Category: Apple Insider

Security researcher Joe Fitzpatrick, one of the few sources named in Bloomberg Businessweek’s bombshell Chinese hack investigation, in a podcast this week said he felt uneasy after reading the article in part because its claims almost perfectly echoed theories on hardware implants he shared with journalist Jordan Robertson.

Fitzpatrick detailed his dealings with Bloomberg to Patrick Gray of Risky Business in a podcast published on Monday.

The security specialist first talked with Robertson last year prior to giving a presentation on hardware implants at the DEF CON hacking convention, though the topic of the article was not made clear until last month.

In his conversations with the journalist, Fitzpatrick detailed how hardware implants work, specifically noting successful proof-of-concept devices he demonstrated at Black Hat in 2016. While he is a security researcher, Fitzpatrick is not in the business of selling such devices to customers — let alone nation states — and is for the most part working off theories derived from years of teaching others how to secure their own hardware.

When asked what, exactly, he found strange about Bloomberg’s claims, Fitzpatrick said, “It was surprising to me that in a scenario where I would describe these things and then he would go and confirm these and 100% of what I described was confirmed by sources.”

Further, the story as told “doesn’t really make sense.” As Fitzpatrick notes, there are easier, more cost-effective methods of attaining backdoor access into a target computer network.

Bloomberg in its article claimed Chinese operatives managed to sneak a microchip smaller than a grain of rice onto motherboards produced by hardware supplier Supermicro. Supposedly designed by the Chinese military, the chip acted as a “stealth doorway onto any network” and offered “long-term stealth access” to attached computer systems.

Nearly 30 companies were reportedly impacted by the breach, though only Amazon and Apple were mentioned in the story. Both companies have released strongly worded denials, with Apple characterizing the report as “wrong and misinformed.”

“Spreading hardware fear, uncertainty and doubt is entirely in my financial gain, but it doesn’t make sense because there are so many easier ways to do this,” Fitzpatrick said, referring to the purported hardware implant. “There are so many easier hardware ways, there are software, there are firmware approaches. There approach you are describing is not scalable. It’s not logical. It’s not how I would do it. Or how anyone I know would do it.”

Fitzpatrick said as much to Robertson in an email exchange, pointing out the described backdoor attack can be just as easily accomplished by remotely modifying the firmware of “most BMCs” (baseboard management controllers) as many run outdated software. He goes on to ask whether the additional hardware sources supposedly discovered on the boards were merely counterfeit prevention, bypassing implants or some other functional component added by a legitimate third-party.

He cautions that inexperienced observers might mistake combination hardware — for example flash storage and a micro controller — as a hardware implant. The Bloomberg investigation claims the spy chips were incorporated into another, inconspicuous component that took on the appearance of signal conditioning couplers.

Robertson in an email confirmed that the idea “sounded crazy,” but said “lots of sources” corroborated the information. Fitzpatrick was not convinced.

“And you know I’m still skeptical. I followed up being like, ‘Yeah, okay if they wanted to backdoor every single Supermicro motherboard, I guess this is the approach that makes sense,” he told Patrick. “But I still in my mind I couldn’t rationalize that this is the approach any one would choose to take.”

Robertson was unable to produce photographic evidence of the chips in question, saying they were described to him by protected sources. Indeed, Robertson in September asked Fitzpatrick what a “signal amplifier or coupler” looks like, suggesting the publication narrowed the attack package down to that particular component. Fitzpatrick sent Robertson a link to a very small signal coupler sold by Mouser Electronics.

“Turns out that’s the exact coupler in all the images in the story,” Fitzpatrick said.

While the illustration used in the Bloomberg story is just that, Fitzpatrick argues similar components would be an unlikely choice for the attack vector described. Larger, less conspicuous hardware is available, namely chips that mimic the SOIC-8 package. Further, pint-size signal couplers are not standard fare for server motherboards that do not include Wi-Fi or LTE.

“But it’s just not the easiest package to choose to use with something like this, it’s not a package you’d expect to find in a motherboard,” he said. “It’s something where if it’s on your motherboard you’d be like, ‘What the heck is that doing there for?'”

Whether the Supermicro boards in question integrated wireless radio technologies is unclear.

Apple executives and high-ranking security engineers said an internal investigation into Bloomberg’s claims revealed no evidence of the hardware tampering in question, nor did the company identify unrelated incidents from which the allegations could have conceivably arisen.

Apple said much the same in a letter to Congress issued over the weekend.

For his part, Fitzpatrick said Bloomberg’s account of what transpired, if anything, is suspect.

“I have the expertise to look at he technical details and I have the knowledge to look at the technical details and see that they’re jumbled. They’re not outright wrong, but they are theoretical,” he said. “I don’t have the knowledge to know the other conversations — the other 17 sources and what they said, but I can infer based on the technical side of things that the non-technical side of things may be jumbled the same way.”

 

By Roger Fingas
Sunday, October 07, 2018, 06:54 pm PT (09:54 pm ET)

Apple hasn’t detected unusual transmissions or other evidence servers were infiltrated with Chinese spy chips, the company’s VP of Information Security insisted in a letter to Congress on Sunday.

“Apple’s proprietary security tools are continuously scanning for precisely this kind of outbound traffic, as it indicates the existence of malware or other malicious activity. Nothing was ever found,” wrote George Stathakopoulos. A copy of the letter was obtained by Reuters.

The executive also echoed previous Apple statements that the company hasn’t discovered the chips themselves, or been contacted by the FBI about the matter. He did, however, promise to make himself available this week for briefing Congressional staff.

Last Thursday, a Bloomberg report claimed that Chinese operatives had managed to sneak a microchip the size of a grain of rice onto 7,000 motherboards produced by Super Micro, which supplied those compromised parts for use in Apple’s iCloud data centers. The chip, supposedly designed by the Chinese military, is said to have passed server data on to Chinese interests, and created a backdoor into public-facing networks.

Bloomberg has stuck by its story, claiming that 30 companies were affected in all, another example being Amazon. The report took over a year to produce, and 17 sources, including people inside Apple.

Two government agencies — the Department of Homeland Security, and the U.K.’s GCHQ — have cast doubt on the allegations. The Chinese government is known to regularly probe U.S. government and corporate networks, though.

The U.S. National Security Agency has itself resorted to intercepting IT infrastructure such as Cisco routers.

 

By Christine McKee
Saturday, October 06, 2018, 05:54 pm PT (08:54 pm ET)

On the heels of June’s Supreme Court ruling allowing states to collect sales tax on online purchases from out-of-state sellers that do not have a physical presence in the state, B&H Photo, an Apple authorized reseller, will begin collecting sales tax in 15 additional states starting the week of Oct. 8.

Currently B&H collects sales tax in New York and New Jersey only, although the online retailer also reports annual sales to local tax authorities in Colorado, Vermont and Washington State.

Starting next week, however, B&H will begin collecting sales tax in 15 more states, with plans to collect sales tax in a total of 22 states by the end of 2018.

Which 15 states will appear during the first round of additions remains to be seen; however, the total list of states in which B&H will collect sales tax by year’s end will include AL, CO, CT, HI, IL, IN, KY, MD, ME, MI, MN, MS, NC, ND, NJ, NY OK, SC, SD, VT, WA and WI. This is after the Supreme Court ruled five to four in the South Dakota v. Wayfair case.

If you’ve been eyeing a new Mac, iPad or piece of camera equipment at B&H, now may be the time to take the plunge before the first changes take effect. Included below are a few of B&H’s best bargains going on now, with deals on every Mac and iPad available in our Apple Price Guide.

2018 13″ MacBook Pro with Touch Bar deals

• 2018 13″ MacBook Pro with Touch Bar (2.3GHz 8GB 256GB) Space Gray | MR9Q2LL/A
  On sale for $1,699.00
  ($100 off + no tax outside NY & NJ*)
• 2018 13″ MacBook Pro with Touch Bar (2.3GHz 8GB 256GB) Silver | MR9U2LL/A
  On sale for $1,699.00
  ($100 off + no tax outside NY & NJ*)
  * B&H will not collect sales tax on orders shipped outside NY & NJ (CO, VT & WA residents, see here).

2018 15″ MacBook Pro discounts

• 2018 15″ MacBook Pro (2.2GHz 16GB 256GB Radeon 555X) Space Gray | MR932LL/A
  On sale for $2,249.00
  ($150 off + no tax outside NY & NJ*)
• 2018 15″ MacBook Pro (2.2GHz 16GB 256GB Radeon 555X) Silver | MR962LL/A
  On sale for $2,199.00
  ($200 off + no tax outside NY & NJ*)
• 2018 15″ MacBook Pro (2.6GHz 16GB 512GB Radeon 560X) Silver | MR972LL/A
  On sale for $2,499.00
  ($200 off + no tax outside NY & NJ*) – Hot deal!
  * B&H will not collect sales tax on orders shipped outside NY & NJ (CO, VT & WA residents, see here).

2017 15″ MacBook Pro closeouts

• 2017 15″ MacBook Pro (2.8GHz 16GB 256GB Radeon 555) Silver | MPTU2LL/A
  On sale for $1,999.00
  ($400 off + no tax outside NY & NJ*)
• 2017 15″ MacBook Pro (2.8GHz, 16GB, 256GB, Radeon 560) Space Gray | Z0UB2LL/A
  On sale for $1,899.00
  ($600 off + no tax outside NY & NJ*) – Hot deal!
• 2017 15″ MacBook Pro (2.9GHz 16GB 512GB Radeon 560) Space Gray | MPTT2LL/A
  On sale for $2,099.00
  ($700 off + no tax outside NY & NJ*)
• 2017 15″ MacBook Pro (2.9GHz, 16GB, 512GB, Radeon 560) Silver | MPTV2LL/A
  On sale for $2,149.00
  ($650 off + no tax outside NY & NJ*)
• 2017 15″ MacBook Pro (3.1GHz 16GB 1TB Radeon 560) Silver | Z0UD-MPTU31
  On sale for $2,699.00
  ($700 off + no tax outside NY & NJ*)
• 2017 15″ MacBook Pro (3.1GHz 16GB 2TB Radeon 560) Space Gray | Z0UC0LL/A
  On sale for $3,299.00
  ($900 off + no tax outside NY & NJ*)
  * B&H will not collect sales tax on orders shipped outside NY & NJ (CO, VT & WA residents, see here).

2017 13″ MacBook Pro with Touch Bar markdowns

• 2017 13″ MacBook Pro with Touch Bar (3.1GHz 8GB 256GB) Space Gray | MPXV2LL/A
  On sale for $1,499.00
  ($300 off + no tax outside NY & NJ*)
• 2017 13″ MacBook Pro with Touch Bar (3.1GHz 8GB 256GB) Silver | MPXX2LL/A
  On sale for $1,499.00
  ($300 off + no tax outside NY & NJ*)
• 2017 13″ MacBook Pro with Touch Bar (3.1GHz 8GB 512GB) Space Gray | MPXW2LL/A
  On sale for $1,549.00
  ($450 off + no tax outside NY & NJ*)
• 2017 13″ MacBook Pro with Touch Bar (3.1GHz 8GB 512GB) Silver | MPXW2LL/A
  On sale for $1,549.00
  ($450 off + no tax outside NY & NJ*)
• 2017 13″ MacBook Pro with Touch Bar (3.1GHz 16GB 512GB) Space Gray | Z0UN1LL/A
  On sale for $1,799.00
  ($400 off + no tax outside NY & NJ*)
• 2017 13″ MacBook Pro with Touch Bar (3.5GHz 16GB 256GB) Space Gray | Z0UM4LL/A
  On sale for $1,999.00
  ($300 off + no tax outside NY & NJ*)
• 2017 13″ MacBook Pro with Touch Bar (3.5GHz 16GB 512GB) Space Gray | Z0UN7LL/A
  On sale for $2,099.00
  ($400 off + no tax outside NY & NJ*)
• 2017 13″ MacBook Pro with Touch Bar (3.5GHz 16GB 1TB) Space Gray | Z0UN8LL/A
  On sale for $2,299.00
  ($600 off + no tax outside NY & NJ*)
• 2017 13″ MacBook Pro with Touch Bar (3.5GHz 16GB 1TB) Silver | MQ012LL/A
  On sale for $2,299.00
  ($600 off + no tax outside NY & NJ*)
  * B&H will not collect sales tax on orders shipped outside NY & NJ (CO, VT & WA residents, see here).

Add AppleCare+

You can easily tack on an AppleCare extended protection plan to these Touch Bar MacBook Pros for $269 (13″) or $379 (15″) by selecting the AppleCare option immediately after you press the “Add to Cart” button on B&H’s website.

Additional Apple Deals

AppleInsider and Apple authorized resellers are also running a handful of additional exclusive promotions this month on Apple hardware that will not only deliver the lowest prices on many of the items, but also throw in discounts on AppleCare, software and accessories. These deals are as follows:

Apple reportedly launched a wide-reaching internal investigation into an explosive report claiming Chinese spies compromised its servers in what boils down to a complex supply chain hack, but came up empty in its examination.

Citing multiple high-ranking Apple executives who spoke on the matter anonymously, BuzzFeed News reports the company conducted a “massive, granular, and siloed investigation” into claims leveled in a recent Bloomberg Businessweek report. The Bloomberg story, published Thursday, alleges servers used by nearly 30 tech firms including Apple and Amazon were compromised as part of an elaborate Chinese intelligence operation uncovered in 2015.

Not only did Apple’s investigation find no evidence of the hardware tampering in question, but it also failed to identify unrelated incidents that could have contributed to Bloomberg’s claims, the report said.

“We tried to figure out if there was anything, anything, that transpired that’s even remotely close to this,” a senior Apple security executive said, according to BuzzFeed News. “We found nothing.”

A security engineer involved in the investigation said they had never seen a microchip resembling the component described in the Bloomberg report.

Thursday’s story claimed Chinese operatives managed to sneak a microchip the size of a grain of rice onto motherboards produced by Supermicro, which supplied the parts for use in Apple’s iCloud data centers. The chip, supposedly designed by the Chinese military, was said to act as a “stealth doorway onto any network” and offered “long-term stealth access” to attached computer systems.

“I don’t know if something like this even exists,” the unnamed Apple engineer said. The person went on to note that Bloomberg did not produce material for Apple to examine in efforts to corroborate the report. “We were given nothing. No hardware. No chips. No emails.”

Another Apple executive, a senior member of the company’s legal team, said it had not been in contact with government agencies purportedly investigating the matter. Bloomberg in its report claims Apple informed the FBI of “suspicious chips” found in Supermicro servers around May 2015 after “detecting odd network activity and firmware problems.”

The executive reiterated Apple’s public statement on the matter, saying the company is not bound by a confidentiality agreement or gag order.

Apple appears to have exhausted all avenues in its investigation, and sources told BuzzFeed News the company believes there is little else it can do at this juncture.

Just hours after the Bloomberg report was published, both Apple and Amazon issued strongly worded statements refuting the claims in no uncertain terms. As BuzzFeed News points out, the denial is unlike anything Apple has distributed, including a precisely worded counter to claims that it participated in the U.S. government’s PRISM surveillance program in 2013. The company uses broad language to categorically deny all assertions in Bloomberg’s story, and offers point-by-point rebuttal to certain facts and figures.

Amazon’s response struck a similar tone.

For its part, Bloomberg is standing by its investigation, saying the report took more than a year to compile and involved more than 100 interviews. The publication cites 17 sources from government agencies and companies involved in the alleged hack, including senior insiders at Apple.

With both sides refusing to stand down the issue has become a matter of “he said, she said.” It is unclear how, or even if, the allegations can be disproven, as Bloomberg has yet to produce conclusive evidence of the scheme beyond information from anonymous sources.

In a move that essentially puts the kibosh on third-party repairs, Apple with its latest Macs has instituted a T2 security chip-related feature that disables a host machine unless specialized diagnostics software is used when replacing hardware.

Detailed in an Apple document circulated to Authorized Service Providers last month, the modified repair procedure requires proprietary “system configuration” software to be run after certain hardware components are replaced, Motherboard reports.

Called Apple Service Toolkit 2, the program works in conjunction with Apple’s T2 security chip, present in the 2018 MacBook Pro and iMac Pro.

The suite includes the Mac Resource Inspector and tools that examine a variety of computer systems including memory, display, power adapters and cooling system, the publication said, citing the repair document. To ensure only authorized personnel are using the toolkit, Apple requires authenticated access to its Global Service Exchange (GSX) network.

“For Macs with the Apple T2 chip, the repair process is not complete for certain parts replacements until the AST 2 System Configuration suite has been run. Failure to perform this step will result in an inoperative system and an incomplete repair,” the internal document reads, according to Motherboard.

The software is restricted to Apple Authorized Service Providers, meaning Apple has effectively blocked third-party or at-home repairs of major components. Not all hardware modifications are pursuant to the new policy, however.

According to the publication, repair facilities must use the software when replacing a MacBook Pro’s display assembly, top case, logic board or Touch ID board. The same is required when swapping out an iMac Pro’s logic board or flash storage, the latter being particularly problematic for users looking to expand onboard capacity.

Word of the new protocol is likely to renew suspicions of “planned obsolescence” strategies, as Apple, and only Apple, is in control of T2-bearing Macs repairs. The company can, for example, discontinue repair support eligibility for said machines when they reach end-of-life, thereby forcing customers to buy a new machine.

Apple’s policy is also sure to stoke concern with advocates of so-called “right to repair” legislation being readied in a number of U.S. states. The laws seek to force tech companies like Apple to provide consumers and third-party repair outlets access to repair information, diagnostic equipment and parts.

Whether Apple can retroactively revoke AST 2 policies via a firmware update is unclear, but the operating restrictions hinge on the T2. Introduced with iMac Pro, the Apple-designed silicon integrates multiple system controllers, including those governing audio and SSD drives, as well as Mac’s image signal processor onto a single chip.

As part of its mass storage management duties, the T2 encrypts and decrypts user data. Additionally, and germane to the AST 2 repair policy, the chip validates the entire boot process.

Patent troll Uniloc returned to form on Wednesday after a months-long hiatus from lobbing allegations against Apple, this time challenging the company’s AirDrop file sharing technology with a 2006 Philips patent.

Filed with the U.S. District Court for the Western District of Texas, Uniloc’s latest attempt to extract damages from the tech giant leverages a single patent first filed with the U.S. Patent and Trademark Office in 2000.

Invented by Jonathan Griffiths, U.S. Patent No. 7,136,999 for a “Method and system for electronic device authentication” details techniques of creating a secure environment for transferring data between two devices. In particular, the IP covers methods of providing authentication over a variety of wireless protocols including Bluetooth.

According to the patent’s first claim, an initial authentication procedure is performed over a short-range wireless link. Once authenticated, the two devices are then able to connect when out of range of the first wireless link protocol. As noted in following claims, the devices can exchange initial authentication information — a key or password — via an alternative communications link.

The USPTO issued a grant for the ‘999 patent in 2006.

The IP has changed hands multiple times since its filing in 2000, first from Griffiths to Philips Electronics that same year. It was assigned to patent aggregator IPG Electronics 503 Limited in 2009, then on to Pendragon Wireless in 2012 before landing in Uniloc’s coffers in February 2018. Uniloc Luxembourg subsequently assigned the patent to Uniloc 2017 LLC in July.

Uniloc’s U.S. licensing entity, with the recently formed Uniloc 2017, is leveraging the patent-in-suit against Apple and AirDrop.

Introduced alongside OS X 10.7 Lion in 2011, AirDrop is a first-party ad hoc protocol designed to simplify the process of transferring large files from one device to another.

Initially developed to connect two Macs over Wi-Fi, the service first appeared in the OS X Finder. Running AirDrop allowed two Macs to quickly create an ad hoc connection without need for passwords or complex network configuration. Simple drag-and-drop functionality made the system a more attractive alternative to direct link, cloud storage and similar file transfer solutions in use at the time.

Apple later extended — and modified — AirDrop to accommodate its mobile operating system with iOS 7 in 2013. Unlike legacy AirDrop technology, the revamped version employs a dual-link structure that relied on Bluetooth for discovery and token setup, and Wi-Fi for file transfers. Again, users are presented with an easy-to-use interface in Share Sheets that features automatic device discovery and tap-to-send capabilities.

It is this second iteration of AirDrop that Uniloc is targeting in its latest lawsuit.

The non-practicing entity is alleging infringement of claims 13 and 17 of the ‘999 patent, which relate to establishing a secure link between two devices through exchange of authentication information over two separate communications links. Named in the suit are all devices compatible with Apple’s current implementation of AirDrop, including all iPhones from iPhone 5 to iPhone XS Max, fourth- and fifth-generation iPads, all iPad mini generations, all iPad Air models, iPad Pro, MacBook, MacBook Air, MacBook Pro, iMac, Mac mini, Mac Pro, the fifth-generation iPod and fourth- through sixth-generation iPod touch models.

Uniloc in its suit seeks unspecified damages, reimbursement of legal fees and other relief deemed fit by the court.

The AirDrop case is the latest in a string of Uniloc lawsuits targeting Apple technologies. In the middle of 2017, the non-practicing entity went on a spree, filing suit against the iPhone maker almost once a month.

Last April, Uniloc sued over Maps, Apple ID and remote software updates, while a second batch of filings homed in on AirPlay, autodialing, battery technology in May. Device wake-up, step tracking and Apple Watch were added to the growing pile last June, AirPlay and Home in July, the Apple TV Remote app in August and Apple Watch’s GPS in October.

Uniloc is one of the most active patent trolls in the U.S., leveraging reassigned patents or vaguely worded original IP against a number of tech firms including Activision Blizzard, Aspyr, Electronic Arts, McAfee, Microsoft, Rackspace, Sega, Sony, Symantec and more.