Comment by ttul
2 days ago
And when the machine arrives back in the States, it even has a fresh CPC ROM soldered onto the back of the SOC!
2 days ago
And when the machine arrives back in the States, it even has a fresh CPC ROM soldered onto the back of the SOC!
I'm not a security researcher, but I get the distinct impression that Apple's hardware security is good enough that if you actually had an evil-maid attack on the M4 Pro Mac mini, it would instantly become the hottest news in the security community.
I would not be so sure that Apple's hardware security is good enough, taking into account that for several years it has been possible to take complete control remotely and undetectably over any iPhone, because of a combination of hardware and software bugs.
The Apple Mx CPUs had some secret test registers that allowed the bypassing of all hardware memory protections and which could be accessed by those who were aware of their existence, because they were not disabled after production, as they should have been. Combined with some software bugs in some Apple system libraries, this allowed an attacker to obtain privileged execution rights by sending an invisible message to the iPhone.
It is unknown whether the same secret test registers were also open in the laptop versions of the Apple Mx CPUs. There the invisible message attack route would have been unavailable, but malicious Web pages might have been able to use the same exploit.
This incredible security failure has been hot news for a couple of weeks, together with the long list of CVEs associated with it, and it has been also discussed on HN, but after that it has been quickly forgotten. Now most people still think that the Apple devices have good security, despite their history showing otherwise. I do not think that any other hardware vendor except Apple has been caught with a security bug so dumb as those unprotected hardware test registers.
This was not a theoretical security failure, but it was discovered because some unknown attackers had used it for a long time to spy on some iPhone owners. The attack had been discovered by studying the logs of WiFi access points, which had shown an unusually high outbound traffic coming from the iPhones, which were exfiltrating the acquired data.
It wasn’t known by many and probably too valuable to burn so targets would be selective, when it was found it was patched along with virtually every iDevice.
You make it sound like this was a huge impact issue, it really wasn’t, theoretically everyone could be affected but in reality a negligible subset were.
2 replies →
It is mindboggling simple to override Apple MDM and device enrollment for MBPs. In a manner that is one and done, survives upgrades etc.
Two minutes or less, 4 DNS entries.
I'm a lot less convinced than you are of the hardiness of Apple's security.
I wrote "Apple's hardware security".
To be fair, the parent comment did qualify their uncertainty four whole times:
1) "I'm not a security researcher" (ethos; repeal to authority)
2) "I get" (pathos; personal opinion)
3) "distinct impression" (pathos; emotional appeal)
4) "good enough" (logos; implies security is immeasurable/infeasible to prove)
Now, I wouldn't get caught dead endorsing a company that I have to write so many excuses for. But they did warn you!
Umm… what’s an evil-maid attack? Sounds like a b-horror film. :)
An "evil-maid attack" is the name used for the case when the attacker has unrestricted direct physical access for a short time to the computer, like it may be the case for the personnel who cleans the office or home in the absence of the computer users (or as it may be the case at some border control points if a laptop/smartphone is taken by the authorities for a checking done in another room, where the owner is not present).
With direct physical access, a lot of things can be done which cannot be done remotely, e.g. attempting to boot from an external device, possibly using hardware fault injections to bypass protections against that, attempting to read data that has not completely decayed from the DRAM modules, replacing some hardware component or inserting an extra component that would enable spying in the future, making copies of an encrypted SSD/HDD with the hope that after making other copies of it in the future that will enable breaking the encryption , if that is done using an encryption mode that does not protect against this kind of attack, and so on.
Do you actually believe this?
Not at all.
Don't be rude, your NSA ROM gets lonely sometimes.
I feel that you're being downvoted by people who don't know history.
I'll add some references:
https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa...
https://en.wikipedia.org/wiki/2010s_global_surveillance_disc...
Same with the guy half-joking about Chinese malicious implants. Because of course China would never engage in espionage. It's interesting to note that he/she got downvoted a lot harder.
They know, they just wish it weren't true.
"You only know me as you see me, not as I actually am"
CPC?
Possibly ParaDOS?
Ha! I’m sure I asked you about this before but I think you hinted at one point about being able to supply PD on a format other than disc and I think you said not on cassette. What was that?
Communist party of china aka ccp