Tagged: firmware Toggle Comment Threads | Keyboard Shortcuts

  • jkabtech 12:17 pm on May 27, 2018 Permalink | Reply
    Tags: 'Thunderstrike', , firmware, ,   

    Macs Vulnerable to Firmware Attacks Like ‘Thunderstrike’, Says Duo Security 

    Highlights Apple has not been able to entirely provide security fixes to macOS Duo Security found this in its report released on Friday It found that 43 percent of Mac machines had out-of-date firmware

    Since 2015, Apple Inc has tried to protect its Mac line of computers from a form of hacking that is extremely hard to detect, but it has not been entirely successful in getting the fixes to its customers, according to research released on Friday by Duo Security.

    Duo examined what is known as firmware in the Mac computers. Firmware is an in-built kind of software that is even more basic than an operating system like Microsoft Windows or macOS.

    When a computer is first powered on – before the operating system has even booted up – firmware checks to make sure that basic components like a hard disk and processor are present and tells them what to do. That makes malicious code hiding in it hard to spot.

    In most cases, firmware is a hassle to update with the latest security patches. Updates have to be carried out separately from the operating system updates that are more commonplace.

    In 2015, Apple started bundling firmware updates along with operating system updates for Mac machines in an effort to ensure firmware on them stayed up to date.

    But Duo surveyed 73,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware they should have been based on their operating system. In some models – such as the 21.5-inch iMac released in late 2015 – 43 percent of machines had out-of-date firmware.

    That left many Macs open to hacks like the “Thunderstrike” attack, where hackers can control a Mac after plugging an Ethernet adapter into the machine’s so-called thunderbolt port.

    Paradoxically, it was only possible to find the potentially vulnerable machines because Apple is the only computer maker that has sought to make firmware updates part of its regular software updates, making it both more trackable and the best in the industry for firmware updates, Rich Smith, director of research and development at Duo, told Reuters in an interview.

    Duo said that it had informed Apple of its findings before making them public on Friday. In a statement, Apple said it was aware of the issue and is moving to address it.

    “Apple continues to work diligently in the area of firmware security, and we’re always exploring ways to make our systems even more secure,” the company said in a statement. “In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.”

    View the Original article

  • jkabtech 5:55 am on January 30, 2016 Permalink | Reply
    Tags: , , firmware, , receiver, scanning, , walkietalkie   

    Jailbreak firmware turns cheap digital walkie-talkie into DMR scanning receiver 

    ? LiveJournal

    In the last years, DMR and MOTOTRBO (a.k.a. TRBO a Motorola Solutions branded DMR Radios ) has become a very popular digital voice mode on the UHF and VHF bands and the MD380 radio is the latest cheap DMR walkie-talkie to come out of China.The question is, is it any good? The longer answer is slightly more complicated, and involves discussing the difference in price between this radio and other more expensive, but higher quality, radios. But i can tell you that a group of hams here recently purchased the Beihaidao DMR radio (also sold under brands like Tytera, KERUIER or Retevis) and have been having excellent results with them.

    Every once in a great while, a piece of radio gear catches the attention of a prolific hardware guru and is reverse engineered. A few years ago, it was the RTL-SDR, and since then, software defined radios became the next big thing. Last Shmoocon, Travis Goodspeed presented his reverse engineering of the MD380 digital handheld radio.

    The hack has since been published in PoC||GTFO 0x10 (donwload site) with all the gory details that turn a radio under $200 into the first hardware scanner for digital mobile radio. For comparison, the cost of a Motorola MotoTRBO UHF XPR 7550 DMR radio can reach $800.
    The MD380 is a fairly basic radio with two main chips: an STM32F405 with a megabyte of Flash and 192k of RAM, and an HR C5000 baseband. The STM32 has both JTAG and a ROM bootloader, but both of these are protected by the Readout Device Protection (RDP). Getting around the RDP is the very definition of a jailbreak.

    In Digital Mobile Radio, audio is sent through either a public talk group or a private contact. The radio is usually set to only one talk group, and so it’s not really possible to listen in on other talk groups without changing settings. A patch for promiscuous mode – a mode that puts all talk groups through the speaker – is now out.

    Here in the US Project 25 (P25 or APCO-25) is a suite of standards for digital radio communications for federal users,  but for state/county and local public safety organizations including police dispatch channels are using Mototrbo DMR digital standard.

    How to install the Hacked Firmware for the MD380. ( Here is a YouTube Video on the Update Process to the Jailbreak of the Beihaidao Radio)

    You need source code from https://github.com/travisgoodspeed/md380tools this download  does not ship with firmware to avoid legal trouble. Instead it grabs firmware from the Internet, decrypts it, and applies patches to that revision.

    The output files have a .img extension when unencrypted, and a .bin extension when packaged for the official firmware updater.
    If you use the Tytera Updater you need .binHere is a description of the files and procedure.* prom-public.img and prom-public.bin: patched to monitor all talk groups.* prom-private.img and prom-private.bin: patched to monitor all talk groups, private calls.* experiment.img and experiment.bin: patched to monitor all talk groups, private calls, and sideload alternate firmware.You can install any of these patched firmware files into your MD380 by using the respective .bin file with the Ty$* Turn off your MD380 using the volume knob.* Attach the Tytera USB cable to the SP and MIC ports of your MD380.* Attach the Tytera USB cable to your host computer.* Hold down the PTT and the button above the PTT button (*not* the button with the “M” on it).* Turn on your MD380 using the volume knob.* Release the buttons on the radio.* The status LED should be on and alternating between red and green, indicating you’re in flash upgrade mode.* Start the Tytera “Upgrade.exe” program.* Click “Open Update File” and choose one of the .bin files produced from the process above.* Click “Download Update File” and wait for the flash update process to finish. It takes less than a minute.* Turn off your MD380 using the volume knob.* Disconnect the USB cable from your MD380 and host computer.* Turn the MD380 back on, and you should see the “PoC||GTFO” welcome screen.

    You’re running patched firmware!

    var _top100q = _top100q || []; _top100q.push([‘setAccount’, ‘1111412’]); _top100q.push([‘trackPageview’]); ;(function () { LJ.injectScript(‘//ad.rambler.ru/static/green2.min.js’) .done(function () { _green.defineSlot(‘8990’, [1, 1], ‘rambler_ad_counter_145411388258’); _green.display(‘rambler_ad_counter_145411388258’); }); }());

    View the original article here

Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc
%d bloggers like this: