Can their be an external IO port that is both (a) fast and (b) access limited?
-- BadUSB shows that the USB controller can fake keystrokes, modify the recipient USB controller, etc.
-- This attack now shows an even more dangerous attack that can be mounted by a malicious thunderbolt adapter (the one that you unknowingly connected by habit at a conference, say).
-- BadUSB shows that the USB controller can fake keystrokes, modify the recipient USB controller, etc.
-- This attack now shows an even more dangerous attack that can be mounted by a malicious thunderbolt adapter (the one that you unknowingly connected by habit at a conference, say).
Trammell is giving a longer talk about this work at CCC next week. (http://events.ccc.de/congress/2014/Fahrplan/events/6128.html)
The attack is implemented (he has a demo macbook with "ThunderStruck" bootloader), and it has been disclosed to apple >400 days ago.
One aspect of the attack can be patched with 2-byte change, but apparently apple hasn't bothered.