Obviously lots of stuff hitting the press this week with the impending reveal of the Apple iPad 2 (still can’t get over we have an announcement about an annoucement!)…. however one interesting piece of news was about the new Thunderbolt interface on the latest release of the Apple MacBook Pro.
However it did get me thinking as to if this new interface is any more secure than some of the previous issues we’ve seen with bits of copper… as some have recently theorised about whether Thunderbolt will have unrestricted access to the computer and therefore may be a way to hack onto a device.
According to a recent blog post by Robert Graham (the CEO of security consultancy Errata Security), Thunderbolt may give attackers yet another way to exploit a target machine.
“Imagine that you are at a conference,” Graham writes.
“You innocently attach your DisplayPort to a projector to show your presentation on the big screen. Unknown to you, while giving your presentation, the projector is downloading the entire contents of your hard disk.”
Such attacks rarely work on USB ports because they are based on a “master-slave” design. That means the computer has full access to the attached device but the attached device has limited access to the computer. Firewire and now Thunderbolt, by contrast, have full access to a Mac’s entire memory.
Graham offers an anecdote from a recent penetration testing exercise:
A company gave employees laptops that were secured using all the latest technology, such as encrypted boot disks and disabled USB ports. Users weren’t given admin privileges. But the Firewire ports were open.
We connected a device to the Firewire port on a laptop, and broke in with administrator access. Once in, we grabbed the encrypted administrator password (the one the owner of the laptop didn’t know).
We cracked it using L0phtcrack. That password was the same for all notebooks handed out by the company, so we now could log onto anybody’s notebook. Worse — that administrator account was also on their servers, so we could simply log into their domain controllers using that account and take control of the entire enterprise.
Until this theorised technique is proven, it’s to early to say if this will be a legitimate way to hack a Macbook Pro – however for now all we have is a theorised approach, which will surely stur up some discussion and debate prior to someone actually trying it for real.
For further details, view Graham’s web site at: