tag:blogger.com,1999:blog-4838136820032157985.post7034074459280997535..comments2024-03-18T03:20:01.345-07:00Comments on Project Zero: Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple DevicesUnknownnoreply@blogger.comBlogger13125tag:blogger.com,1999:blog-4838136820032157985.post-13258429195066636662018-02-17T16:36:14.197-08:002018-02-17T16:36:14.197-08:00This comment has been removed by the author.bens67https://www.blogger.com/profile/01584792010908643425noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-75376472272084546682018-01-09T07:49:57.278-08:002018-01-09T07:49:57.278-08:00Late comment: this is utterly brilliant. Thank you...Late comment: this is utterly brilliant. Thank youBlue Neptunehttps://www.blogger.com/profile/00397824435979798855noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-52800004166901733382017-10-17T02:31:32.898-07:002017-10-17T02:31:32.898-07:00The vulnerabilities have been addressed by Apple i...The vulnerabilities have been addressed by Apple in iOS 11, so updating supported devices is sufficient. As I didn't research older devices, I don't know whether they are similarly affected, so unfortunately I can't advise you there. Gal Beniaminihttps://www.blogger.com/profile/01234036203079051373noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-17331163738079166622017-10-13T15:21:26.792-07:002017-10-13T15:21:26.792-07:00Understood, and thank you for the clarification. H...Understood, and thank you for the clarification. How would you recommend iPhone users, of both recent and legacy (USB) devices handle these vulnerabilities?Anonymoushttps://www.blogger.com/profile/12144600653050501729noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-67333842041637987892017-10-13T11:06:43.976-07:002017-10-13T11:06:43.976-07:00This exploit relies on mechanisms specific to PCIe...This exploit relies on mechanisms specific to PCIe. Some of the more high-level vulnerabilities we're discovered (e.g., in the ioctls and "event packets") are not interface-related, and so might be present in older devices -- I haven't done research on those devices, so I don't know for sure. Regardless, those issues would be harder to reliably exploit, as their primitives are quite weak.Gal Beniaminihttps://www.blogger.com/profile/01234036203079051373noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-88693137465239839592017-10-13T11:02:52.989-07:002017-10-13T11:02:52.989-07:00The Wi-Fi SoC does have its own RAM, but it has to...The Wi-Fi SoC does have its own RAM, but it has to communicate data to the host via some interface. This is done by sharing "windows" of the host's RAM (as is the norm with PCIe devices).<br /><br />One of the ways to prevent these issues from occurring in the future is to introduce read-only mappings into DART -- preventing race conditions on shared resources with the host.Gal Beniaminihttps://www.blogger.com/profile/01234036203079051373noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-77535932086971255332017-10-13T11:00:01.793-07:002017-10-13T11:00:01.793-07:00Thank you for the kind words. I mainly use GIMP an...Thank you for the kind words. I mainly use GIMP and draw.io, and sometimes just shell escape characters for pretty shell colours.Gal Beniaminihttps://www.blogger.com/profile/01234036203079051373noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-34338013552732949832017-10-13T07:42:32.238-07:002017-10-13T07:42:32.238-07:00Thanks for the excellent article!
Which tools are...Thanks for the excellent article!<br /><br />Which tools are you using to generate the illustrations? I like them. Very clear.Unknownhttps://www.blogger.com/profile/14834617226819711160noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-71844284848049760222017-10-13T05:22:19.773-07:002017-10-13T05:22:19.773-07:00this could have be avoided if the wifi chip had it...this could have be avoided if the wifi chip had its own ram instead of sharing itgggggggghedhttps://www.blogger.com/profile/10376596381322513785noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-42928423473077286542017-10-13T05:21:43.048-07:002017-10-13T05:21:43.048-07:00this could simply be avoided if the wifi chip had ...this could simply be avoided if the wifi chip had its own ram instead of sharing it - why dont companies do this gggggggghedhttps://www.blogger.com/profile/10376596381322513785noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-4247778588413038922017-10-13T00:49:34.110-07:002017-10-13T00:49:34.110-07:00You mention that older versions of the iPhone empl...You mention that older versions of the iPhone employ a USB versus PCIe interface with its WiFi hardware. Does this exploit also work for the USB version, or does USB isolate the WiFi hardware enough to prevent a full takeover? Moreover, would the backdoor installation exploit mentioned in part two of your series apply to older iPhone hardware as well, or simply more recent versions?Anonymoushttps://www.blogger.com/profile/12144600653050501729noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-47574173768240131162017-10-12T23:49:26.121-07:002017-10-12T23:49:26.121-07:00Comment thread on HN: https://news.ycombinator.com...Comment thread on HN: https://news.ycombinator.com/item?id=15460785Rajeshhttps://www.blogger.com/profile/14887139765721468298noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-50145841523560609992017-10-12T00:55:14.333-07:002017-10-12T00:55:14.333-07:00I could imagine what a moral satisfaction one gets...I could imagine what a moral satisfaction one gets when after such a hard time reversing this complex software and hardware to finally see "Gained full R/W to physical memory!" :) Great work!Funbithttps://www.blogger.com/profile/17310621996920043062noreply@blogger.com