Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Now-Fixed WiFi Vulnerability Left Apple Devices Open to Attack

Cosmosent said:
Anybody know if it's fixed in Mojave 10.14.6 ?
Click to expand...
I didn't see this particular CVE for anything other than Catalina with Mac OS. I thought at first it was all inclusive with listed security updates for other MacOS versions alongside 10.15.1 released at same time, but the WiFi detail with this CVE only lists Catalina. They only positively found exploit on a Apple MacBook Air Retina 13-inch 2018, but even if that truly ends up being the only Mac I don't think Apple can assume all owners of it updated to Catalina.

Also I am wondering about my Mini2 since it cannot be updated iOS 13 (although I kind of enjoy 12 on it but just would want 12 & device updated for security issues).

The client devices that we positively tested in our lab to be vulnerable to Kr00k include:
• Amazon Echo 2nd gen
• Amazon Kindle 8th gen
• Apple iPad mini 2
• Apple iPhone 6, 6S, 8, XR
• Apple MacBook Air Retina 13-inch 2018
• Google Nexus 5
• Google Nexus 6
• Google Nexus 6S
• Raspberry Pi 3
• Samsung Galaxy S4 GT-I9505
• Samsung Galaxy S8
• Xiaomi Redmi 3S
We estimate that the number of affected devices, prior to patching, was well over a billion as the billion mark is passed by counting only the number of affected iPhone generations we tested .
We have also tested some devices with Wi-Fi chips from other manufacturers, including Qualcomm, Realtek, Ralink, Mediatek and did not see the vulnerability manifest itself . Obviously, we have not tested every possible Wi-Fi chip by every manufacturer, so while we are currently not aware of other affected chips, we also cannot rule this out .
Click to expand...
 
urtules said:
One thing to check is do you have automatic dark mode theme switched on, when in dark mode, inverse colours gives you opposite effect. If you want to use inverse colors you have to be in Light Mode always.
Click to expand...

Thanks. No, I only switched dark mode manually though. It's typically for HTML elements that are inheriting the background color from a parent element. Sometimes it works, sometimes not.
 
Am I misunderstanding something? Obtaining useful data from this "vulnerability" seems like winning the lottery. First, you need to be snooping someone's connection. Then that person needs to move off the network AND send important information as they do that. And, that data needs to be from an app that doesn't encrypt the data. And, you have to get enough data that it's actually useful.

But maybe I'm missing something here?
 
  • Like
Reactions: hans1972
I7guy said:
I have about 8 accounts on mail including a corporate exchange email, which is mission critical as they say, and I have not had issues with mail delivery or response. Nor have other people I know. So it’s a YMMV situation.
Click to expand...

Great, I'm happy to hear that, but you argued that it still “just works”. None of my email accounts update properly (6 in total, one of which is corporate Exchange). There are entire threads on the forums with users who have the same problem.

Arguing essentially that “Takata airbags are a YMMV situation” just because yours hasn’t taken your face off and that they still “just work” is pretty disingenuous.
 
realtuner said:
Don’t need to. Our resident processor designer took your original comment the same as I did - that you’re claiming a supplier could introduce a flaw in an Apple design.

And my comment about your behavior is 100% correct, and I’m not the only person to point his out to you. Go waste someone else’s time, I’m not going to fall for your tricks.
Click to expand...
So you just make bogus claims and fail to back them up. Cool. Your failures of comprehension aren't my responsibility. You'd be better served ignoring my comments altogether.
 
incoherent_1 said:
Great, I'm happy to hear that, but you argued that it still “just works”. None of my email accounts update properly (6 in total, one of which is corporate Exchange). There are entire threads on the forums with users who have the same problem.

Arguing essentially that “Takata airbags are a YMMV situation” just because yours hasn’t taken your face off and that they still “just work” is pretty disingenuous.
Click to expand...
Have you tried yesterday's beta? I'm cautiously optimistic, as it seems, finally, that my email is reliably being fetched, not randomly getting removed from the inbox, mail is appearing at the same time as the notifications, etc. I'm not yet seeing the problems I've seen in every version of 13.
 
incoherent_1 said:
Great, I'm happy to hear that, but you argued that it still “just works”. None of my email accounts update properly (6 in total, one of which is corporate Exchange). There are entire threads on the forums with users who have the same problem.

Arguing essentially that “Takata airbags are a YMMV situation” just because yours hasn’t taken your face off and that they still “just work” is pretty disingenuous.
Click to expand...
Sorry to hear your having issues with mail, however...

If we’re going into Takata airbags as an analogy as “it just works”, we might as well use a similar Note 7 analogy also as well as exploding washing machines.

There’s quite a bit of difference between a minor software bug and a major for sale commercial product failure that can lead Directly to life and/or property loss.

Much of software usage is a YMMV situation and your “issues” with mail are not “my issues” and hence “just works” for me.
 
DanBig said:
OK I can't run Catalina (macOS 10.15) as I still need 32bit apps! So I'm exposed??
Click to expand...

Not really.

The vulnerability can't really be used to get access to your device, only a tiny portion of your network traffic under certain situations.

Lets say someone could listen to all your conversations you had in your house by staying close to your house. Being a multilingual household you would have 50% in English (unencrypted) and 50% in Mandarin (encrypted). The stranger only understands English.

This vulnerability would allow the stranger to listen to the last 1 second of a conversation you had each time you left your house, and they could only interpret it if you spoke English.
 
  • Like
Reactions: fredrik9
This might explain why 13.2 was such a mess. Multitasking and RAM management was the worst it has ever been on 13.2 if I remember correctly. They probably rushed to fix this bug and happened to break RAM management in the process.
 
cmaier said:
Have you tried yesterday's beta? I'm cautiously optimistic, as it seems, finally, that my email is reliably being fetched, not randomly getting removed from the inbox, mail is appearing at the same time as the notifications, etc. I'm not yet seeing the problems I've seen in every version of 13.
Click to expand...

That’s fantastic! I’m not a beta user, but will look forward to the next public release — so glad you’re back in business until then:)
 
Great let me update my iPhone 6 to patch the vulnerability. Oh wait. Okay my Mac mini 2010. Never mind.
 
DanBig said:
The Bloomberg report you are basing your backdoor risk was proved very false reporting. Go read the Enquire or other junk gossip rag for this junk!

There just isn't any way to add a chip which has the ability to collect data from a system that wasn't part of the original design.

Relax! The depth of the needed hardware to do this is quite large even if they could shrink it!

It would standout like a sore thumb!
Click to expand...
cmaier said:
Ah, the old Bloomberg “they hide backdoor chips in all the server motherboards” conspiracy that was completely disproven theory.
[automerge]1582810735[/automerge]

sure. Who are the researchers Broadcom gives its chip netlists to for audits?

oh right. Nobody.

you are conflating hardware with software, apparently because you just hate Apple?
Click to expand...

www.ncsc.gov.uk

Supply chain attack examples

Constantly evolving attacks mean organisations should ensure they also evolve defences
www.ncsc.gov.uk www.ncsc.gov.uk
Well, it sounds like UK government is creating false alarm as well regarding the type of attack described in that WIRED/Bloomberg article.

Also, Man-in-the-middle attack is nothing new, and it is totally possible for Chinese government to alter production design and add extra backdoor chips during production and intercept signals transmitted between two chips before the board is being manufactured. We all know that Apple removes VPN app in Chinese App Store and remove controversial apps in Hong Kong store.

As for the chip size, you guys enjoy the unparalleled performance of A12/A13 chips right? Or A9/A10. That means we have the technology and tools to integrate a huge number of transistors into such a small CPU. So, a malicious chip performing comparatively limited and targeted tasks wont need billions of transistors to fulfil its purpose. In turn, chip size can be extremely small, so small that even on Apple iPhone’s motherboard, there could still be spaces to install one.

www.candorind.com

PCB Manufacturing Process

If you were to take apart multiple electronic devices, you would find a printed circuit board (PCB), a small green board that has markings on it that resemble a maze. What is a PCB?
www.candorind.com www.candorind.com

This article gives a brief overview of how a PCB is manufactured. Feel free to check it out.
 
cmaier said:
Ah, the old Bloomberg “they hide backdoor chips in all the server motherboards” conspiracy that was completely disproven theory.
[automerge]1582810593[/automerge]

No no no.
Apple licenses SOFT IP, not HARD IP for use in their chips. This is essentially like getting the source code for the graphics core. They can see everything it does, and they can modify it as they want. It’s not a mysterious black box.

and you don’t know what a flip-chip is. Because all a flip-chip is is a chip where all the contacts are on one side (the top), and it is turned upside down and soldered to package contacts. This is as opposed to a conventional design where bond wires are used.

you are making up risks.
[automerge]1582810735[/automerge]


sure. Who are the researchers Broadcom gives its chip netlists to for audits?

oh right. Nobody.

you are conflating hardware with software, apparently because you just hate Apple?
Click to expand...

You'll need to checkout iFixit A series teardowns. Apple has used direct lithographic logic within their chips made by others as well as sub elements. There is no such thing as soft IP within chips it's all lithographic based logic (using your terms hard IP).
 
DanBig said:
You'll need to checkout iFixit A series teardowns. Apple has used direct lithographic logic within their chips made by others as well as sub elements. There is no such thing as soft IP within chips it's all lithographic based logic (using your terms hard IP).
Click to expand...

The terms "soft IP" and "hard IP" do not refer to whether lithography is used. Lithography is *always* used. That's how you make chips. It's always lithography.

With soft IP, the IP is in the form of a netlist or RTL, that is human readable and can be fairly easily modified (sort of like computer source code).

With hard IP the IP is in the form of masks, that designate billions of polygons on different metal layers (and poly). This is not "human readable" in any real sense.

My point is that what we give the fab is the masks (hard IP). If they want to figure out what the logic does in order to change that, it's essentially impossible.
 
cmaier said:
The terms "soft IP" and "hard IP" do not refer to whether lithography is used. Lithography is *always* used. That's how you make chips. It's always lithography.

With soft IP, the IP is in the form of a netlist or RTL, that is human readable and can be fairly easily modified (sort of like computer source code).

With hard IP the IP is in the form of masks, that designate billions of polygons on different metal layers (and poly). This is not "human readable" in any real sense.

My point is that what we give the fab is the masks (hard IP). If they want to figure out what the logic does in order to change that, it's essentially impossible.
Click to expand...

I don't think Toshiba is offering the soft IP to Apple for their SSD's or RAM. And the license for older graphics logic Apple licensed from Imagination Technologies was hard IP. If hadn't been the issue of stealing Imagination Technologies IP would have been big news. Anyone with anything novel tech was would be very foolish to expose the secret sauce to Apple or any other large company.
 
DanBig said:
I don't think Toshiba is offering the soft IP to Apple for their SSD's or RAM. And the license for older graphics logic Apple licensed from Imagination Technologies was hard IP. If hadn't been the issue of stealing Imagination Technologies IP would have been big news. Anyone with anything novel tech was would be very foolish to expose the secret sauce to Apple or any other large company.
Click to expand...

SSDs and RAM have no way to exfiltrate data, and are built in arrays so it's easy to tell if anything's amiss just by looking at them. They can also easily be tested to make sure they are doing only what they are supposed to, because their functionality is so simple. They are also not built into the SoC, so we are way off-topic here.

Anything that is on the SoC, apple has the netlist and RTL for - they would need it in order to do design verification and logical verification.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back