Apple Acquired Firmware Security Company LegbaCore Last November

[simonmet]

Creepy logo.

Reminds me of something the US Department of Defence would come up with...

 

[Bevz]

Well this sounds a very good thing

 

[iPadCary]

I don't like it. Don't like it one bit!
As a stockholder, I'm appalled that Apple is dealing with the Devil
in order to gain "positive" results. This smacks of desperation, but why am I surprised ....
This is "Tim's Apple" all over.

No, I think it means Apple is now being run by the Free Masons.

Now being run by the Freemasons? It was founded by them.

 

[Max(IT)]

Low level security? Must be jb related?

I suppose it's about firmware and kernel level security.

 

[Wahlstrm]

Bye bye jailbrake?

 

[maflynn]

eewww that logo.

I have to say with the malware that is out there, this can be only a good thing.

I don't like it. Don't like it one bit!
As a stockholder, I'm appalled that Apple is dealing with the Devil
in order to gain "positive" results. This smacks of desperation, but why am I surprised ....
This is "Tim's Apple" all over.

I think you may be in the minority, in that other shareholders are pleased that apple is looking to strengthen the security of its firmware. You of course have options, including selling your share(s) of apple stock. Overall, I think this is a good move by apple.

 

[MarkusL]

I don't like it. Don't like it one bit!
As a stockholder, I'm appalled that Apple is dealing with the Devil
in order to gain "positive" results. This smacks of desperation, but why am I surprised ....
This is "Tim's Apple" all over.



Sure, why not? After all, it was founded by one ....

Oh wow, I didn't know that. Then it could be a sign that the good guys are back and taking over from the bean counters?

 

[iPadCary]

You of course have options, including selling your share(s) of apple stock.

I'm not selling ever. It gives me the right to legitamately complain.

 

[maflynn]

I'm not selling ever. It gives me the right to legitamately complain.

You already have the right to legitimately complain. You don't need to be a shareholder to criticize a company.

 

[Yelmurc]

I hope they not only tighten up security but they need to focus on making security more user friendly. Having to sign in to iCloud 10 times because their systems don't all talk to each other is annoying and not very user friendly.

 

[997440]

I don't like it. Don't like it one bit!
As a stockholder, I'm appalled that Apple is dealing with the Devil
in order to gain "positive" results.

I'm not sure how this is considered "dealing with the Devil". Certain security researchers openly demonstrated a PoC, EFI worm. I've not seen any description of those researchers other than of them being 'white hats' (not even converted 'black hats'). Apple's made a smart move to hire new talent.

....“[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” says Xeno Kovah, one of the researchers who designed the worm. “For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”....

http://www.wired.com/2015/08/researchers-create-first-firmware-worm-attacks-macs/

 

[Keirasplace]

The standard Firmware is vulnerable to attacks but it can still be updated, if the malware installs custom Firmware which blocks updating then that's a whole different story.

For that to happen, it would have to overwrite the bootstrap mechanism for upgrading the firmware, if it does that, the only way to recover in the computer. You could recover with the proper equipment by removing the chip; but I don't think that's what most people would or could do.
[doublepost=1454507160][/doublepost]

For that to happen, it would have to overwrite the bootstrap mechanism for upgrading the firmware, if it does that, the only way to recover in the computer. You could recover with the proper equipment by removing/replacing the chip; but I don't think that's what most people would or could do.

 

[MH01]

This rocks. If there is one thing Apple can do to distance itself from the competition (Google and Microsoft where your the product or your the product and shared with the NSA) its going all in on giving users privacy and security.

Apple will need an extended focus on this (the security / privacy environment will only get worse) so this is a good sign upper management really gets it. Go Apple - this is how you make sure I get a Mac next time I'm replacing a PC.

You are confusing security with privacy . NSA does not need to hack, they ask....these guys will not help with that, you need a good legal team!

 

[jclardy]

"The malware is impossible to remove, resistant to both firmware and software updates"
How can a bug be resistant to firmware updates?

Because it is part of the firmware. It modify's the firmware so that the "new" portion can't be touched by future updates. It isn't a bug, it was a worm that exploited a bug.

 

[vkd]

One eye sign, skull representing death. Check www.vigilantcitizen.com to find out what it is all about.

 

[Thunderhawks]

I hope they not only tighten up security but they need to focus on making security more user friendly. Having to sign in to iCloud 10 times because their systems don't all talk to each other is annoying and not very user friendly.

Are there still people using iCloud?
Maybe Apple should sell it and have it fixed and then buy it back.

 

[JeffyTheQuik]

I think that Apple bought it for the new logo.

 

[lkrupp]

Was Thunderstrike ever observed in the wild. Was there ever an actual, authenticated attack on a Thunderbolt equipped machine? Just asking because this sounds like NSA stuff anyway.

 

[Tech198]

that image looks like a cross between either some kind of magic show, or dealing with the devil...

 

[Chupa Chupa]

Acquihire in its most pure form. I don't think it was done with any specific project in mind, but rather the importance of making all systems as secure as possible. The question I have is will Apple keep them off-campus or find them an office at one Infinity. That might give us a better indication of how Apple intends to use their insight; i.e., part of a design team or as quality control.

 

[tech3475]

I think the only way to truly counter this type of threat would be to have a true rom bootstrap the system then chain load the upgradeable firmware. This could also double as brick protection if they wanted.

Similar to the iphone.

 

[tbrinkma]

You are confusing security with privacy . NSA does not need to hack, they ask....these guys will not help with that, you need a good legal team!

You're making the mistake of thinking that security and privacy are separate. Without security, you can't have privacy. The better the security is, the harder it is for *anybody* to gain access to your information without your consent. (iow: The better the security is, the more privacy you have.)

 

[Carlanga]

Sigh low level...

Man Apple really wants to kill jailbreaks now.

 

[chasemac]

What are the side effects of Legbacore?

 

[jimi78]

You know where firmware security would be *really* critical?

A car.

Just sayin'.

Of course it matters everywhere else too...

Highly and utterly agree. I have been hearing so many things about the state of "smart car" security in the future. What engineer 15-20 years ago would have to even think about OBDII security? Hell anyone w/ a smartphone and OBDII dongle can outsmart their states smog system. I wonder if stuff like will be more difficult w/ future cars.
[doublepost=1454514600][/doublepost]

What are the side effects of Legbacore?

Nausea, sweating, dry mouth, leaking butt and light induced migraines.