←back to thread

Upgrading an M4 Pro Mac mini's storage for half the price

(www.jeffgeerling.com)
420 points speckx | 5 comments | 11 Jul 25 14:06 UTC | HN request time: 0s | source
Show context
porphyra ◴[11 Jul 25 15:23 UTC] No.44533210[source]
There are also shops in China that will upgrade the SSD in a mac mini for cheaper and they will do all the work of the DFU restore etc.
replies(3): >>44533225 #>>44533294 #>>44533743 #
ttul ◴[11 Jul 25 15:24 UTC] No.44533225[source]
And when the machine arrives back in the States, it even has a fresh CPC ROM soldered onto the back of the SOC!
replies(4): >>44533283 #>>44533301 #>>44533357 #>>44533397 #
hollerith ◴[11 Jul 25 15:38 UTC] No.44533397[source]
I'm not a security researcher, but I get the distinct impression that Apple's hardware security is good enough that if you actually had an evil-maid attack on the M4 Pro Mac mini, it would instantly become the hottest news in the security community.
replies(3): >>44534237 #>>44536090 #>>44539601 #
1. adrian_b ◴[11 Jul 25 16:40 UTC] No.44534237[source]
I would not be so sure that Apple's hardware security is good enough, taking into account that for several years it has been possible to take complete control remotely and undetectably over any iPhone, because of a combination of hardware and software bugs.

The Apple Mx CPUs had some secret test registers that allowed the bypassing of all hardware memory protections and which could be accessed by those who were aware of their existence, because they were not disabled after production, as they should have been. Combined with some software bugs in some Apple system libraries, this allowed an attacker to obtain privileged execution rights by sending an invisible message to the iPhone.

It is unknown whether the same secret test registers were also open in the laptop versions of the Apple Mx CPUs. There the invisible message attack route would have been unavailable, but malicious Web pages might have been able to use the same exploit.

This incredible security failure has been hot news for a couple of weeks, together with the long list of CVEs associated with it, and it has been also discussed on HN, but after that it has been quickly forgotten. Now most people still think that the Apple devices have good security, despite their history showing otherwise. I do not think that any other hardware vendor except Apple has been caught with a security bug so dumb as those unprotected hardware test registers.

This was not a theoretical security failure, but it was discovered because some unknown attackers had used it for a long time to spy on some iPhone owners. The attack had been discovered by studying the logs of WiFi access points, which had shown an unusually high outbound traffic coming from the iPhones, which were exfiltrating the acquired data.

replies(2): >>44538892 #>>44538909 #
2. ◴[12 Jul 25 02:49 UTC] No.44538892[source]
3. commandersaki ◴[12 Jul 25 02:52 UTC] No.44538909[source]
It wasn’t known by many and probably too valuable to burn so targets would be selective, when it was found it was patched along with virtually every iDevice.

You make it sound like this was a huge impact issue, it really wasn’t, theoretically everyone could be affected but in reality a negligible subset were.

replies(1): >>44539948 #
4. adrian_b ◴[12 Jul 25 06:58 UTC] No.44539948[source]
I agree that few have been affected, but this has demonstrated gross incompetence of Apple, unless it had been an intentional backdoor, which would be even worse.

The fact that Apple keeps secret many technical details of their CPUs, like the existence of those hardware test registers, does not improve the security of their devices, but it weakens the security considerably.

Because of the Apple secrecy policy, the existence of the backdoor has been known and exploited by very few, but the same secrecy has enabled those few to spy on any interesting target for several years, without being discovered.

Had the test registers been documented, someone would have noticed quickly that they are accessible when they should not be, and the vulnerabilities would have been patched by Apple a few years earlier.

replies(1): >>44540479 #
5. commandersaki ◴[12 Jul 25 08:59 UTC] No.44540479{3}[source]
Hard disagree with the sentiment; the crown jewels of their hardware is the Secure Enclave and its software SEPOS which has benefitted significantly having its secrecy maintained. For decades now it has remained very much a blackbox that nobody has successfully attacked; and if it were attacked we would definitely know as its application of subverting it would be obvious.

As for the registers itself, I concede that information about those specifically could've been made available.