Most active commenters
  • dylan604(5)
  • rorykoehler(4)
  • grishka(3)
  • Polylactic_acid(3)

←back to thread

Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

(twitter.com)
1183 points robenkleene | 44 comments | 20 Oct 20 15:51 UTC | HN request time: 1.345s | source | bottom
Show context
eptcyka ◴[20 Oct 20 16:14 UTC] No.24839101[source]
Apple seems to do all kinds of weird networking _stuff_. For instance, during wakeup, your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard. Probably checking timestamps on signatures for the keyboard firmware, or something stupid like that. This only happens if it happens to have a default route.

Similarly, all macOS machines will test a DHCP supplied default route before applying it by trying to reach something on the internet. So if you happen to have some firewall rules that block internet access, no default route will be applied until the internet check times out.

I won't share the other sentiments about the above, but is it really that hard to document these behaviors?

replies(22): >>24839205 #>>24839226 #>>24839281 #>>24839287 #>>24839352 #>>24839401 #>>24839503 #>>24839892 #>>24840087 #>>24840150 #>>24840234 #>>24840673 #>>24840752 #>>24841372 #>>24841670 #>>24842254 #>>24842446 #>>24843973 #>>24843982 #>>24845295 #>>24845368 #>>24847526 #
1. dylan604 ◴[20 Oct 20 16:41 UTC] No.24839503[source]
Apple touted the T2 chip as the bee's knees in security. Now, we have a vulnerability that cannot be defended against. However, Apple went all in on the security of this T2 chip so that you cannot replace the SSD (besides the method to manufacture). I appreciate the desire at making a device difficult for a bad actor to get to your data, but they epicly failed and ultimately only made an user-hostile device. Oh, and the laptops with these chips also had the world's worst keyboard. Absolute trash.
replies(8): >>24839773 #>>24840191 #>>24840273 #>>24840861 #>>24841024 #>>24842626 #>>24842828 #>>24843964 #
2. rorykoehler ◴[20 Oct 20 17:02 UTC] No.24839773[source]
Additionally charging on the left side ports makes the T2 chip overheat and crashes the machine on occasion.
replies(2): >>24840309 #>>24840819 #
3. m463 ◴[20 Oct 20 17:37 UTC] No.24840191[source]
T2 is a nightmare for people who want to reinstall. I reinstalled a machine for someone and it was a mess of 2fa and other nonsense.
replies(1): >>24841288 #
4. MrMorden ◴[20 Oct 20 17:44 UTC] No.24840273[source]
The new keyboard is no longer horrible beyond index. Unfortunately, it's merely adequate, which at least in my book is unacceptable for any $1k+ laptop, let alone $3k+.
replies(1): >>24841387 #
5. simonklitj ◴[20 Oct 20 17:48 UTC] No.24840309[source]
What if you have a model with ports only on the left-hand side? Does it crash it as well?
replies(2): >>24840629 #>>24840898 #
6. imwillofficial ◴[20 Oct 20 18:16 UTC] No.24840629{3}[source]
Mine doesn’t.
7. rootsudo ◴[20 Oct 20 18:32 UTC] No.24840819[source]
REALLY?

Okay, I'm going to test this.

I noticed odd hangings and cpu hitting high temps on a MBP 2018' w/ dell usb C dock on left side, meanwhile right side is fine but I had to reboot randomly and sometimes it will just crash.

And this is a MBP on a laptop stand.

replies(3): >>24841129 #>>24841144 #>>24841851 #
8. grishka ◴[20 Oct 20 18:38 UTC] No.24840861[source]
> I appreciate the desire at making a device difficult for a bad actor to get to your data

That's what FileVault is for. I don't understand what's the problem T2 is trying to solve by its existence. Being able to use something else to read the data from a drive you pulled out of your computer, after decrypting it with your password, is a feature, not a bug. T2 is a regression, not an improvement in security. You can't call it a security product if you keep the master key, which Apple does.

replies(3): >>24841398 #>>24843832 #>>24925093 #
9. rorykoehler ◴[20 Oct 20 18:41 UTC] No.24840898{3}[source]
I'm not sure. I have a 2019 mbp 16 with a dodgy logic board and while it crashes even without charging on the left it definitely crashes more often when charging on the left. I'm stuck in limbo because I need my machine for work. Will take it in when I have a break.

Some threads https://discussions.apple.com/thread/250905859

https://forums.macrumors.com/threads/2019-16-inch-macbook-pr...

replies(2): >>24841031 #>>24842647 #
10. cute_boi ◴[20 Oct 20 18:52 UTC] No.24841024[source]
Plus don't talk about display. Its has serious flaw. Like most macbook 2017 have lines on bottom due to apple placing controller in tcon board. What a trash .
11. dylan604 ◴[20 Oct 20 18:52 UTC] No.24841031{4}[source]
Are the Apple Stores in your area even open to take the laptop in? I have delayed my attempt to get my keyboard looked at because of Covid.
replies(2): >>24841181 #>>24841328 #
12. dylan604 ◴[20 Oct 20 19:00 UTC] No.24841129{3}[source]
I never had mine crash, but if I charge on the left hand side, the temp of the laptop increases to the point of needing the fan. Charging on the right hand side does not cause this problem. I had never paid attention to what side I was charging on until earlier this year when someone posted about it. After trying the right hand ports, I could see a difference.
13. fennecfoxen ◴[20 Oct 20 19:02 UTC] No.24841144{3}[source]
Docks on the left side, or similar devices which provide both power and send data, seem to be particularly problematic. On advice of my employer's IT department I went from "spinning up new VMs in VirtualBox reliably leads to thermal excess, CPU throttling, and total system shutdown" to a system that actually works -- just by moving the dock connection to the right side.

It's a little funny because the advice used to be you should use the left-side USB-C ports first because they were faster (both for data and charge, IIRC?)

replies(2): >>24841458 #>>24841512 #
14. rorykoehler ◴[20 Oct 20 19:06 UTC] No.24841181{5}[source]
In Berlin everything is pretty much open (loosely enforced indoor mask and social distancing mandates). They’re not trying to eliminate the virus here like they do in Singapore or Australia. They track 3 values and depending on the scores they escalate or ease restrictions.
15. GekkePrutser ◴[20 Oct 20 19:16 UTC] No.24841288[source]
Yeah if you want to wipe a laptop, make sure you unlink your user account first. It's Apple's theft protection, same as with their phones. It'll want to see a successful login with the Apple ID.
replies(1): >>24844938 #
16. simonklitj ◴[20 Oct 20 19:20 UTC] No.24841328{5}[source]
Have found success with pressing hard on stuck keys to unstick them.
17. sdoering ◴[20 Oct 20 19:25 UTC] No.24841387[source]
I am at MB Pro #3 in as many years. We replace around 2 percent of or colleagues' machines per week. Some because of the keyboard (they go into repair and are rotated back) some because they stop working from one moment to the next (also into repair, but only once, after that if it happens again they're scrapped). All three of my MB Pro devices were in repair once because they stopped working costing me one additional day of setup of a temp device. And also one day for setting them up again after they came back. When they died for good another day for a temp replacement until the newly ordered one arrived and it was another day of setup. So I am currently quite well versed in setting up a MB Pro and have it scripted as far as I can thanks to homebrew and the like.

But replacing 2.5k every year with additional repairs in the 700 Euro range isn't viable.

Sadly we are primarily a Mac shop and I have to say that Keynote is by far the best piece of presentation software I know of. But none the less. The hardware is currently unacceptable imho.

18. derrick_jensen ◴[20 Oct 20 19:26 UTC] No.24841398[source]
One of the value props was the inability to reset and resell if it were lost or stolen. Now that it’s cracked there is more of an incentive to not try and find the owner.

As for actual data security you are probably right

replies(2): >>24841580 #>>24843893 #
19. sdoering ◴[20 Oct 20 19:32 UTC] No.24841458{4}[source]
What? I have to test this. I have my 4k monitor also providing power. Being a lefty I always plug it into the left side. Need to test this. Thanks for the information.
20. dylan604 ◴[20 Oct 20 19:36 UTC] No.24841512{4}[source]
On one of the older MacBookPros, the left hand USB port was USB3 while the one on the right hand side was USB2
replies(1): >>24843845 #
21. Siira ◴[20 Oct 20 19:43 UTC] No.24841580{3}[source]
Is the crack in hardware or software? Any links on it? I thought the iPhones at least could not be reset by thieves?
replies(3): >>24842622 #>>24842687 #>>24844928 #
22. mlindner ◴[20 Oct 20 20:08 UTC] No.24841851{3}[source]
Yes it was with specific models, but it's got nothing to do with the T2 chip. https://apple.stackexchange.com/questions/363337/how-to-find...
23. jeroenhd ◴[20 Oct 20 21:39 UTC] No.24842622{4}[source]
A demo of the T2 hardware exploit on iMacs can be found here: https://blog.t8012.dev/plug-n-pwn/

From what I could find, the encryption keys of the T2 are still secure but the OS running on it is not. Wiping the SSD and/or repairing another might be enough to resell the device without any locks but I'm not 100% sure about that.

24. Dylan16807 ◴[20 Oct 20 21:39 UTC] No.24842626[source]
> Apple went all in on the security of this T2 chip so that you cannot replace the SSD

That's not a security thing, really. It's easy enough to layer encryption on a normal SSD. It's their desire to make it some kind of do-everything auxiliary chip, which has the end result of weakening security.

25. ohmaigad ◴[20 Oct 20 21:42 UTC] No.24842647{4}[source]
I also have 2019 MBP16 and i am using a dock/charging on the left side - i think the system froze once in a year so i don't seem to have this issue.
replies(1): >>24846251 #
26. lioeters ◴[20 Oct 20 21:48 UTC] No.24842687{4}[source]
> The mini operating system on the T2 (SepOS) suffers from a security vulnerable also found in the iPhone 7 since it contains a processor based on the iOS A10.

> ..Using the checkm8 exploit originally made for iPhones, the checkra1n exploit was developed to build a semi-tethered exploit for the T2 security chip, exploiting a flaw. This could be used to e.g. circumvent activation lock, allowing stolen iPhones or macOS devices to be reset and sold on the black market.

> Since sepOS/BootROM is Read-Only Memory for security reasons, interestingly, Apple cannot patch this core vulnerability without a new hardware revision.

Crouching T2, Hidden Danger (2020-10-05) https://ironpeak.be/blog/crouching-t2-hidden-danger/

27. jscipione ◴[20 Oct 20 22:08 UTC] No.24842828[source]
It's ok, the T3-based MacBook Air is due out next month.
28. jiveturkey ◴[21 Oct 20 00:44 UTC] No.24843832[source]
> I don't understand what's the problem T2 is trying to solve by its existence.

watch the 2 security briefings that Apple delivered at black hat. i think they are 3 years apart and each touched on different aspects. i might be misremembering and T2 is covered in just one of them.

29. jiveturkey ◴[21 Oct 20 00:46 UTC] No.24843845{5}[source]
T3 vs USB3, not USB3 vs USB2.
replies(1): >>24850603 #
30. grishka ◴[21 Oct 20 00:56 UTC] No.24843893{3}[source]
> One of the value props was the inability to reset and resell if it were lost or stolen.

It's sure one of those nice to have features, but there's no good reason why it has to be mandatory like it is. All in all, having a device purposefully retain some information when you factory reset it is user-hostile.

The "lost or stolen" argument also hardly holds for desktop computers like Mac Pro or Mac Mini or iMac, yet they still have T2s in them.

replies(2): >>24843967 #>>24845075 #
31. ◴[21 Oct 20 01:13 UTC] No.24843964[source]
32. hayksaakian ◴[21 Oct 20 01:14 UTC] No.24843967{4}[source]
It seems like this is a feature designed to shrink the "used" market for Apple products -- and not a user benefiting feature.
replies(1): >>24844092 #
33. grishka ◴[21 Oct 20 01:42 UTC] No.24844092{5}[source]
But one of the things about Apple products that makes people okay with the exorbitant pricing is the resale value. I thought Apple themselves realized this?
replies(1): >>24866452 #
34. Polylactic_acid ◴[21 Oct 20 05:13 UTC] No.24844928{4}[source]
Every device up to the iphone X has been cracked btw so the factory reset protection can be bypassed.
replies(1): >>24857504 #
35. Polylactic_acid ◴[21 Oct 20 05:16 UTC] No.24844938{3}[source]
This is the worst. So many people seem to forget their apple ID password but remember their screen unlock password. I saw a case recently where someone had an attacker get access to their apple account as well as everything else. I was able to do a fresh install of their windows laptop but I was unable to reset the persons iphone because the attacker had changed the apple id password.

I have also seen many android devices bricked by the same anti theft protections.

replies(1): >>24846088 #
36. threeseed ◴[21 Oct 20 05:42 UTC] No.24845075{4}[source]
> The "lost or stolen" argument also hardly holds for desktop computers

Why ? People's houses get broken into all the time.

And probably 99.999% of laptops never leave a person's house.

37. GekkePrutser ◴[21 Oct 20 09:18 UTC] No.24846088{4}[source]
Yep we have a whole box full of perfectly good phones and that's just for one office :(

However Apple does unlock them if you can prove ownership. You need an invoice with serial number. It's a lot of hassle but it works. The reason for that box is that we didn't get serial numbers on the invoices for a long time :(

It's another one of those things that are supposedly for the benefit of the consumer but also really supports the company's bottom line by having to buy a new product. I'm always a bit dubious of their motives. I do see the benefit of such features. But they should have some kind of workaround for unlocking it. Such as a card with a QR code that you get with the phone and keep on file or something. Because theft isn't the only way you can get locked out. And since the fappening Apple is really difficult with resetting passwords, in some cases people just can't make it happen.

Android is even tougher but our local carrier can send them for repair to unblock them. Also, Samsung KME overrides the lock, which makes sense because it proves the device is company owned. I wish Apple DEP could do this too.

replies(1): >>24852841 #
38. rorykoehler ◴[21 Oct 20 09:57 UTC] No.24846251{5}[source]
Did you buy the stock spec or custom?
replies(1): >>24889503 #
39. dylan604 ◴[21 Oct 20 18:24 UTC] No.24850603{6}[source]
I said OLDER MBPs. This was before TB3 was even a thing
40. Polylactic_acid ◴[21 Oct 20 22:16 UTC] No.24852841{5}[source]
How old are the phones? Everything up til the X can be hacked now to bypass that I was told. If the company has no use for them you could probably make a huge profit unlocking all of them.
41. Siira ◴[22 Oct 20 13:00 UTC] No.24857504{5}[source]
Can you provide some links?
42. thewileyone ◴[23 Oct 20 06:02 UTC] No.24866452{6}[source]
No, they want both you and the potential pre-owned Mac buyer to buy a new device each.
43. ohmaigad ◴[25 Oct 20 20:13 UTC] No.24889503{6}[source]
Stock with i9, 16GB RAM, Radeon 5500m, 1TB SSD
44. ◴[28 Oct 20 22:52 UTC] No.24925093[source]