Κυκλοφόρησε το πρώτο Κακόβουλο Λογισμικό για τα νέα Macs με επεξεργαστή Μ1!
18-02-2021 21:29
Macs with Apple's M1 processor have only been around for a few months, but it didn't take long for hackers to start targeting the systems. Security researcher Patrick Wardle says he has found a malicious app that was created specifically for the powerful M1 chip.
He wrote in a blog post that the Safari adware extension, which is called GoSearch22, was originally designed for Intel x86 processors. It appears to be a variant of the well-known Mac adware Pirrit. Wardle told Motherboard that the malware seems "fairly vanilla" — it collects user data and peppers the screen with illicit ads — but noted that its developers could update GoSearch22 with more harmful functions.
Although new Macs can still run apps designed for Intel x86 chips via emulation, many developers are creating native M1 versions of their software. The existence of GoSearch22, Wardle wrote, "confirms malware/adware authors are indeed working to ensure their malicious creations are natively compatible with Apple’s latest hardware."
Wardle discovered the malware on Alphabet-owned antivirus testing platform VirusTotal, where someone uploaded it in December. The researcher found that, although the platform's antivirus scanners flagged the x86 version of the adware as malicious, 15 percent of them didn't suspect the M1 version of GoSearch22 was malware. That suggests not all antivirus software is fully ready to root out malware designed for M1-based systems. Another researcher, Thomas Reed, told Wired that compiling software for "M1 can be as easy as flicking a switch in the project settings," so it seems hackers might not have to do much to adapt their malware for Apple's latest processor.
GoSearch22 was signed with an Apple developer ID in November, according to Wardle. However, Apple has revoked the adware's certificate, which will make it difficult for users to install it.
Πηγή: https://www.engadget.com/hackers-are-already-targeting-macs-with-apples-m-1-chip-170440569.html
Major Thunderbolt security flaws found, affect Macs shipped in 2011-2020!
24-11-2020 18:38
No fewer than seven serious Thunderbolt security flaws have been discovered, affecting machines with both standalone Thunderbolt ports and the Thunderbolt-compatible USB-C ports used on modern Macs.
The flaws allow an attacker to access data even when the machine is locked, and even when the drive is encrypted …
The vulnerabilities are present in all machines with Thunderbolt/Thunderbolt-compatible USB-C ports shipped between 2011 and 2020.
Security researcher Björn Ruytenberg found seven vulnerabilities in Intel’s Thunderbolt chips, and nine ways to exploit them.
1. Inadequate firmware verification schemes
2. Weak device authentication scheme
3. Use of unauthenticated device metadata
4. Downgrade attack using backwards compatibility
5. Use of unauthenticated controller configurations
6. SPI flash interface deficiencies
7. No Thunderbolt security on Boot Camp
There is no way to detect that a machine has been compromised.
Thunderspy is stealth, meaning that you cannot find any traces of the attack. It does not require your involvement, i.e., there is no phishing link or malicious piece of hardware that the attacker tricks you into using. Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption. All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware.
These vulnerabilities lead to nine practical exploitation scenarios. In an evil maid threat model and varying Security Levels, we demonstrate the ability to create arbitrary Thunderbolt device identities, clone user-authorized Thunderbolt devices, and finally obtain PCIe connectivity to perform DMA attacks. In addition, we show unauthenticated overriding of Security Level configurations, including the ability to disable Thunderbolt security entirely, and restoring Thunderbolt connectivity if the system is restricted to exclusively passing through USB and/or DisplayPort. We conclude with demonstrating the ability to permanently disable Thunderbolt security and block all future firmware updates.
Macs are fully vulnerable to all of the Thunderbolt security flaws when running Bootcamp, and ‘partly affected’ when running macOS.
MacOS employs (i) an Apple-curated whitelist in place of Security Levels, and (ii) IOMMU virtualization when hardware and driver support is available. Vulnerabilities 2–3 enable bypassing the first protection measure, and fully compromising authenticity of Thunderbolt device metadata in MacOS “System Information”. However, the second protection measure remains functioning and hence prevents any further impact on victim system security via DMA. The system becomes vulnerable to attacks similar to BadUSB. Therefore, MacOS is partially affected.
Further details of the Mac vulnerabilities can be found below.
Ruytenberg informed both Intel and Apple of his discoveries, but says that as the Thunderbolt security flaws are present in the controller chips, there is no way to fix the vulnerabilities via a software update.
Below is a description of how the vulnerabilities can be exploited on a Mac running macOS. This is essentially performed by fooling the Mac into thinking the attack kit is an Apple-approved Thunderbolt accessory.
3.4 Exploitation scenarios for vulnerabilities 2-3, 7 on Apple Mac systems
3.4.1 Cloning an Apple-whitelisted device identity to an attacker device (MacOS) 4
Threat model
We assume an “evil maid” threat model, in which the attacker exclusively has physical access to a victim system. The system is in a locked (S0) or sleep (S3) state, while running MacOS.
Preparation
1. Acquire a MacOS-certified Thunderbolt device.
2. Disassemble the MacOS-certified device enclosure. Obtain the firmware image from the Thunderbolt controller’s SPI flash of the MacOS-certified device.
3. Disassemble the attacker device enclosure. Obtain the firmware image from the Thunderbolt controller’s SPI flash of the attacker device.
4. Connect the MacOS-certified device to the attacker system. On the attacker system, using e.g. tbtadm on Linux, obtain the UUID of the MacOS-certified device.
5. Locate the DROM section by searching for the string DROM in the attacker device firmware image. Figure 6 depicts the DROM data structure. Using the figure as a reference, locate the appropriate offsets and replicate the MacOS-certified device UUID.
6. Compute uid crc8 and replicate the value at the appropriate offset.
7. Write the image to the attacker device SPI flash.
Procedure
1. Connect the attacker device to the victim system.
Verification
1. Observe that the victim system identifies the attacker device as being a MacOS-certified device. Figure 2 demonstrates an example scenario, showing a forged Thunderbolt device identity in the MacOS “System Information” application.
Intel commented:
In 2019, major operating systems implemented Kernel Direct Memory Access (DMA) protection to mitigate against attacks such as these. This includes Windows (Windows 10 1803 RS4 and later), Linux (kernel 5.x and later), and MacOS (MacOS 10.12.4 and later). The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled. Please check with your system manufacturer to determine if your system has these mitigations incorporated. For all systems, we recommend following standard security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.
Η Apple ανακοίνωσε νέο MacBook Pro με 8πύρηνο επεξεργαστή, αλλά και πρόγραμμα δωρεάν επισκευής γιά τα MacBook, MacBook Pro και MacBook Air με πληκτρολόγιο τύπου "Πεταλούδας" (Butterfly)!
23-05-2019 14:37
Η Apple προχώρησε στην αναβάθμιση των MacBook Pro 13 και 15 ιντσών, η οποία κρύβει μερικές εκπλήξεις.
Στο επίκεντρο των νέων μοντέλων βρίσκεται η 8η γενιά των τετραπύρηνων επεξεργαστών της Intel σε ότι αφορά το MacBook Pro 13 ιντσών με ενσωματωμένη Λωρίδα Αφής (Touch Bar).
Στο μοντέλο των 15 ιντσών υπάρχουν πολύ πιο σημαντικές διαφορές στις ταχύτητες, αφού η Apple παρουσιάζει για πρώτη φορά και MacBook με 8πύρηνο επεξεργαστή.
Στο συγκεκριμένο μοντέλο οι χρήστες θα πρέπει να περιμένουν διπλάσια ταχύτητα σε σχέση με το τετραπύρηνο μοντέλο, ενώ στο μοντέλο με εξαπύρηνο επεξεργαστή, η αύξηση στην ταχύτητα υπολογίζεται στο 40%.
Σε ότι αφορά το MacBook Pro 13 ιντσών με Λωρίδα Αφής (Touch Bar), υπάρχει αύξηση στο χρονισμό του τετραπύρηνου επεξεργαστή στα 2.4 GHz, με το Turbo Boost να φτάνει τα 4.7 GHz.
Με τα καινούρια MacBook Pro, η Apple προχωρά και σε μια νέα κίνηση που αφορά το πληκτρολόγιο και το μηχανισμό "πεταλούδας" που παρουσίασε πριν μερικά χρόνια, και αποτελεί κατά γενική ομολογία ένα από τα μειονεκτήματα των φορητών της εταιρείας, πηγή παράλληλα πολλών τεχνικών προβλημάτων.
Έτσι μετά την αθόρυβη προσθήκη μιας μεμβράνης στα πλήκτρα που θεωρητικά θα εξαφάνιζε το διπλό πάτημα πλήκτρων και θα τα προστάτευε από τη σκόνη -δύο από τα σημαντικότερα προβλήματα-, η Apple προχωρά στα νέα MacBook σε τρεις σημαντικές αλλαγές:
1. Η πρώτη αφορά το μηχανισμό του πληκτρολογίου και τη χρήση των υλικών που έχουν χρησιμοποιηθεί για την κατασκευή του, με τις αλλαγές στο συγκεκριμένο κομμάτι να προορίζονται στο να εξαφανίσουν το λανθασμένο διπλό πάτημα των πλήκτρων.
2. Αν και η παραπάνω αλλαγή αναμένεται να λύσει οριστικά το πρόβλημα, η Apple περιλαμβάνει όλα τα MacBook που διαθέτουν πληκτρολόγιο με μηχανισμό "πεταλούδας" σε πρόγραμμα επισκευής, με την εταιρεία να προχωρά σε δωρεάν αντικατάστασή του, είτε ο υπολογιστής βρίσκεται σε εγγύηση είτε όχι.
Τα μοντέλα MacBook, MacBook Air και MacBook Pro που περιλαμβάνονται στο πρόγραμμα αντικατάστασης πληκτρολογίου είναι τα εξής:
MacBook (Retina, 12-inch, Early 2015)
MacBook (Retina, 12-inch, Early 2016)
MacBook (Retina, 12-inch, 2017)
MacBook Air (Retina, 13-inch, 2018)
MacBook Pro (13-inch, 2016, Two Thunderbolt 3 Ports)
MacBook Pro (13-inch, 2017, Two Thunderbolt 3 Ports)
MacBook Pro (13-inch, 2016, Four Thunderbolt 3 Ports)
MacBook Pro (13-inch, 2017, Four Thunderbolt 3 Ports)
MacBook Pro (15-inch, 2016)
MacBook Pro (15-inch, 2017)
MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports)
MacBook Pro (15-inch, 2018)
MacBook Pro (13-inch, 2019, Four Thunderbolt 3 Ports)
MacBook Pro (15-inch, 2019)
Εντυπωσιακό είναι το γεγονός ότι στη λίστα περιλαμβάνονται και τα νέα MacBook που μόλις ανακοινώθηκαν, κάτι που σίγουρα προκαλεί απορίες... Σύμφωνα με την ιστοσελίδα της Apple, οι ενδιαφερόμενοι θα πρέπει να επισκεφθούν είτε ένα Apple Store αν υπάρχει στη χώρα τους είτε ένα επίσημο εξουσιοδοτημένο κέντρο service.
3. Οι χρόνοι επισκευής και αντικατάστασης ενός τέτοιου πληκτρολογίου δεν ήταν οι καλύτεροι, με την εταιρεία να προχωρά σε σημαντικές αλλαγές προκειμένου να επιταχύνει την όλη διαδικασία.
Τα τελευταία προβλήματα με τα πληκτρολόγια των νέων MacBook και MacBook Pro, φέρνουν ξανά στην επικαιρότητα ένα καυστικό άρθρο για τον έλεγχο ποιότητος των προϊόντων τεχνολογίας: "BAD TECHNOLOGY - BETA CULTURE: A Call for Revolution Against Beta Culture"
03-09-2018 12:52
Πρόγραμμα Ανακλήσεως και Αντικαταστάσεως Πληκτρολογίων στα νέα MacBook και Macbook Pro από την Apple
https://www.apple.com/support/keyboard-service-program-for-macbook-and-macbook-pro/
BAD TECHNOLOGY - BETA CULTURE: A Call for Revolution Against Beta Culture
I'm tired of this. This sense of permanent discomfort with the technology around me. The bugs. The compromises. The firmware upgrades. The "This will work in the next version." The "It's in our roadmap." The "Buy now and upgrade later." The patches. The new low development standards that make technology fail because it wasn't tested enough before reaching our hands. The feeling now extends to hardware: Everything is built to end up in the trash a year later, still half-baked, to make room for the next hardware revision. I'm tired of this beta culture that has spread like metastatic cancer in the last few years, starting with software from Google and others and ending up in almost every gadget and computer system around. We need a change.
Take the iPhone, for example, one of the most successful products in the history of consumer electronics. We like it, I love mine, but the fact is that the first generation was rushed out, lacking basic features that were added in later releases or are not here yet. Worse: The iPhone 3G was really broken. For real. Bad signal, dropped calls, frozen apps. This would have been unthinkable in cellphones just five years ago. They were simpler, for sure, but they were failure proof. Today's engineering and testing is a lot more sophisticated. In theory, products can't go out into distribution with such glaring problems undetected.
Another recent example is my iMac 24, which had the infamous video card problem out of the box. How can a machine with such an obvious problem—instantly detected by the user base—be sold like that? The same happened recently with Nvidia video boards. In fact, graphic cards—being always in the cutting edge of technology—are perfect examples of beta hardware being sold as final hardware, with many released with beta-quality drivers and requiring firmware patches.
From that to the now-universally-accepted Blue Screen of Death, from buggy Blu-ray players to the Xbox 360's red ring of death and PS3's bugs, even from kitchen ovens to faulty DSLR cameras, the list of troubled products is endless. Just this week, the eagerly anticipated BlackBerry Storm launched to mixed reviews, in part because of its crashy, apparently unfinished software.
On the other side, my parents have a Telefunken CRT TV and a Braun radio from the '70s which are still in working condition. They were first generation. They never failed. Compare that to my first plasma TV from Philips, which broke after less than a year of use. Mine wasn't the only one. The technology was too young to be released; it was still in beta state. Philips wanted to be the first in the world with a flat TV and beat the competition, so they released it. This probably wasn't a good move: Today, Philips' TV business is struggling, and is nonexistent in the US. Meanwhile, my Sinclair ZX Spectrum and Apple IIe from the 1980s still work like they did from day one, perfectly.
For sure, today's products are far more complex than those of 20 or 30 years ago. But back then, the manufacturing was also a lot worse. It was less automated, often purely manual, and imperfect. Today, in a world where automated factories run 24/7, there's less chance of error. Yet still, there are countless problems in the final products, and those problems affect every unit in an entire model line. In the age of manufacturing perfection, there are still major recalls concerning products that burn or break.
Clearly, the problem is the development process and the time to market, with product cycles shortened and corners cut to keep a continuous stream of cash flowing in. The rush to feed these cycles with increasingly more complex engineering seems to be at odds with shortened development and quality assurance processes, resulting in beta-state first-generation products. This beta culture, the same one that already plagues the web, breeds people who are willing to accept bugs in the name of cutting-edge gear.
Who's to blame? Google and their web apps? Apple and their iPhone 3G problems? Microsoft and their countless buggy versions of operating systems and the Xbox 360's RROD? Philips? Sony? Samsung? LG? We all are. The manufacturers, who are driven by a thirst to expand and satisfy their shareholders at all costs. The consumers, who are so thirsty to drink in the shiniest, newest technology that they are willing to sacrifice stability. And the press too, who pours more gasoline onto the consumerism bonfire by writing glowing reviews and often minimizing things that are simply not acceptable.
Personally, I'm tired of all this. But I'm mostly tired about the fact that it seems that we all have given up. Tired because now we see "upgrades" as an opportunity to protect our investment, but in reality, it's laziness and a poor job on the manufacturer part that we have accepted without questioning. Instead of calling foul play and refusing to participate, we keep buying.
That's the key: We have surrendered in the name of progress and marketing and product cycles and consumerism. Maybe those are good reasons, I don't know, but looking at the past, it feels like we are being conned. Deceived because the manufacturers of electronic products have taken our desire to progress faster and even embrace the web beta culture as an excuse to rush things to market, to blatantly admit bugs and the rushed features sets and sell the patches as upgrades.
Maybe the recession will put some order in this thirst of new stuff and change the product cycles. As the economy slows down, people will think twice before buying the latest and greatest; they'll keep older hardware for longer. Then, manufacturers will have to rethink their product lines, and lift their feet from the accelerator, which will result on slower cycles and better products. Maybe that's our ticket for better electronics that actually make sense.
Or maybe... maybe that will be another excuse for the manufacturer to cut even more corners and keep lowering prices so that consumers keep spending and ending up with worse products than we have now.
Πηγή: http://gizmodo.com/5083371/a-call-for-revolution-against-beta-culture