Add a Comment
Email This
Statistics
RE: Maybe...
I think you're chasing the starting point of a circle. Target Disk mode works because of the DMA capabilities within the FireWire protocol. The DMA capabilities don't exist because of the Target Disk mode. This is why the vector is completely cross platform. Any machine that correctly supports the OHCI interface will allow an external device to initiate a DMA session with the host so that data may move between RAM and device without slowing the user experience, because the CPU is not involved. It just so happens that if you craft a malicious "device" - it will make requests for the DMA controller to read from RAM wherever you want it to without going through the operating system which means logical access controls the OS puts in place and memory protections the CPU puts in place are bypassed completely.
RSS
RE: Maybe...
I didn't mean to get us hung up on the iPod aspect of it. Got it. However, the target disk mode is entirely relevant because it's been a long known way of externally accessing Macs for quite a while, and to protect against unauthorized access, many of the protections are at the firmware level. It sounds from the article like this attack goes right into the system without any firmware protection at all, and in fact, sounds like it uses that firmware. I'm just agog that given the well known capabilities of target disk mode that such an exploit was left open.
View Full Discussion