Wednesday, 19 January 2011

Warning - hackers can "own" your machine if you plug into an evil Thunderbolt device


http://www.breaknenter.org/2012/02/...cking-macs-through-the-thunderbolt-interface/

hardware issue - os vulnerable (but thunderbolt mac now).

careful of thunderbolt , firewire devices. firewire hack, thunderbolt can work firewire. it's worse on thunderbolt, since thunderbolt used monitors. if attacker can thunderbolt monitor, can right heart of computer.

in nutshell, part of firewire spec can access lower 4 gig of ram on machine. bad device can passwords, , there's not (or os) can stop it. osx has weak password protection too.

since thunderbolt daisy chains, can attacked guy puts attack machine on safe device, thunderbolt monitor. there's not many places can access public thunderbolt projectors , monitors.

fortunately, thunderbolt drives reputable companies, unlike usb drives. security implications still bit worrying. it's going hurt thunderbolt adoption, because windows bigger target hackers. security conscious companies won't buy thunderbolt on if it's going leave them open discrete physical hacks. attach mobile phone tb ceo's tb monitor, daisy-chain machine. or attach tb mobile public tb overhead projector inlet, , own connects.
 

i think it's assumed if have physical access someone's computer, bets off in terms of security.

arn
 


Forums Macs Notebooks MacBook Air


  • iPhone
  • Mac OS & System Software
  • iPad
  • Apple Watch
  • Notebooks
  • iTunes
  • Apple ID
  • iCloud
  • Desktop Computers
  • Apple Music
  • Professional Applications
  • iPod
  • iWork
  • Apple TV
  • iLife
  • Wireless

No comments:

Post a Comment