2



View Profile
« Reply #9 on: October 06, 2011, 11:20:17 PM »

Hi,
Most of the people using of not using the apple products agree with the security system. Its very sad that the legend who gave us various inventions of the modern age is no more between us. As Quoted by the President of United States after the death of the legend "The World has lost an Inventor who was a Great Visionary."  Violin
Logged

NO LINKS IN SIGS.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!