Security Investigate

Reversing and Exploiting an Apple Firmware Update

Download now Free registration required

Executive Summary

The security posture of a computer can be adversely affected by poorly-designed devices on its USB bus. Many modern embedded devices permit firmware to be upgraded in the field and the use of low-cost microcontrollers in these devices can make it difficult to perform the mathematical operations needed to verify a cryptographic signature. The security of many of these upgrade mechanisms is very much in question. For a concrete example, it describes how to tamper with a firmware upgrade to the Apple Aluminum Keyboard. It describes how an attacker can subvert an off-the-shelf keyboard by embedding into the firmware malicious code which allows a rootkit to survive a clean re-installation of the host operating system.

  • Format: PDF
  • Size: 150.49 KB