www.philiphall.com

Obviously lots of stuff hitting the press this week with the impending reveal of the Apple iPad 2 (still can’t get over we have an announcement about an annoucement!)…. however one interesting piece of news was about the new Thunderbolt interface on the latest release of the Apple MacBook Pro.

I for one am a huge fan of Apple Macbook Pros and was very keen to hear about the latest interface that promises 10Gbit/s speeds… Wow!

However it did get me thinking as to if this new interface is any more secure than some of the previous issues we’ve seen with bits of copper… as some have recently theorised about whether  Thunderbolt will have unrestricted access to the computer and therefore may be a way to hack onto a device.

This method was previously presented by Metl at Rux a few years ago along with Nick Breese (who now works at securusglobal.com)

According to a recent blog post by Robert Graham (the CEO of security consultancy Errata Security), Thunderbolt may give attackers yet another way to exploit a target machine.
“Imagine that you are at a conference,” Graham writes. 

“You innocently attach your DisplayPort to a projector to show your presentation on the big screen. Unknown to you, while giving your presentation, the projector is downloading the entire contents of your hard disk.”

Such attacks rarely work on USB ports because they are based on a “master-slave” design. That means the computer has full access to the attached device but the attached device has limited access to the computer. Firewire and now Thunderbolt, by contrast, have full access to a Mac’s entire memory.

Graham offers an anecdote from a recent penetration testing exercise:

A company gave employees laptops that were secured using all the latest technology, such as encrypted boot disks and disabled USB ports. Users weren’t given admin privileges. But the Firewire ports were open.

We connected a device to the Firewire port on a laptop, and broke in with administrator access. Once in, we grabbed the encrypted administrator password (the one the owner of the laptop didn’t know).

We cracked it using L0phtcrack. That password was the same for all notebooks handed out by the company, so we now could log onto anybody’s notebook. Worse — that administrator account was also on their servers, so we could simply log into their domain controllers using that account and take control of the entire enterprise.

Until this theorised technique is proven, it’s to early to say if this will be a legitimate way to hack a Macbook Pro – however for now all we have is a theorised approach, which will surely stur up some discussion and debate prior to someone actually trying it for real.

For further details, view Graham’s web site at:

http://erratasec.blogspot.com/2011/02/thunderbolt-introducing-new-way-to-hack.html

Share/Bookmark

From a cyber-security perspective it’s been quite an interesting time of late – as I’ve noticed a definite proliferation of “penny dropping moments” when colleagues or peers in IT and the business read up on recent events in the news – and then realise the potential threats and capabilities of cyber-security, cyber-warfare and cyber espionage.

In today’s modern world, many of us still don’t fully comprehend how much our every day lives are dependent on critical infrastructure, and the computers systems that run them.

Whilst you’re reading this article – just think of the various computer systems supporting all of the activities you may have completed so far today… not just the communications and power networks used to view this site, but from a critical infrastructure perspective, there’s our power grid, water supply systems, communications networks, financial & banking systems, the list goes on and on…. all of which are potential targets from a cyber-warfare perspective.

Additionally, we’ve recently witnessed some key cyber events over the past couple of months – which are certainly starting to re-ignite people’s views, opinions and fears relating to cyber warfare, and the potential impact it may bring.    If you need a quick recap on recent events, have a look at some of the news releases over the past week or so – all relating to cyberspace:

There’s been some commentary from the UK’s Foreign Secretary William Hague outlining cyber attack events on the UK government, events whereby government computers were infected with malware. No mention of the Chinese government being involved – but most rumours point in their direction.   

Other key stories include updates about Stuxnet – which is a destructive new piece of malware allegedly developed by the US and Israel Governments in order to delay and disrupt Iran’s nuclear capability development.  Some reports say that Stuxnet has already managed to wipe out roughly a fifth of Iran’s nuclear centrifuges – which are used for enrichment processes, and thus severely impacting their nuclear development program. Big stuff!

There have been numerous Denial Of Service attacks against a number of targets hitting the news – since DOS attacks are hard to trace back directly to the controlling source, distributed DOS attacks have allegedly become a common form of attack, with Russia, China, North Korea, the U.S. and virtually every other country having launched low-level DDOS assaults.

Lastly, with the recent happenings in Egypt – we’ve seen the ability for the government to simply “turn-off”internet connectivity… which has never ever happened before in the history of the internet…. but what if this capability was undertaken by the bad guys instead?

Rules Of Engagement

The BBC recently put together a video covering some of these events, entitled “Calls for rules of engagement” which I’d highly recommend watching:

Hype or Renewed Interest?

I think that all the recent hype around cloud computing and its potential has somewhat fuelled this renewed interest. There’s also a mind shift relating to the impending changes to how businesses will operate and rely on cyberspace for a variety of internet or ‘cloud’ services… this surely must have made people think out of the square?

My personal opinion is that there’s nothing that ground breaking or new from a cyber-warfare or cyber-espionage perspective – as a lot of these concerns have been around for a few years  now, but the thing that has changed is people’s perception and conscious understanding of where this is taking us.  I think it would be fair to say that a number of people share this view. For further background, have a look at a recent video by Ed Amoroso (CISO for AT&T):

httpv://www.youtube.com/watch?v=IZAJcXf1zQ4

Lastly, it’s certainly good to hear governments talking of critical infrastructure protection programs, and plans to address and become ready for cyber warfare…. Will definitely be an interesting space to work in over the next few years – but let’s just hope we have sufficient skilled people to help protect our critical infrastructure, and related plans to strengthen our capability in this space.

Any Comments, Thoughts, Views or Concerns?

Keen to hear your thoughts, views or any concerns relating to this topic, so please feel free to add your comments or feedback.  Will also be interesting to see what gets discussed in relation to this at the upcoming RSA conference in San Francisco.

Will be sure to update this site with further news.

Share/Bookmark