Because Apples don't need anti-virus

for all subjects/topics not covered by the other forum categories
Post Reply
User avatar
paulv
Posts: 3854
Joined: Tue Jan 25, 2011 6:37 pm
Location: Leicestershire
Contact:

Because Apples don't need anti-virus

Post by paulv » Sun Jul 24, 2011 11:05 pm

http://isc.sans.edu/diary/Apple+Battery ... word/11248

Oh dear. This is both sad, and funny. Anyway, what does the firmware do in a battery other than drain the battery faster? I guess it lets Apple call it an iBat :lol:

Sadly, MS Intel are going down a similar route... Thunderbolt cables... "Active circuits"... Firmware update... Gain full control over a system? #-o

Thanks but I'll stick to my hand made UPURS cable :lol: :lol:
Last edited by paulv on Mon Jul 25, 2011 12:11 pm, edited 1 time in total.

User avatar
1024MAK
Posts: 10361
Joined: Mon Apr 18, 2011 5:46 pm
Location: Looking forward to summer in Somerset, UK...
Contact:

Re: Because Apples don't need anti-virus

Post by 1024MAK » Mon Jul 25, 2011 2:35 am

Yes, before everyone gets too excited... :lol:
All lithium ion batteries (including modern laptop batteries) have to have a "intelligent" chip to control the charging.
It does not surprise me that some are micro-controllers.
I do think it unlikely to be much of a threat, after all the main computer needs to become infected in order for the main MPU to talk to the micro controller in the battery pack... :roll:
As to the "Thunderbolt cables", sounds like marketing speak :lol:
Cables are made of either copper (or other suitable metal conductor) or use optical fibres...
Electronic circuits may "clean-up" the signal in or for a copper cable or a optical fibre but that's all...

station240
Posts: 864
Joined: Tue Feb 09, 2010 6:11 pm
Location: South Australia
Contact:

Re: Because Apples don't need anti-virus

Post by station240 » Mon Jul 25, 2011 5:24 am

paulv wrote:http://isc.sans.edu/diary/Apple+Battery ... word/11248

Oh dear. This is both sad, and funny. Anyway, what does the firmware do in a battery other than drain the battery faster? I guess it lets Apple call it an iBat :lol:
Actually the firmware controls the charging process for the battery. LiIon batteries are very easily damaged, infact if you could overload the cells without the fuse blowing the pack would explode and catch fire.Firmware -> Fireware.

User avatar
paulv
Posts: 3854
Joined: Tue Jan 25, 2011 6:37 pm
Location: Leicestershire
Contact:

Re: Because Apples don't need anti-virus

Post by paulv » Mon Jul 25, 2011 12:39 pm

All lithium ion batteries (including modern laptop batteries) have to have a "intelligent" chip to control the charging.
It does not surprise me that some are micro-controllers.
Whilst I understand that Li-Ion batteries have special charging characteristics and requirements and the circuitry needs to be (reasonably) intelligent, I simply didn't think that there'd be a requirement to have a flashable firmware device embedded.After all, how wrong can you get a charging circuit. Flashable means to me one of two things..

1. We might want to put extra features in later
2. We've probably got it wrong somewhere and it'll probably need fixing.

Given that the device were talking about is a battery, I don't believe option 1 really applies it's a battery, it's a charging circuit. If the original intelligence can't charge the battery and inform the machine through the various API's of charge level etc. then there's no point in releasing it, after all, what more features could you add to a battery pack charging circuit beyond charging and using standard API features like ACPI or equivalent?

But then I've probably answered my own question here.

BITD, I was taught that API's were things that were meant not to change per se. They could grow, add more functions, even change how functions were implemented behind the API call specification but the API implementation of a specific function should remain fixed. To that end, you could even add in optional extra arguments as long as default values for those optional parameters were sensible in order that a previous API client would continue to work. If a function in an API becomes obsolete, fine, deprecate the function, replace it with a similarly named function and leave it in the system for a period of time (or forever) to support older API clients that have not been updated where possible.

Sadly, these days, I've seen too many API's that simply do not do that. They "migrate" to a new version and turn off the old version with no concern as to the impact of doing so on others :twisted:. Even worse, I've seen systems with "dynamic" API's where you call a function and it's pot luck and undocumented as to what you get back :roll:

So thinking about it placing flashable firmware into a battery would work as a concept for me if the machines they were talking to kept changing their API's or they were expecting that the API would change in the future so significantly that the previous API as supported by the firmware was non-existent after the changes...
As to the "Thunderbolt cables", sounds like marketing speak
Cables are made of either copper (or other suitable metal conductor) or use optical fibres...
Electronic circuits may "clean-up" the signal in or for a copper cable or a optical fibre but that's all...
Actually, the circuits are a little more intelligent than that... They multiplex PCI Express and DisplayPort data streams into one signal and de-mux at the other end... so yes, traditional copper between the two plugs but the tech in the plugs is pretty complex for a "simple" connecting cable.

Paul

User avatar
1024MAK
Posts: 10361
Joined: Mon Apr 18, 2011 5:46 pm
Location: Looking forward to summer in Somerset, UK...
Contact:

Re: Because Apples don't need anti-virus

Post by 1024MAK » Mon Jul 25, 2011 4:37 pm

paulv wrote:
All lithium ion batteries (including modern laptop batteries) have to have a "intelligent" chip to control the charging.
It does not surprise me that some are micro-controllers.
Whilst I understand that Li-Ion batteries have special charging characteristics and requirements and the circuitry needs to be (reasonably) intelligent, I simply didn't think that there'd be a requirement to have a flashable firmware device embedded.
Snip...
I think much the same. But it sounds like the micro-controllers used have flash memory. As such, they can contain a boot-loader. This allows them to be reprogrammed. I suspect that each is reprogrammed at the time of battery pack manufacture to match the battery. Why you would not then disable the boot-loader I don't know... :roll:
paulv wrote:
As to the "Thunderbolt cables", sounds like marketing speak
Cables are made of either copper (or other suitable metal conductor) or use optical fibres...
Electronic circuits may "clean-up" the signal in or for a copper cable or a optical fibre but that's all...
Actually, the circuits are a little more intelligent than that... They multiplex PCI Express and DisplayPort data streams into one signal and de-mux at the other end... so yes, traditional copper between the two plugs but the tech in the plugs is pretty complex for a "simple" connecting cable.
Paul
But in my mind, this is then an "adapter" rather than a cable. Okay, the data rate is very high, but adapters for multiplexing and de-multipexing various digital signals have been around for as long as microprocessors have. I have never heard of them being called cables before. Of course as SMD cause everything to get ever smaller, I suppose it can get harder to tell the difference :lol:

User avatar
MartinB
Posts: 5353
Joined: Mon Mar 31, 2008 10:04 pm
Location: Obscurity
Contact:

Re: Because Apples don't need anti-virus

Post by MartinB » Mon Jul 25, 2011 5:21 pm

It is perfectly possible to build a low-frequency covert transmitter within an innocent-looking cable using a couple of diodes (acting as cat’s whiskers) and a couple of load resistors. If you then pulse data through the cable at say 115KHz, you have a system that will use the cable as an antenna and transmit the data flowing through it on the VLF Navigation band for monitoring by ground stations many miles away. These listening stations can then forward transmit the data to interested parties. Here’s an example schematic of this type of bugging device :
Covert Transmitter.PNG
Covert Transmitter.PNG (9.38 KiB) Viewed 1309 times


User avatar
retroclinic
Posts: 3043
Joined: Thu Jul 03, 2008 2:22 pm
Location: East Riding of Yorkshire
Contact:

Re: Because Apples don't need anti-virus

Post by retroclinic » Mon Jul 25, 2011 7:28 pm

MartinB wrote:It is perfectly possible to build a low-frequency covert transmitter within an innocent-looking cable using a couple of diodes.....<snip>[/attachment]
Ahh.....now we see what Martin is REALLY up to with the UPURS cable.... :lol:
Image

User avatar
MartinB
Posts: 5353
Joined: Mon Mar 31, 2008 10:04 pm
Location: Obscurity
Contact:

Re: Because Apples don't need anti-virus

Post by MartinB » Mon Jul 25, 2011 8:52 pm

It's not working as well as I'd hoped. I seem to be getting some interference from the radio microphones in Datacentres.

Anyway, I thought I'd better come clean because this thread has unsettled me - I always thought there was something strange about my laptop battery...
Laptop Battery.PNG
Laptop Battery.PNG (27.76 KiB) Viewed 1277 times
:-k

User avatar
jonb
Posts: 2695
Joined: Sat May 21, 2011 1:42 pm
Location: South Coast of England
Contact:

Re: Because Apples don't need anti-virus

Post by jonb » Thu Jul 28, 2011 10:00 am

Speaking of the Thunderbolt cable, it occurred to many in the Apple user community that having the transducers in the cable itself would be a way of future proofing the interface. I'm thinking fibre optics here.. which is the end game of Thunderbolt (or Lightpeak as Intel call it, for just that reason).

Shame the cable costs £50, but that is much cheaper than upgrading the computer. The other shame is that there aren't many peripherals that support it and those that do are quite expensive, perhaps due to licensing costs for Lightpeak. Because of this, we are unlikely to see £5 hard drive enclosures with Thunderbolt / Lightpeak interfaces on eBay.

Oh well, blithering on.. I have an iMac with a Thunderbolt port but can't myself see a use for the new interface. Handy on the new MacBook Airs that don't have Ethernet connectors (when and if someone offers a Thunderbolt to Ethernet adapter of course).

On topic now : this thing about the batteries bugs me, but if there is a real vulnerability, Apple will surely release a patch.

Post Reply

Return to “off-topic”