Sign in to follow this  
Followers 0
TheFunk

I'm back!

22 posts in this topic

I'm back!

I've had a very eventful summer, and have just started my freshman year of college. I tested out of all the basic IST courses and am now in a networking course and a hardware course. Anyway, I'd heard something recently from a friend who had taken part in a competition that there are now ways for attackers to gain access to a system through vulnerabilities in a PSUs firmware? This sounded kind've weird to me, but then again, my friend claimed that this was how he had lost the competition. Does anybody know anything about this?

Share this post


Link to post
Share on other sites
A power supply unit doesn't have firmware. Your friend lost the competition because he was an idiot.
2 people like this

Share this post


Link to post
Share on other sites
I know that some external PSU's for power outages involve installing software for monitoring the PSU, could this be the case?

Share this post


Link to post
Share on other sites
[quote name='jeremy_' timestamp='1315452958' post='359213']
A power supply unit doesn't have firmware. Your friend lost the competition because he was an idiot.
[/quote]

Very nice... :dry:

Actually, at defcon this past year there was a talk on this exact topic. Particularly on Macs, there is a tiny bit of firmware that basically reports the battery power/status to the system. It probably controls those little lights on the back that show a charge also.

It cannot really be used to exploit a system to my knowledge, since it is very limited in its control. It could, in a worst case scenario, cause the battery to overheat by reporting charge inaccurately. I guess in a huge stretch that could lead to a fire, but I don't think you have any chance of rooting a machine using it.

Your friend is not an idiot, he is just a bit misinformed or underinformed.
1 person likes this

Share this post


Link to post
Share on other sites
It is also my understanding that the battery firmware can retain an attackers code. This means that it is possible to re-infect an apple computer even after the hard drive has been wiped or even replaced with a brand new hard drive.
1 person likes this

Share this post


Link to post
Share on other sites
I read something on Slashdot about that Mac firmware thing a while ago ([url="http://hardware.slashdot.org/story/11/07/22/2021230/Apple-Laptops-Vulnerable-To-Battery-Firmware-Hack"]link[/url]), supposedly there was a guy working to find a way to hide malware on the batterys chip. Now that I know about the competition I'll probably be competing in the Spring, so I figured, just in case he wasn't too far off, I'd ask, rather than suffer the same fate.

Share this post


Link to post
Share on other sites
Yeah, you can actually get a battery to brick the logicboard of any Mac it's connected to. That's a real thing, and it can actually do stuff. Dunno if Apple responded to that or not, but it's only a small selection of batteries that [s]was[/s] can be compromised like this. Edited by serrath

Share this post


Link to post
Share on other sites
[quote name='serrath' timestamp='1315548637' post='359220']
Yeah, you can actually get a battery to brick the logicboard of any Mac it's connected to. That's a real thing, and it can actually do stuff. Dunno if Apple responded to that or not, but it's only a small selection of batteries that [s]was[/s] can be compromised like this.
[/quote]

Could you post a link? I tried google, but couldn't find anything.

OP:
As for the exploit listed, Apple barfed on this one (again). A default password to get "full access mode" to the battery, and it's firmware? Not a good decision on Apple's part. IDK much about the exploit. From what I could find, it's very vague at best. I'm almost sure one would need physical access, to exploit the posted exploitable chip/battery/firmware.

edit: scratch that last comment.... It can be done remotly. BUT, the firmware, from what I've read, resides on the battery. So take the battery out, and run from AC. Problem solved. For that hack anyway.


DAMN, no wonder batteries are so fricken pricey! People putting firmware and shit on them....


edit2: oh.. one cannot easily take the battery out of a MacBook anymore... Edited by tekio

Share this post


Link to post
Share on other sites
I'll try to dig up the article, it was something from Packetstorm, saw it in my Twitter feed.

Share this post


Link to post
Share on other sites
[quote name='serrath' timestamp='1315983781' post='359239']
I'll try to dig up the article, it was something from Packetstorm, saw it in my Twitter feed.
[/quote]
Cool! I was just curious about it.

Share this post


Link to post
Share on other sites
There's this, and I think I saw a followup.
http://packetstormsecurity.org/news/view/19556/Apple-Macbook-Batteries-Hacked.html

Share this post


Link to post
Share on other sites
[quote name='serrath' timestamp='1315986697' post='359241']
There's this, and I think I saw a followup.
http://packetstormsecurity.org/news/view/19556/Apple-Macbook-Batteries-Hacked.html
[/quote]
That's the same exploit. I thought it said brick the battery, not logic/MoBo?

I'd be willing to bet with the password and the know how, the old firmware could be restored. So i don't even the the battery would technically be bricked.

IDK, I'm sure all the firmware and mini-microprocessor on the battery somehow are meant to extend the batteries life. BUT, for the prices these things are going for it's more logical, keeping it simple, so we could buy a few batteries for the same price. Thus getting more power for our money....

End rant.......


oh... screwing the process up, while playing with the firmware was bricking the batteries. I still couldn't find anything about the logic board.. Edited by tekio

Share this post


Link to post
Share on other sites
Flashing BIOS means you can brick the notebook. I don't think he implemented that at the time of the article, but I'm sure with some trial and error you could figure that out for about a thousand dollars or so.

EDIT: Looks like I misread, they're having the users flash the BIOS. I guess for more than just a thousand dollars you could trial-and-error your way to exploding batteries, but it's no easy path to brick the logicboard from the looks of it. My bad! I'll have to find that followup and see what was actually done.

EDIT AGAIN: Looks like we'll have to wait 'til December for the Black Hat conference to see if he's got a pyrotechnics show waiting for us or if it's just bricking a battery. Edited by serrath

Share this post


Link to post
Share on other sites
[quote name='serrath' timestamp='1316054444' post='359247']
Flashing BIOS means you can brick the notebook. I don't think he implemented that at the time of the article, but I'm sure with some trial and error you could figure that out for about a thousand dollars or so.

EDIT: Looks like I misread, they're having the users flash the BIOS. I guess for more than just a thousand dollars you could trial-and-error your way to exploding batteries, but it's no easy path to brick the logicboard from the looks of it. My bad! I'll have to find that followup and see what was actually done.

EDIT AGAIN: Looks like we'll have to wait 'til December for the Black Hat conference to see if he's got a pyrotechnics show waiting for us or if it's just bricking a battery.
[/quote]
In any case it is a clever hack. I mean if I had never read that and got infected, it'd drive me bonkers trying to figure it out. I'd never have thought firmware in a battery, of all places.

Share this post


Link to post
Share on other sites
So I saw my friend again (although I hardly consider him a friend now, he sold me a broken flash drive for $20 yesterday) and he said that the computer in question was a desktop and that the PSU did indeed have firmware. He said that the officials informed him that the PSU could be directly shut down, started, or in his case exploited, via a web interface, designed (I'm guessing) to allow a travelling user to shut down his or her computer while on the go, or start it before leaving work for home, who knows? Point being, there's some mystery hardware out there with interesting security holes. Anybody think they might know what this is?

Pic Related
[img]http://techreport.com/r.x/psus-0907/money.jpg[/img]

Share this post


Link to post
Share on other sites
[quote name='TheFunk' timestamp='1316115682' post='359251']
So I saw my friend again (although I hardly consider him a friend now, he sold me a broken flash drive for $20 yesterday) and he said that the computer in question was a desktop and that the PSU did indeed have firmware. He said that the officials informed him that the PSU could be directly shut down, started, or in his case exploited, via a web interface, designed (I'm guessing) to allow a travelling user to shut down his or her computer while on the go, or start it before leaving work for home, who knows? Point being, there's some mystery hardware out there with interesting security holes. Anybody think they might know what this is?

Pic Related
[img]http://techreport.com/r.x/psus-0907/money.jpg[/img]
[/quote]
My new gaming rig has a Biostar MoBo that can be controlled remotely by my iphone! I can see this feature being exploited BIG-TIME in the not so distant future.

I'm not yet sure if it is just Itunes that can be controlled, tho. I've not had time to check it out... But anything "remote" is just begging for trouble, IMO. Edited by tekio

Share this post


Link to post
Share on other sites
Just remember to take proper precautions when using remote-control anything.
[img]http://wwwdelivery.superstock.com/WI/223/4184/PreviewComp/SuperStock_4184R-4602.jpg[/img]

Share this post


Link to post
Share on other sites
[quote name='tekio' timestamp='1315902389' post='359237']
[quote name='serrath' timestamp='1315548637' post='359220']
Yeah, you can actually get a battery to brick the logicboard of any Mac it's connected to. That's a real thing, and it can actually do stuff. Dunno if Apple responded to that or not, but it's only a small selection of batteries that [s]was[/s] can be compromised like this.
[/quote]

Could you post a link? I tried google, but couldn't find anything.

OP:
As for the exploit listed, Apple barfed on this one (again). A default password to get "full access mode" to the battery, and it's firmware? Not a good decision on Apple's part. IDK much about the exploit. From what I could find, it's very vague at best. I'm almost sure one would need physical access, to exploit the posted exploitable chip/battery/firmware.

edit: scratch that last comment.... It can be done remotly. BUT, the firmware, from what I've read, resides on the battery. So take the battery out, and run from AC. Problem solved. For that hack anyway.


DAMN, no wonder batteries are so fricken pricey! People putting firmware and shit on them....


edit2: oh.. one cannot easily take the battery out of a MacBook anymore...
[/quote]


Want to know something else retarded?

Mac Batteries cost just as much and often MORE than a car battery.

Fuckin stupid.

Share this post


Link to post
Share on other sites
[quote name='serrath' timestamp='1316328489' post='359273']
Car batteries aren't pretty and don't have RDF.
[/quote]

GAWD! I hope they don't get too fancy with car batteries! They're simple, and work flawlessly when properly maintained. Sooner or later, someone will want to put an IPv6 address, remote access, and firmware on them.

Share this post


Link to post
Share on other sites
[quote name='tekio' timestamp='1316447510' post='359277']
[quote name='serrath' timestamp='1316328489' post='359273']
Car batteries aren't pretty and don't have RDF.
[/quote]

GAWD! I hope they don't get too fancy with car batteries! They're simple, and work flawlessly when properly maintained. Sooner or later, someone will want to put an IPv6 address, remote access, and firmware on them.
[/quote]
probably since they have smartphone apps to start and unlock your car already...

Share this post


Link to post
Share on other sites
[quote name='nyphonejacks' timestamp='1316496186' post='359279']
[quote name='tekio' timestamp='1316447510' post='359277']
[quote name='serrath' timestamp='1316328489' post='359273']
Car batteries aren't pretty and don't have RDF.
[/quote]

GAWD! I hope they don't get too fancy with car batteries! They're simple, and work flawlessly when properly maintained. Sooner or later, someone will want to put an IPv6 address, remote access, and firmware on them.
[/quote]
probably since they have smartphone apps to start and unlock your car already...
[/quote]
[url="http://tvtropes.org/pmwiki/pmwiki.php/Main/WhatCouldPossiblyGoWrong"]What could possibly go wrong with that...[/url]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0