Comment by whartung
2 years ago
It can be defended against. The detail is that the only way to harden those defenses is to toss it out in the world and let folks poke holes in it.
This was an extremely complex exploit. It was complex because of all of the defenses put in place by Apple and others. It required State level resources to pull it off.
We also don't know what, if any, external skullduggery was involved in the exploit. Did someone penetrate Apple/ARM and get internal documentation? Compromise an employee? Did Apple/ARM participate? Maybe they just dissolved a CPU cover, and reverse engineered it.
But, that cat is not out of the bag, and it's been patched.
Progress.
As many folks say, when it comes to dealing with security, consider the threat model. Being under the lens of an advanced State is different from keeping your young brother out of your WoW account.
This exploit wasn't done by a bunch of scammers selling "PC Support". That's the good news.
When stuff like this happens, I always go back to Stuxnet, where not only did they breach an air gap, they went in and did a sneak and peek into some other company to get the private signing keys so that their corrupted payload was trusted. There's a difference between an intelligence operation and a "hack".
Making stuff like this very expensive is part of the defensive posture of the platform.
> Compromise an employee?
An official visits the headquarters, and informs that certain employees need to be hired at certain departments “to help with national security”. End of story.
What even makes people think that executives whose job is to deal with everyone in order to “do business” are their long distance friends, or some kind of punks who'd jump on the table and flip birdies into faces of people making such an offer?
>It was complex because of all of the defenses put in place by Apple and others.
I don't know jack about hardware but it would seem obvious that when one designs a chip, you make sure it does not have 'unknown hardware registers' or unknown anything when you get it back from the manufacture.
This makes everything written on this page worthless...
>Prevent anyone except you from using your devices and accessing your information. https://www.apple.com/privacy/control/
> I don't know jack about hardware but it would seem obvious that when one designs a chip, you make sure it does not have 'unknown hardware registers' or unknown anything when you get it back from the manufacture.
well you are in trouble then. all of modern hardware have such hidden parts in them, and are most of the time referenced as "undocumented" instead of "unknown". I know this seems pedantic, but from a public eye, anything undocumented is unknown. what makes those special however, is those are not used at all by public software, thus truly unknown as one can only guess their use or even their mere existence.
"Undocumented" as used by hardware manufacturers is an euphemism for "secret".
2 replies →
> I don't know jack about hardware
Could have stopped writing right there.
Agreed
> I don't know jack about hardware but it would seem obvious that when one designs a chip, you make sure it does not have 'unknown hardware registers' or unknown anything when you get it back from the manufacture.
Either Apple or Arm has employees that know what these registers do. They are likely used for debugging and/or testing.
A lot of those registers can do very interesting things, since e.g. fault-injection is an important part of testing. A security-minded implementation will allow these to either be fused off or disabled very early in the boot process. The latter is probably more common, and any disconnect between the hardware and software side can cause this step to get missed.
Very interesting, thanks dor the insight. Would you fault Apple for not disabling these?
You’re assuming the registers are unknown to the chip designer.
The article doesn’t state that. It says it’s undocumented for the security researchers.
good point