Now-Fixed WiFi Vulnerability Left Apple Devices Open to Attack

[cmaier]

They are as secure as anything else. But Apple designs some of their chips, they don't make them. Contractors do. So the vulnerabilities can still be introduced into the supply chain through the same vector; chip providers... just like the vulnerabilities can be introduced by Apple themselves... or the chip makers suppliers... or...

Most of this stuff is scarier in theory than in practice.

It would be very unlikely for a vulnerability that does not exist in the design to exist in the manufactured silicon. When we design chips, and have them made, we test them extremely thoroughly to make sure they behave identically to the RTL and simulated netlist.

And since the manufacturer does not have a simulate-able netlist, it would be very difficult to introduce intentional flaws while still maintaining full functionality so as to fool this testing.

 

[69Mustang]

Ridiculous. So you think a fab could successfully modify an Apple chip design (with dozens of Apple engineers actually working at the fab making sure their designs are implemented correctly) without Apple knowing?

Or did you think Apple just faxes over the designs and says “here you go...make this for us”.

Sweet jeebus dude. Calm down. My comment has nothing to do with modifying Apple's design. Not even sure how that formed in your head. The design from Apple could be flawed, the chip could be flawed, a component part of the chip could contain a flaw. Just like these wifi chips are a component of Apple products and they contain... dunh-dunh-duuuunh... a flaw.
[automerge]1582757972[/automerge]

It would be very unlikely for a vulnerability that does not exist in the design to exist in the manufactured silicon. When we design chips, and have them made, we test them extremely thoroughly to make sure they behave identically to the RTL and simulated netlist.

And since the manufacturer does not have a simulate-able netlist, it would be very difficult to introduce intentional flaws while still maintaining full functionality so as to fool this testing.

You're starting with the presumption that the design could not be flawed. Why? As I said, the flaw could be introduced in the design. Also flaws in manufacturing don't have to be intentional to introduce vulnerabilities. I'm pretty sure this wifi flaw wasn't intentional.

 

[realtuner]

Sweet jeebus dude. Calm down. My comment has nothing to do with modifying Apple's design. Not even sure how that formed in your head. The design from Apple could be flawed, the chip could be flawed, a component part of the chip could contain a flaw. Just like these wifi chips are a component of Apple products and they contain... dunh-dunh-duuuunh... a flaw.

Now you're backpedaling. Your original post said...

the vulnerabilities can be introduced by Apple themselves... or the chip makers suppliers... or...

Seems pretty clear to me what you meant. Please explain how a vulnerability could be introduced by the suppliers.

 

[swamprock]

I guess that explains the firmware update for the now-discontinued Airport Extreme line a few months ago.

 

[69Mustang]

Now you're backpedaling. Your original post said...


Seems pretty clear to me what you meant. Please explain how a vulnerability could be introduced by the suppliers.

Bud, the only thing clear here is you didn't read my quote correctly and overreacted to your own misinterpretation. There's no backpedaling at all. Had you actually read my response to you, the answer you're looking for is right there. Right where I said: "...a component part of the chip could contain a flaw." Nothing I wrote implies modifying Apple's design.

 

[xplora]

Anybody know if it's fixed in Mojave 10.14.6 ?

Apple haven't fixed it, I can find only one reference to CVE-2019-15126 for any macOS updates, and it pertains to 10.15.1, so per https://nvd.nist.gov/vuln/detail/CVE-2019-15126/cpes?expandCpeRanges=true, 10.14.6 is still vulnerable.

That said, the nature of the vulnerability is such that unless you work for places like NSA or CIA, it really isn't worth worrying about.

 

[MauiPa]

but we were assured that iOS devices were secure...

oh snark! Seems like "Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to KrØØk".
[automerge]1582762185[/automerge]

No we were assured that “what happens on the iPhone stays in the iPhone” and “it just works”.

somebody forgot to tell Broadcom and Cypress and "Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to KrØØk. This totaled to over a billion Wi-Fi-capable devices and access points," its terrible that Samsung and google didn't fix this!

 

[realtuner]

Bud, the only thing clear here is you didn't read my quote correctly and overreacted to your own misinterpretation. There's no backpedaling at all. Had you actually read my response to you, the answer you're looking for is right there. Right where I said: "...a component part of the chip could contain a flaw." Nothing I wrote implies modifying Apple's design.

You’re up to your usual tricks again. Goes like this:

• Say something that you know is wrong that most people with an understanding of English would interpret a certain way.
• Make sure your language is just vague enough so it’s open to interpretation.
• When called out on your post, clarify what you said and claim anyone who thought otherwise is wrong.
• Further expand and claim those people are upset, overreacting or have some other issue and they should calm down.

This way you can make all sorts of outrageous false claims but never take responsibility for them.

This has been pointed out to you several times on previous occasions yet you continue with the same behavior. I find this baffling.

 

[mac_in_tosh]

Things like this are inevitable with ever more complex devices running ever more complex software that is updated frequently without it being possible to thoroughly test all possible use scenarios.

 

[69Mustang]

You’re up to your usual tricks again. Goes like this:

• Say something that you know is wrong that most people with an understanding of English would interpret a certain way.
• Make sure your language is just vague enough so it’s open to interpretation.
• When called out on your post, clarify what you said and claim anyone who thought otherwise is wrong.
• Further expand and claim those people are upset, overreacting or have some other issue and they should calm down.

This way you can make all sorts of outrageous false claims but never take responsibility for them.

This has been pointed out to you several times on previous occasions yet you continue with the same behavior. I find this baffling.

Then it should be pretty easy for you to point out the contradiction in my quotes. Please do so.

 

[fairuz]

When you read about billions of devices being vulnerable it's hard to ever feel that our data or communications are safe (and lots of different brands/models are affected by this bug, not just Apple).

They're still pretty safe. Traffic that should be kept safe is normally encrypted at the application layer, e.g. via SSL. Wifi security is an extra layer of defense. Good to have but not a huge deal if it's breached from time to time, and it is. Btw, if you connect via wired ethernet, which is about at the same layer as wifi, there's no encryption.

Some stuff leaves traffic unencrypted anyway. IMO it's better to have these rare vulnerabilities as to not give those applications a false sense of security.

 

[swm]

as TLS is always there if you communicate over https (virtually all websites, apps use this) this doesn’t matter. and this was only a receive only attack upon disassoc, only valid for packets that were in the xmit buffer. hell, TLS is also saving your privacy if you are using an open wifi hotspot.
you shall never ever assume that the network is secure. transport layer cripto is the answer.

 

[Marcian]

US tech.

 

[Shirasaki]

They are as secure as anything else. This problem was caused by the chip providers (who provide the same chips to everyone else).

This is why Apple needs to continue along the path of making as many of the chips it uses itself.

And refuse third parties to provide credible audit and hide security vulnerabilities even harder than ever.

Sorry but given Apple’s good track record of keeping everything behind the closed door, all I can assume is once the “secured device” is designed and manufactured by Apple, it will remain vulnerable for the rest of its life. Marketing always work like miracles after all.
[automerge]1582790566[/automerge]

Ridiculous. So you think a fab could successfully modify an Apple chip design (with dozens of Apple engineers actually working at the fab making sure their designs are implemented correctly) without Apple knowing?

Or did you think Apple just faxes over the designs and says “here you go...make this for us”.

They may not be able to modify Apple chip design without Apple knowing. But it is ridiculously easy to implant backdoor chip on every motherboard during manufacturing process, rendering the device much more vulnerable than customers might think.

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

A new proof-of-concept hardware implant shows how easy it may be to hide malicious chips inside IT equipment.

www.wired.com

 

[urtules]

Sometimes it inverts white backgrounds to black, other times not (same web site, same Safari, just seemingly random times).

One thing to check is do you have automatic dark mode theme switched on, when in dark mode, inverse colours gives you opposite effect. If you want to use inverse colors you have to be in Light Mode always.

 

[gnasher729]

but we were assured that iOS devices were secure...

They are secure. There is one _layer_ of security that was removed: Traffic between your device and your router was openly visible. HOWEVER most of the time that traffic is encrypted itself. So a hacker close to your phone could find that you were using https encrypted messages to talk to your bank, which they couldn't find out before. They still couldn't find what was _in_ these messages. And if you are using VPN, then they could find out that you were using messages that look like they are encrypted using VPN. They still couldn't hack into the VPN and recover your real messages.

 

[GeoStructural]

This is why Apple needs to continue along the path of making as many of the chips it uses itself.

And you think that will make it more secure. Hahaha.
[automerge]1582806734[/automerge]

But Apple designs some of their chips, they don't make them. Contractors do. So the vulnerabilities can still be introduced into the supply chain through the same vector;

🤦‍♂️ I wish I had blind followers as well. You know that right now jailbreak on millions of iPhones can be achieved either by hardware exploit of the Apple-designed chip or by software exploit of the 100% designed-and-built-by-Apple OS?

New “unpatchable” iPhone exploit could allow permanent jailbreaking on hundreds of millions of devices

All devices from the iPhone 4S to the iPhone X are impacted.

www.theverge.com

Unfixable Exploit Is the Latest Apple Security Upheaval

Any iPhone device from 2011 to 2017 could soon be jailbroken, thanks to an underlying flaw that there's no way to patch.

www.wired.com

 

[DanBig]

OK I can't run Catalina (macOS 10.15) as I still need 32bit apps! So I'm exposed??

Come on Apple take care of your customer base!! Support all of your supported macOS releases!!

Now you're backpedaling. Your original post said...


Seems pretty clear to me what you meant. Please explain how a vulnerability could be introduced by the suppliers.

We forget some of the A series chip designs have used Intellectual Property (IP) from other vendors.

Apple buys the rights to take another parties chip logic and place it within the same silicon die as their logic. Early graphics was supplied by someone else.

Another method is when a carrier is used in a flip-chip design so the raw chip is held with other chips within the same carrier. This is how RAM was installed within the A series APU design.

So while this is not an issue here with this risk. Apple is not immune from the risk if the IP or supplied chip is compromised. Apples on site engineers won't have a clue in the assembly of the APU.

 

[LizKat]

When you read about billions of devices being vulnerable it's hard to ever feel that our data or communications are safe (and lots of different brands/models are affected by this bug, not just Apple).

Yeah but the last time I used a sandal-clad courier with a memorized message to inform a fabric vendor in California that I wanted 2.5 yards of that double gauze print in turquoise and forest green, it took 27 months for him to get back here and advise me there was only .5 yards left on the bolt and did I mind it was wrinkled.

I'm old enough to realize that security is a state of mind, aka everlasting contest between locksmiths and lock pickers. I'll take an iPhone because it MOSTLY "just works", thank you. And it CERTAINLY works better than that sandal-clad courier.

 

[DanBig]

And refuse third parties to provide credible audit and hide security vulnerabilities even harder than ever.

Sorry but given Apple’s good track record of keeping everything behind the closed door, all I can assume is once the “secured device” is designed and manufactured by Apple, it will remain vulnerable for the rest of its life. Marketing always work like miracles after all.
[automerge]1582790566[/automerge]

They may not be able to modify Apple chip design without Apple knowing. But it is ridiculously easy to implant backdoor chip on every motherboard during manufacturing process, rendering the device much more vulnerable than customers might think.

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

A new proof-of-concept hardware implant shows how easy it may be to hide malicious chips inside IT equipment.

www.wired.com

The Bloomberg report you are basing your backdoor risk was proved very false reporting. Go read the Enquire or other junk gossip rag for this junk!

There just isn't any way to add a chip which has the ability to collect data from a system that wasn't part of the original design.

Relax! The depth of the needed hardware to do this is quite large even if they could shrink it!

It would standout like a sore thumb!

 

[cmaier]

And refuse third parties to provide credible audit and hide security vulnerabilities even harder than ever.

Sorry but given Apple’s good track record of keeping everything behind the closed door, all I can assume is once the “secured device” is designed and manufactured by Apple, it will remain vulnerable for the rest of its life. Marketing always work like miracles after all.
[automerge]1582790566[/automerge]

They may not be able to modify Apple chip design without Apple knowing. But it is ridiculously easy to implant backdoor chip on every motherboard during manufacturing process, rendering the device much more vulnerable than customers might think.

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

A new proof-of-concept hardware implant shows how easy it may be to hide malicious chips inside IT equipment.

www.wired.com

Ah, the old Bloomberg “they hide backdoor chips in all the server motherboards” conspiracy that was completely disproven theory.
[automerge]1582810593[/automerge]

We forget some of the A series chip designs have used Intellectual Property (IP) from other vendors.

Apple buys the rights to take another parties chip logic and place it within the same silicon die as their logic. Early graphics was supplied by someone else.

Another method is when a carrier is used in a flip-chip design so the raw chip is held with other chips within the same carrier. This is how RAM was installed within the A series APU design.

So while this is not an issue here with this risk. Apple is not immune from the risk if the IP or supplied chip is compromised. Apples on site engineers won't have a clue in the assembly of the APU.

No no no.
Apple licenses SOFT IP, not HARD IP for use in their chips. This is essentially like getting the source code for the graphics core. They can see everything it does, and they can modify it as they want. It’s not a mysterious black box.

and you don’t know what a flip-chip is. Because all a flip-chip is is a chip where all the contacts are on one side (the top), and it is turned upside down and soldered to package contacts. This is as opposed to a conventional design where bond wires are used.

you are making up risks.
[automerge]1582810735[/automerge]

And refuse third parties to provide credible audit and hide security vulnerabilities even harder than ever.

Sorry but given Apple’s good track record of keeping everything behind the closed door, all I can assume is once the “secured device” is designed and manufactured by Apple, it will remain vulnerable for the rest of its life. Marketing always work like miracles after all.
[automerge]1582790566[/automerge]

They may not be able to modify Apple chip design without Apple knowing. But it is ridiculously easy to implant backdoor chip on every motherboard during manufacturing process, rendering the device much more vulnerable than customers might think.

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

A new proof-of-concept hardware implant shows how easy it may be to hide malicious chips inside IT equipment.

www.wired.com

sure. Who are the researchers Broadcom gives its chip netlists to for audits?

oh right. Nobody.

you are conflating hardware with software, apparently because you just hate Apple?

 

[incoherent_1]

The first is a red-herring. A contractor working for Apple is subject to the same non-disclosure as an employee. While there are some who know the exact terms, most contractors have to treat their work as confidential.

The second is a YMMV and doesn’t really invalidate it just works. Mail “just works” for me.

Totally agree with you on your first point — no idea why someone breaking their NDA is considered Apple’s fault.

I have to call complete rubbish on your second point though. Mail is a mission-critical tool and it’s downright ridiculous that Apple hasn’t fixed this for everyone yet. If it doesn’t work for a large chunk of users, then no, it doesn’t “just work.” That’s like saying Google hasn’t broken its “Don’t be evil” rule just because they violated the privacy of millions but not yours. Rubbish.

 

[Schizoid]

Anybody know if it's fixed in Mojave 10.14.6 ?

if you have any of these... patch them:
• Apple iPad mini 2
• Apple iPhone 6, 6S, 8, XR
• Apple MacBook Air Retina 13-inch 2018

 

[I7guy]

...
I have to call complete rubbish on your second point though. Mail is a mission-critical tool and it’s downright ridiculous that Apple hasn’t fixed this for everyone yet. If it doesn’t work for a large chunk of users, then no, it doesn’t “just work.” That’s like saying Google hasn’t broken its “Don’t be evil” rule just because they violated the privacy of millions but not yours. Rubbish.

I have about 8 accounts on mail including a corporate exchange email, which is mission critical as they say, and I have not had issues with mail delivery or response. Nor have other people I know. So it’s a YMMV situation.

 

[realtuner]

Then it should be pretty easy for you to point out the contradiction in my quotes. Please do so.

Don’t need to. Our resident processor designer took your original comment the same as I did - that you’re claiming a supplier could introduce a flaw in an Apple design.

And my comment about your behavior is 100% correct, and I’m not the only person to point his out to you. Go waste someone else’s time, I’m not going to fall for your tricks.