memiux
commented
8 years ago 
Open kristovatlas opened 8 years ago
memiux
commented
8 years ago
neuhaus
commented
8 years ago Just in case someone plans to do this: How do you charge your new Macbook or Macbook Pro after you cemented the USB C ports :battery: ?
JarrettR
commented
8 years ago The new Macbooks support Wave wireless charging, don't they? Better try it to find out.
gddeen
commented
8 years ago I would think if someone had access to a USB port, they might be clever enough to have a screwdriver and design access directly from the board.
Security has always suggested no physical access.
On Nov 17, 2016, at 12:22 PM, Jarrett notifications@github.com wrote:
The new Macbooks support Wave wireless charging, don't they? Better try it to find out.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/samyk/poisontap/issues/2#issuecomment-261310457, or mute the thread https://github.com/notifications/unsubscribe-auth/AFkHEn2mencHA_h4-haxc-M4yzSGjurFks5q_I1cgaJpZM4K0TsX.
JonathanNathanson
commented
7 years ago https://www.amazon.co.uk/dp/B000FKP8B6/ref=twister_B01BP55BU2?_encoding=UTF8&psc=1
Potentially a better mitigation than cement, although not foolproof. Will certainly mean a would-be attacker that's relying on getting a few minutes uninterrupted access to your laptop by socially engineering a visit to reception / the loo would have a much harder time...
AlexPoulsen
commented
7 years ago https://derflounder.wordpress.com/2014/02/12/power-nap-power-management-settings-and-filevault-2/
This walks you through getting your mac to hibernate instead of sleep. It is a little bit quicker than a full shutdown (Not tested, just felt quicker) and saves your ram so everything is where you left it. Requires FileVault and copying and pasting commands into Terminal
Used a midi keyboard with a light on it to test if it was connected. Before changing the settings, On, after changing them, Off. So most likely this fixes it completely. Just expect to wait a good bit longer when waking it up. Uses hibernation for blocking access to the USBs, and FileVault so they can't just connect your mac up to another computer and access it's storage. Or manually take your drive out if you still have a mac that old.
Way better than cement.
kristovatlas
commented
7 years ago @AlexPoulsen I think that should help, but I'd like to see someone test it with PoisonTap. Note that if an attacker wakes your machine up while hibernated, he will be perfectly able to connect USB devices including USB-to-ethernet adapters. The reason I think it will still work decently is that, while the OS may connect to the USB-to-ethernet adapter via DHCP, presumably all of the apps that would send interesting data are not running until the hibernate image is decrypted and loaded back into RAM.
kristovatlas
commented
7 years ago @JonathanNathanson I think that raises the bar very slightly, but those are pretty easy to remove with a small tool -- not to mention one of the tools the company itself sells if the attacker is expecting the port blocker.
AlexPoulsen
commented
7 years ago @kristovatlas Unless the attacker is able to hack into a system process. Even then, I don't think much of macOS is actually running. One would have to test the CPU time of various processes, including kernel_task (which if anything is running, it is), and some other system processes to see what is running and what isn't. Compare the time before and after hibernation with a quick test (login as soon as it boots), and with a slow test (wait a while keeping the screen on) to check whether on not certain things are increasing. Then you know what to hack. And if nothing is increasing much in the long test, then it is firmware that is running the unlock-the-disk screen and idk if a usb device could modify firmware. Opening the computer up to modify the firmware isn't something one could do easily or when the target is in the bathroom.
Does anyone have any mitigations to prevent usb-ethernet adapters from being automatically connected to?
I've noticed the following behavior: -If I create a new Network Location in the "Network" section of MacOS's System Preferences and the usb-ethernet adapter is plugged in, the new Location will automatically add the device to the list of adapters and connect to it. -If I create a new Location without the device plugged in, activate that location, and then plug in the device, it will not be automatically added to the list of devices, nor automatically connected to.