Thunderbolt Rootkit Vector 163
New submitter Holi sends this news from PC World:
Attackers can infect MacBook computers with highly persistent boot rootkits by connecting malicious devices to them over the Thunderbolt interface. The attack, dubbed Thunderstrike, installs malicious code in a MacBook's boot ROM (read-only memory), which is stored in a chip on the motherboard. It was devised by a security researcher named Trammell Hudson based on a two-year old vulnerability and will be demonstrated next week at the 31st Chaos Communication Congress in Hamburg.
In other news... (Score:1, Insightful)
An attacker with physical access to the target is usually a bad thing (tm),
Re: (Score:2)
Definitely. At that point you probably shouldn't call him "hacker". You should refer to him using his proper moniker, "Agent"
Re: (Score:2)
Re: (Score:3)
... isn't, but I hear his agent is.
Tell your friend Veronica
It's time to celebrate Chanukah.
READ ONLY (Score:2)
You keep using that word. I don't think it means what you think it does....
Re:In other news... (Score:4, Interesting)
But when all it requires is connecting an arbitrary malicious Thunderbolt device - a root-kit could be installed when you dock your computer, or connect to a monitor or ethernet/firewire adapter, or even a mouse.
Yes, "mission-critical" security systems should already be physically isolated. But not everything is physically isolated (work laptops, for instance), and this class of attack makes it easier to covertly compromise devices, even while in plain view. Would all of your coworkers object to someone plugging in a mouse on their laptop?
Re: (Score:2)
Re:In other news... (Score:5, Insightful)
Re: (Score:2)
And what checks that signature? Code running from ROM perhaps?
Re: (Score:2)
And what checks that signature? Code running from ROM perhaps?
In UEFI secure boot firmware can only be updated by a *signed* package. A thunderbolt attack would only be able to *request* a change to firmware, but it would have been rejected had Apple implemented secure boot.
Re:In other news... (Score:4, Interesting)
The proof of concept is probably a big hairy bundle of prototype that would get you arrested if you brought it to an airport; but a slightly more polished variant could be squirreled away in quite a few places. The volume and power required to implement an entire single-purpose attacker device is already fairly small, getting into "eh, probably just one of those EMI ferrite things" territory, and not going to get any larger; plus the options available in either embedding the attacker device in the case of a legitimate device or modifying a legitimate device's firmware.
The truly paranoid user might not be vulnerable; but few users are paranoid enough to qualify.
Re: (Score:3)
No one uses thunderbolt for mice.
Re: (Score:2)
No one uses thunderbolt for mice.
People need a mouse, see it laying around, try to plug it in the USB port, it doesn't fit, they see another port, it fits, the mouse doesn't work. Will they throw it away? no probably not - they will put it back. Then: repeat scenario!
Attacker does *not* need physical access ... (Score:5, Insightful)
An attacker with physical access to the target is usually a bad thing (tm),
The attacker does not need physical access. All the attacker needs to do is sell hacked thunderbolt cables on ebay or alibaba.
Re:In other news... (Score:5, Interesting)
While this is true, the attacker does not need physical access for this. All they need is access to an innocent user who can be convinced to plug something in.
The FBI and secret service demonstrated this type of attack back in the early 2000s. They dropped usb drives near banks night drop boxes and front doors that pinged a server with the local ip and machine name and wrote a file locally when plugged in with the autorun on. Something like 70% or so pinged. People where plugging them in to try to figure out who's they were to return them.
Its pretty easy to convince someone to plug something in.
Re: (Score:3)
Re: (Score:2)
Won't work, because the hacker actually bother to sign his ROM, which is what apple SHOULD have done.
Re: (Score:2)
Apple does sign their firmware updates.
"Firmware updates are supposed to be signed, but the vulnerability exploited by this attack allows that mechanism to be bypassed."
Re: (Score:2)
that's basically what Thunderbolt is, a PCI-E slot, with DisplayPort support added in.
Exactly. Putting display output and external PCIe on the same port is convenient when hooking stuff up in your own home/office but it leads to a new exploit vector.
People plug conference room/lecture theatre/etc projectors and associated adaptors into their laptops all the time and such rooms are generally low security. Build a malicious thunderbolt device that looks like a mini displayport to VGA adaptor and leave it next to the VGA cable from the projector and it's very likely to get plugged in.
uh - by design? (Score:4, Insightful)
Re:uh - by design? (Score:4, Informative)
Well, yes, if you can rip open the computer case and install new hardware, you have complete control over the hardware and that's to be expected.
Thunderbolt is more like USB to the user - it's a thing you use to connect untrusted devices to your system. You wouldn't expect that plugging in a USB thumbdrive would magically own your system (well, maybe you should, because it's happened in the past, but I think it's fair to say that it shouldn't). You'd think that plugging in a random Thunderbolt device would be designed to be safe. Apparently not: apparently Thunderbolt is unsafe by design.
The one mitigating factor is that literally no one uses Thunderbolt for anything, so it's not like anyone's likely to be coming across random compromised Thunderbolt devices. Discovering a Thunderbolt device at all would be out of the ordinary.
Re:uh - by design? (Score:5, Insightful)
DisplayPort monitor pre-infected with malware?
Re: (Score:2, Insightful)
It doesn't even have to be a whole monitor. An innocent looking cable would suffice. Apple's own cables already contain microcontrollers.
Re: (Score:2)
begs the question...
"You keep using that word. I do not think it means what you think it means." ~Inigo Montoya
Re: (Score:3, Informative)
Thunderbolt is more like USB to the user - it's a thing you use to connect untrusted devices to your system. You wouldn't expect that plugging in a USB thumbdrive would magically own your system (well, maybe you should, because it's happened in the past, but I think it's fair to say that it shouldn't). You'd think that plugging in a random Thunderbolt device would be designed to be safe. Apparently not: apparently Thunderbolt is unsafe by design.
USB 3.0 has this exact same feature (DMA), so yes, yes you should expect a USB thumb drive to be able to do this.
Re:uh - by design? (Score:5, Informative)
It can. See BadUSB. [srlabs.de]
Re: (Score:2, Insightful)
EPROM! Otherwise the story makes no sense... If you can write to ROM (more than once), clearly it's not ROM.
Re: (Score:2)
PROM -- Programmable Read Only Memory. Stores data by burning fusible links inside the chip using a special programming station. Non-changeable for most practical purposes. You can't fix a burned link, but you can burn additional ones.
EPROM -- Erasable Programmable Read Only Memory. Data can be stored and then erased by exposing the chip to UV radiation. Chips of this type can be recognized by the
Re: (Score:2)
I have on several occasions recovered a working system from an infected boot rom, but it was not easy nor was it straightforward in any sense of the word. Agreed however that if a boot rom is infected most computer techs without a high degree of sophistication and skills will not know how to proceed.
This is an example of what I refer to as "A nearly perfect hack" (analogous to the concept of the perfect murder, leaving little to no evidence allowing the individual committing it to get away Scott free.) In this case you have a low level hardware component as an infection vector and the infection could potentially compromise the information security of the entire system without giving itself away to a malware scanner or virus detection. Even if some of the behavior of the infected system matches a pattern similar to a known root kit or virus or malware on secondary storage, detection and cleaning is confounded by the fact that the infection can re-occur and detection can be confounded by one not being able to trust the data integrity of the machine at runtime in such an infected system. The main takeaway is that the root infection is not where one would normally look for it, on secondary storage or in RAM. Fixing such a thing, in a nutshell, requires being able to examine the system component by component at the hardware level on a non running system which is a somewhat complicated and more involved process than a malware or virus removal or giving up and just re-imaging the system. There are tools to carry out such diagnostics and repairs but it is more in the realm of a digital electronics hardware expert than in the skill set of the average IT Tech.
Your first paragraph had me interested. Your second made me realize you're full of hot air. Eg. Long, overly complex, and unnecessary vocabulary. I presume to hide the fact that you offer no real insight on solving the problem.
I'm not a hardware guy, so I would I appreciate if a real expert would chime in here and ease my curiosity.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I agree. I call bullshit.
What he describes is plausible, especially if the flash is socketed. But, not bloody likely. Considering that this malware would have to add itself to the existing flash image as an option rom or by infecting and rewriting part of the bios code and then writing that back to the rom.. Unless this was a targeted attack, the malware author would have to work out logic for each one of the major base BIOSes in use - phoenix, award, dell, lenovo, etc to be able to infect them. This is ign
Re: (Score:2)
Re: (Score:3)
USB 3.0 has this exact same feature (DMA), so yes, yes you should expect a USB thumb drive to be able to do this.
Ethernet controllers work by DMA, yet they do not offer random access to anyone who plugs anything into the bus. There is no inherent reason why DMA means full access.
Thunderbolt and Firewire are different, in that they are "controllerless". They are simply PCI bridges.
Re:uh - by design? (Score:4, Insightful)
USB 3.0's DMA is not the same as Thunderbolt's. With USB the host controller configures itself with limited DMA access to a RAM buffer, and then the USB device can only access that buffer by setting up transfers within the USB spec. In fact it can't even specify the address within the buffer or anything like that, the controller handles it all. It's closer to a NIC that supports DMA - it doesn't mean that any device on your network has full access to your computer's RAM.
Thunderbolt is rather different, because the devices are basically PCI-E cards with a Thunderbolt transceiver bolted on. As such they can do anything that a PCI-E card can do, including accessing all RAM. PC Card devices have the same issue, and so does Firewire. It's a serious issue and tools that exploit it have been available for a while, both open source and commercial. For example: http://www.breaknenter.org/pro... [breaknenter.org]
The BadUSB attack relies on either exploiting bugs in the USB driver or emulating something like a keyboard and typing commands into a terminal. It's bad, but not nearly as bad as having complete, unfettered access to RAM by design. For example, a locked computer or server that isn't logged in locally is unlikely to be affected by BadUSB because it can't know the login details, but with Thunderbolt you have total access.
Re: (Score:3)
Here's what I don't get. Back when the G5 came out, Apple used a custom piece of hardware called DART to create a boundary between the
Re: (Score:3)
VT-d is used for something else, basically allowing PCI-E devices to access RAM without needing to worry about a >32 bit address space. While it might be possible to prevent this attack with it, that isn't how it is currently used. If a fix can be implemented it might break a lot of drivers.
The attack is so nasty because when you can overwrite random bits of memory you can modify executable code on the fly. Address randomization doesn't help, you can simply search the entire address space for some suitab
Re: (Score:2)
All drivers on OS X are already required to tell the operating system ahead of time that a device is about to DMA to memory. That's how that VT-d is able to configure the IOMMU hardware to allow those devices to access RAM without worrying about 64-bit address spaces. So the OS already knows precisely which pages of physical RAM should be accessible by PCIe devices using DMA. If other pages of RAM are accessible, that's a bug.
Similarly, making the Thunderbolt controller's IOMMU mappings be driven by tha
Re: (Score:2)
Re: (Score:2)
Re:uh - by design? (Score:5, Insightful)
Thunderbolt is more like USB to the user - it's a thing you use to connect untrusted devices to your system.
Thunderbolt is more like PCIe to the system -- it's a thing you use to connect trusted devices to your system. In fact, it is PCIe, along with DisplayPort.
The one mitigating factor is that, while there are Thunderbolt devices out there, users are less likely to find one lying in the company parking lot and decide "durr, let me plug this into my work computer and see what's on it". That seems to be a pretty effective delivery method for hostile USB devices.
Re: (Score:2)
It's a concern to anyone who travels with a laptop. With Thunderbolt, PC Card or Firewire your laptop is vulnerable even if you lock it. With BadUSB there isn't much it can do if the machine is locked. If customs or some LEA decides they want in they can get everything, including your encryption keys (you did encrypt and use a VPN, right?)
Hopefully you can somehow disable it to mitigate this attack. I don't know about Macs but most PC UEFI BIOSes allow it to be turned off, along with Firewire and PC Card.
Re: (Score:2)
I don't think Mac OS X even has a user-accessible BIOS. I know there's a "special" key combo you can hit to reset whatever they call their equivalent of CMOS settings (it's either NVRAM or PRAM and I have no clue what the difference is or why it matters). (I know this because there's another cute Mac bug that frequently hits my work MacBook where it will forget it has a built-in display because I turned it off while connected to a monitor, so you have to reset it to factory defaults to get it to realize "ma
Re: (Score:3, Informative)
The one mitigating factor is that literally no one uses Thunderbolt for anything, so it's not like anyone's likely to be coming across random compromised Thunderbolt devices. Discovering a Thunderbolt device at all would be out of the ordinary.
You're obviously not in the pro audio world.
Re: (Score:2)
"You're obviously not in the pro audio world."
You obviously aren't either. Thunderbolt's way overkill for bandwidth requirements, and most onboard sound systems in a typical desktop handle proper mixer outputs and inputs just fine, with pretty much professional noise floors. I get more noise from my guitar amp and distortion pedal than I get recording the line-in with nothing attached/everything turned off.
Pretty easy setup. [imgur.com] Added bonus, you can't infect through a line-in signal that I'm aware of!
Re: (Score:2)
Avid's entry level Pro Tools HD system is thunderbolt-based [vintageking.com]. I know at least a dozen people that use it for professional work every day. This is the industry-standard equipment, particularly if you're not going to buy cards.
USB can do bandwidth for a few audio channels but you need PCIe or Thunderbolt if you want to have a few hundred tracks and still have under 5 milliseconds latency, and you generally need that if you're tracking or comping.
Re: (Score:2)
"you need PCIe or Thunderbolt if you want to have a few hundred tracks and still have under 5 milliseconds latency"
That's what a mixer board is for [soundcloud.com] and even ASIO drivers don't provide sub 5ms latency. The only thing on this planet providing sub 5ms latency are direct connections from instrument to IEMs, and even then you have to deal with things like comb filtering.
Yamaha has a good piece on this [yamahaproaudio.com] and I'd take their word well over Avid's, given Yamaha has been in this game FAR longer, starting with musical i
Re: (Score:2)
Yamaha's piece is marketing for their own software, Nuendo, which is meant to run on ASIO and they're trying to downplay its deficiencies for tracking.
You seem to have heard of a mixing console, that's good, but a really common setup is to have 20 or 30 microphones coming into the analogue console, passing to Pro Tools, playing back with a few hundred channels of prerecords, getting down mixed in Pro Tools to 96 channels, and then those channels coming up on the console on the tape inputs. And the sound on
Re: (Score:2)
Yea. I work in Riverside. Done audio and video work for groups such as The Neil Deal and other bands out in Studio City. I have plenty of experience with digital recording and multitracking/overdubbing, starting with Cool Edit back in the late 90s (and some MIDI/MOD/IT tracking.)
Simple physics alone is going to dictate that sub 5ms latency is pretty much impossible without your cables being a foot long once you take all the signal pathways, processing overhead, etc. in a piece of hardware into account.
Every
Re: (Score:2)
I know your kind too well; luckily I know no one younger than 60 that actually goes around telling that you "need a console" for low-latency monitoring. Unless they're analogue purists or console fanboys -- you know, marketing.
I am A BIT surprised that someone with so much experience
Re: (Score:2)
Are you forgettingelectrical signals don't propagate at light speed? Bring that up a few more ns. Now toss in all your processing, etc in a digital solution.
" Mackie 1404"
Not eeeeeeven close, but at least you got the brand right. You're missing the digital /SPDIF and optical outputs on the back - I've timed this from the same equipment and different outputs. Digital adds latency like mad.
Re: (Score:3)
Re: (Score:2)
The one mitigating factor is that literally no one uses Thunderbolt for anything, so it's not like anyone's likely to be coming across random compromised Thunderbolt devices. Discovering a Thunderbolt device at all would be out of the ordinary.
There was a brief moment that companies released laptops with Thunderbolt (mostly Ivy Bridge platforms). Now its a rare feature outside of Apple's laptops. Microsoft didn't put Thunderbolt into the Surface 3 because of the DMA security concerns and "InstantGo" devices (source: http://technet.microsoft.com/e... [microsoft.com] )
Re: (Score:2)
Thunderbolt is more like USB to the user - it's a thing you use to connect untrusted devices to your system.
No. USB is not safe [srlabs.de] either. Don't plug untrusted devices into your system's I/O ports, period.
USB, Firewire, eSATA, SAS, and Thunderbolt do not have a security model.
Thunderbolt just happens to have more capabilities since there is direct access to the PCI bus, and this is also where the greater performance comes in.
With greater capabilities and access comes greater possibilities of abuse fr
Re: (Score:2)
Re: (Score:2)
The whole point of Thunderbolt (and Firewire before it) was that they didn't put any load on the CPU at all, they would communicate directly to ram, reading and writing data without any load on the very limited resource that is the processor. Of course, there really should have been a boot-time restriction of what memory the bridge has access to, but I guess that would have been too much for the programmers.
Re: (Score:2)
The whole point of requiring every driver to call the prepare method on an IOMemoryDescriptor object before telling a device to do DMA and calling the matching complete method when the I/O is done is so that the OS can create and tear down mappings in various IOMMU hardware to protect the system as a whole from buggy devices (and particularly those that don't understand 64-bit address spaces). If that isn't happening, I'd argue that it is a kernel bug, and given the security implications, a pretty seriou
Re: (Score:2)
I am, of course, assuming that Thunderbolt controllers contain an IOMMU, but given that it has to function as a nontransparent PCI bridge when attached between two computers, that should be a safe assumption.
Why didn't I think of that (Score:1)
Why didn't I think of that.
Pretty cool vulnerability but.. (Score:4, Informative)
If I have physical access to your machine, I'm going to get you one way or another.
Re:Pretty cool vulnerability but.. (Score:5, Interesting)
.
Then there's this gem:
The bootkit can even replace Apple’s cryptographic key stored in the ROM with one generated by the attacker, preventing any future legitimate firmware updates from Apple, the researcher said in a blog post [trmm.net].
Re: (Score:2)
Re: (Score:2)
If I have physical access to your machine, I'm going to get you one way or another.
You don't need physical access. Thunderbolt cables have an integrated microcontroller, its one of the reasons the cables are expensive. In theory a hacker could add additional electronics and sell / give away cables.
Re: (Score:2)
Not really... Say you have a running but locked laptop in front of you. If it is turned off you are probably screwed since the contents will be encrypted, hopefully. So how do you unlock the machine without knowing the password? With Thunderbolt, Firewire or PC Card you can just hook up a special device that lets you rip the content's of RAM and even modify it, allowing you to bypass the lock screen or even just reset the password in memory.
The only other viable attack is a cold boot attack, but that can be
Hasn't this been known? (Score:5, Insightful)
Firewire, USB 3.0, and Thunderbolt all have DMA, which means any device hooked to a host can pretty much do anything they want to the host, no matter what the host hardware or OS is. I didn't think this sort of thing was still news?
Re: (Score:3)
I'm pretty sure in the case of USB 3 that DMA is a function of the host controller. A device by itself cannot inject into arbitrary memory. This thunderbolt "vulnerability" is the equivalent of the windows autorun on insertion function that was disabled years ago. Only this functions above the level of the current user (aka much worse).
Re:Hasn't this been known? (Score:5, Interesting)
I'm pretty sure in the case of USB 3 that DMA is a function of the host controller. A device by itself cannot inject into arbitrary memory. This thunderbolt "vulnerability" is the equivalent of the windows autorun on insertion function that was disabled years ago. Only this functions above the level of the current user (aka much worse).
I'm looking up DMA for USB3. Although there are some ways to secure DMA (like a white list of addresses/sizes that are safe to write to), all of the advertised functionality of USB3, such as the sustained data rates, would be very hard to achieve if you didn't have direct access to memory. That's why Firewire ruled for live streaming of data for so long: DMA made it's rates reliable, whereas USB's dependence on the controller and CPU for memory transfers made the throughput more flakey.
Re:Hasn't this been known? (Score:5, Insightful)
Well, now I'm reading specs on USB 3.0 controllers. Ugh. There's a lot on mapping a bus address to a memory address for DMA, but nothing addressing the security implications of doing so, or what devices are allowed to do, just broad hints like the buffer has to exist in a DMA-able part of memory without saying if that's a security implication or a hardware implication.
It would be nice to see a follow up article on if/how USB 3.0 protects against these things, because I'm not a kernel USB developer sort of guy, so while I know DMA is there, I'm not feeling like I'd be able to dissect these implementation specs.
Re: (Score:3)
USB 3.0 devices can't read or write arbitrary RAM like Thunderbolt devices can. The host controller (or rather the driver) has to allocate RAM buffers and then program its DMA controller to copy data in or out of it. In theory it might be vulnerable if there are flaws in the driver perhaps, but it would be reliant on specific drivers and host controllers. The vulnerability is designed in to Thunderbolt as a feature.
Re: (Score:2)
40Gbps ethernet cards use DMA securely and offer sustained data rates that USB can only dream of.
Re: (Score:2)
You misunderstand. The bus is ethernet. You can plug anything you want into the ethernet plug without giving it unlimited access to your system memory. Just like you can plug anything into a (mythical) properly implemented USB bus without any risk, but UNLIKE Firewire and Thunderbolt.
Re: (Score:2)
Although there are some ways to secure DMA (like a white list of addresses/sizes that are safe to write to), all of the advertised functionality of USB3, such as the sustained data rates, would be very hard to achieve if you didn't have direct access to memory
Sigh. It's almost like slashdot is peopled by people who know fuck-all about computers, such as the existence of the IOMMU [wikipedia.org]. Decent operating systems have support for these [kernel.org]. They completely solve this problem with minimal overhead.
That's why Firewire ruled for live streaming of data for so long: DMA made it's rates reliable
Yes, firewire has the same problem, and the same solution.
Re: (Score:2)
Using an IOMMU gives such devices direct virtual memory access which it fully safe (compared to physical memory access which is not safe and what apple did here).
I was going to mention IOMMUs, but I thought it would just confuse the issue (see the host controller confusion on my other comment).
In this case IOMMUs will only help you a little, as the article mentions that the option roms are being executed. Executing in the early boot environment, without a hypervisor, or in the hypervisor context, means tha
Re: (Score:2)
same thing as a pci-e / pci / cardbus / express card with a boot ROM or flash. They load pre boot at least on non mac systems you can go to bios and trun off option roms / set it to EFI only mode.
Apple exposes a bunch of pre boot options for the firmware on the command line, but I'm not sure if you can disable pre-boot EFI drivers from there.
Re: (Score:2)
Firewire, USB 3.0, and Thunderbolt all have DMA, which means any device hooked to a host can pretty much do anything they want to the host, no matter what the host hardware or OS is. I didn't think this sort of thing was still news?
It's news to me that apple still isn't using an IOMMU, I thought that they were supposed to be fixing this problem. Most modern PCs have one.
Putting unprotected flash in computers was stupid (Score:2, Insightful)
Almost as stupid as making PCI-E part of an external bus. The BIOS write protect jumper of old was the right idea.
Writable ROM (Score:1)
A writable ROM are clearly not a ROM
Re: (Score:2)
Well...Isn't that cute. (Score:2)
The attack, dubbed Thunderstrike,
Tell me. Does it get it's own little theme song performed by AC/DC too?? That would just complete the marketing circle!
Re: (Score:2)
Sun J-Bus systems did it right (Score:2)
So if you get hit by this attack, have you been... (Score:4, Funny)
Writing to ROM? Wrong. (Score:2, Redundant)
"installs malicious code in a MacBook's boot ROM (read-only memory)"
Nope. It may write to EPROM or something like that but by definition it can not write to ROM. ROM means Read Only Memory and as such there is no writing to it. EPROM or some other flavor of Erasable Programmable Read Only Memory is what it would have to be working with. Too bad writers can't read. Not even their own sentences. Or perhaps they can't comprehend. IM (Incomprehensible Memory) in the case of the OP.
Apple used to have security for firmware updates (Score:3)
With older (PPC?) based Macs, to update the firmware you had to power off the machine, then turn it on by holding the power button until you got an extra beep or sound. This would physically un-write-protect the firmware EPROM so that it could be updated by open firmware.
In their quest to make everything as "user friendly" as possible, they took out this hardware security feature, allowing the update to just happen without any physical action.
Bad Apple, no donut.
Re: (Score:2)
Such features were likely removed at the request of the NSA or other shadowy government agency.
Watch out for VGA dongles (Score:2)
Here's how you do it:
1. Go to a conference, and allow your dongle to 'accidentally' fall out of your bag onto the floor. Wait for somebody to come and pick it up.
2. Open up an online shop and sell knock-off dongles at a reduced price
3. Post an ad on Craigslist selling your 'old' dongle
4. Go to a conference and swap out the dongle that is there with your dongle
At $30 a pop people many unwitting Mac users would pick up one of these devices if they were convinced it were impossible to find out the owner. The
Overwriting ROM? (Score:2)
Can someone explain to me how you can write to Read Only Memory?
Install into the ROM (read only memory) (Score:2)
Find the mistake.
Vendors are stupid, if they make ROM writable, without setting a jumper. Or making it writable at all.
Re: (Score:1)
Re:ROM (Score:5, Informative)
Well, you're pretty wrong: https://trmm.net/EFI [trmm.net]
Re: (Score:2)
Re: (Score:2)
No, by definition he's right: It's tough to overwrite a READ ONLY MEMORY . Of course, the firmware in the Mac isn't actually stored in a true ROM but in an EEPROM or some other solid-state memory that can be overwritten. So the article is incorrect or misleading to call that chip a ROM.
Re: (Score:1)
lot's of people can them rom's they have also been called flash roms. Rom update, flash update, etc
Re:ROM (Score:4, Interesting)
This is one area where good hardware design can fix the problem. Those SPI EEPROMs have a Write-Protect pin, which should be set disabled unless a physical switch is enabled (jumper anyone?).
Yes, it requires opening your computer to update firmware, but firmware updates are a dangerous operation anyway and should not be permitted willy-nilly.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Aren't they still using those patented fuck-you^W pentalobe screws?
But... but... but... they're better than normal screws! They are more robust, because you know, most people open their laptop up every week and replacement screws a really expensive...
Come on fanboys, mod me down :-)
Re: (Score:3)
Pfft, of course they are better screws. They are both more expensive and annoying to operate, just like other Apple Iproducts.
iScrew
Only meant to be used by the special Apple certified screwdriver, the iScrewyou.
Re: (Score:2)
Were talking about MacBooks here, not phones. The screws are normal phillips head. They are tiny but easily removed. Note that you can replace your SSD yourself. You can also replace the battery but they frown on that as they want to make sure they are disposed of properly.
Re: (Score:2)
For that to happen someone would have to make a thunderbolt device you wanted to buy.
They already do. They just need to make one that I can afford.