Jump to content


Photo
- - - - -

I'm back!


  • Please log in to reply
21 replies to this topic

#1 TheFunk

TheFunk

    SUP3R 31337

  • Binrev Financier
  • 187 posts
  • Country:
  • Gender:Male

Posted 07 September 2011 - 09:47 PM

I'm back!

I've had a very eventful summer, and have just started my freshman year of college. I tested out of all the basic IST courses and am now in a networking course and a hardware course. Anyway, I'd heard something recently from a friend who had taken part in a competition that there are now ways for attackers to gain access to a system through vulnerabilities in a PSUs firmware? This sounded kind've weird to me, but then again, my friend claimed that this was how he had lost the competition. Does anybody know anything about this?

#2 jeremy_

jeremy_

    HACK THE PLANET!

  • Members
  • 62 posts
  • Country:
  • Gender:Male
  • Location:Oklahoma

Posted 07 September 2011 - 10:35 PM

A power supply unit doesn't have firmware. Your friend lost the competition because he was an idiot.
  • nyphonejacks and resistor X like this

#3 SynFinAck

SynFinAck

    Will I break 10 posts?

  • Members
  • 9 posts
  • Country:
  • Gender:Male
  • Location:Ugandanasiatown

Posted 07 September 2011 - 11:50 PM

I know that some external PSU's for power outages involve installing software for monitoring the PSU, could this be the case?

#4 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,075 posts
  • Country:
  • Gender:Male

Posted 08 September 2011 - 08:36 AM

A power supply unit doesn't have firmware. Your friend lost the competition because he was an idiot.


Very nice... :dry:

Actually, at defcon this past year there was a talk on this exact topic. Particularly on Macs, there is a tiny bit of firmware that basically reports the battery power/status to the system. It probably controls those little lights on the back that show a charge also.

It cannot really be used to exploit a system to my knowledge, since it is very limited in its control. It could, in a worst case scenario, cause the battery to overheat by reporting charge inaccurately. I guess in a huge stretch that could lead to a fire, but I don't think you have any chance of rooting a machine using it.

Your friend is not an idiot, he is just a bit misinformed or underinformed.
  • TheFunk likes this

#5 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 08 September 2011 - 12:34 PM

It is also my understanding that the battery firmware can retain an attackers code. This means that it is possible to re-infect an apple computer even after the hard drive has been wiped or even replaced with a brand new hard drive.
  • TheFunk likes this

#6 TheFunk

TheFunk

    SUP3R 31337

  • Binrev Financier
  • 187 posts
  • Country:
  • Gender:Male

Posted 08 September 2011 - 02:06 PM

I read something on Slashdot about that Mac firmware thing a while ago (link), supposedly there was a guy working to find a way to hide malware on the batterys chip. Now that I know about the competition I'll probably be competing in the Spring, so I figured, just in case he wasn't too far off, I'd ask, rather than suffer the same fate.

#7 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 09 September 2011 - 01:10 AM

Yeah, you can actually get a battery to brick the logicboard of any Mac it's connected to. That's a real thing, and it can actually do stuff. Dunno if Apple responded to that or not, but it's only a small selection of batteries that was can be compromised like this.

Edited by serrath, 11 September 2011 - 01:26 AM.


#8 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,121 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 13 September 2011 - 03:26 AM

Yeah, you can actually get a battery to brick the logicboard of any Mac it's connected to. That's a real thing, and it can actually do stuff. Dunno if Apple responded to that or not, but it's only a small selection of batteries that was can be compromised like this.


Could you post a link? I tried google, but couldn't find anything.

OP:
As for the exploit listed, Apple barfed on this one (again). A default password to get "full access mode" to the battery, and it's firmware? Not a good decision on Apple's part. IDK much about the exploit. From what I could find, it's very vague at best. I'm almost sure one would need physical access, to exploit the posted exploitable chip/battery/firmware.

edit: scratch that last comment.... It can be done remotly. BUT, the firmware, from what I've read, resides on the battery. So take the battery out, and run from AC. Problem solved. For that hack anyway.


DAMN, no wonder batteries are so fricken pricey! People putting firmware and shit on them....


edit2: oh.. one cannot easily take the battery out of a MacBook anymore...

Edited by tekio, 13 September 2011 - 03:58 AM.


#9 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 14 September 2011 - 02:03 AM

I'll try to dig up the article, it was something from Packetstorm, saw it in my Twitter feed.

#10 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,121 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 14 September 2011 - 02:27 AM

I'll try to dig up the article, it was something from Packetstorm, saw it in my Twitter feed.

Cool! I was just curious about it.

#11 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 14 September 2011 - 02:51 AM

There's this, and I think I saw a followup.
http://packetstormse...ies-Hacked.html

#12 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,121 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 14 September 2011 - 03:34 AM

There's this, and I think I saw a followup.
http://packetstormse...ies-Hacked.html

That's the same exploit. I thought it said brick the battery, not logic/MoBo?

I'd be willing to bet with the password and the know how, the old firmware could be restored. So i don't even the the battery would technically be bricked.

IDK, I'm sure all the firmware and mini-microprocessor on the battery somehow are meant to extend the batteries life. BUT, for the prices these things are going for it's more logical, keeping it simple, so we could buy a few batteries for the same price. Thus getting more power for our money....

End rant.......


oh... screwing the process up, while playing with the firmware was bricking the batteries. I still couldn't find anything about the logic board..

Edited by tekio, 14 September 2011 - 03:37 AM.


#13 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 14 September 2011 - 09:40 PM

Flashing BIOS means you can brick the notebook. I don't think he implemented that at the time of the article, but I'm sure with some trial and error you could figure that out for about a thousand dollars or so.

EDIT: Looks like I misread, they're having the users flash the BIOS. I guess for more than just a thousand dollars you could trial-and-error your way to exploding batteries, but it's no easy path to brick the logicboard from the looks of it. My bad! I'll have to find that followup and see what was actually done.

EDIT AGAIN: Looks like we'll have to wait 'til December for the Black Hat conference to see if he's got a pyrotechnics show waiting for us or if it's just bricking a battery.

Edited by serrath, 14 September 2011 - 09:51 PM.


#14 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,121 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 14 September 2011 - 10:16 PM

Flashing BIOS means you can brick the notebook. I don't think he implemented that at the time of the article, but I'm sure with some trial and error you could figure that out for about a thousand dollars or so.

EDIT: Looks like I misread, they're having the users flash the BIOS. I guess for more than just a thousand dollars you could trial-and-error your way to exploding batteries, but it's no easy path to brick the logicboard from the looks of it. My bad! I'll have to find that followup and see what was actually done.

EDIT AGAIN: Looks like we'll have to wait 'til December for the Black Hat conference to see if he's got a pyrotechnics show waiting for us or if it's just bricking a battery.

In any case it is a clever hack. I mean if I had never read that and got infected, it'd drive me bonkers trying to figure it out. I'd never have thought firmware in a battery, of all places.

#15 TheFunk

TheFunk

    SUP3R 31337

  • Binrev Financier
  • 187 posts
  • Country:
  • Gender:Male

Posted 15 September 2011 - 02:41 PM

So I saw my friend again (although I hardly consider him a friend now, he sold me a broken flash drive for $20 yesterday) and he said that the computer in question was a desktop and that the PSU did indeed have firmware. He said that the officials informed him that the PSU could be directly shut down, started, or in his case exploited, via a web interface, designed (I'm guessing) to allow a travelling user to shut down his or her computer while on the go, or start it before leaving work for home, who knows? Point being, there's some mystery hardware out there with interesting security holes. Anybody think they might know what this is?

Pic Related
Posted Image

#16 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,121 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 15 September 2011 - 02:58 PM

So I saw my friend again (although I hardly consider him a friend now, he sold me a broken flash drive for $20 yesterday) and he said that the computer in question was a desktop and that the PSU did indeed have firmware. He said that the officials informed him that the PSU could be directly shut down, started, or in his case exploited, via a web interface, designed (I'm guessing) to allow a travelling user to shut down his or her computer while on the go, or start it before leaving work for home, who knows? Point being, there's some mystery hardware out there with interesting security holes. Anybody think they might know what this is?

Pic Related
Posted Image

My new gaming rig has a Biostar MoBo that can be controlled remotely by my iphone! I can see this feature being exploited BIG-TIME in the not so distant future.

I'm not yet sure if it is just Itunes that can be controlled, tho. I've not had time to check it out... But anything "remote" is just begging for trouble, IMO.

Edited by tekio, 15 September 2011 - 02:59 PM.


#17 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 16 September 2011 - 12:15 AM

Just remember to take proper precautions when using remote-control anything.
Posted Image

#18 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 17 September 2011 - 05:44 PM


Yeah, you can actually get a battery to brick the logicboard of any Mac it's connected to. That's a real thing, and it can actually do stuff. Dunno if Apple responded to that or not, but it's only a small selection of batteries that was can be compromised like this.


Could you post a link? I tried google, but couldn't find anything.

OP:
As for the exploit listed, Apple barfed on this one (again). A default password to get "full access mode" to the battery, and it's firmware? Not a good decision on Apple's part. IDK much about the exploit. From what I could find, it's very vague at best. I'm almost sure one would need physical access, to exploit the posted exploitable chip/battery/firmware.

edit: scratch that last comment.... It can be done remotly. BUT, the firmware, from what I've read, resides on the battery. So take the battery out, and run from AC. Problem solved. For that hack anyway.


DAMN, no wonder batteries are so fricken pricey! People putting firmware and shit on them....


edit2: oh.. one cannot easily take the battery out of a MacBook anymore...



Want to know something else retarded?

Mac Batteries cost just as much and often MORE than a car battery.

Fuckin stupid.

#19 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 18 September 2011 - 01:48 AM

Car batteries aren't pretty and don't have RDF.
  • SynFinAck likes this

#20 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,121 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 19 September 2011 - 10:51 AM

Car batteries aren't pretty and don't have RDF.


GAWD! I hope they don't get too fancy with car batteries! They're simple, and work flawlessly when properly maintained. Sooner or later, someone will want to put an IPv6 address, remote access, and firmware on them.




BinRev is hosted by the great people at Lunarpages!