• Guest
HabraHabr
  • Main
  • Users

  • Development
    • Programming
    • Information Security
    • Website development
    • JavaScript
    • Game development
    • Open source
    • Developed for Android
    • Machine learning
    • Abnormal programming
    • Java
    • Python
    • Development of mobile applications
    • Analysis and design of systems
    • .NET
    • Mathematics
    • Algorithms
    • C#
    • System Programming
    • C++
    • C
    • Go
    • PHP
    • Reverse engineering
    • Assembler
    • Development under Linux
    • Big Data
    • Rust
    • Cryptography
    • Entertaining problems
    • Testing of IT systems
    • Testing Web Services
    • HTML
    • Programming microcontrollers
    • API
    • High performance
    • Developed for iOS
    • CSS
    • Industrial Programming
    • Development under Windows
    • Image processing
    • Compilers
    • FPGA
    • Professional literature
    • OpenStreetMap
    • Google Chrome
    • Data Mining
    • PostgreSQL
    • Development of robotics
    • Visualization of data
    • Angular
    • ReactJS
    • Search technologies
    • Debugging
    • Test mobile applications
    • Browsers
    • Designing and refactoring
    • IT Standards
    • Solidity
    • Node.JS
    • Git
    • LaTeX
    • SQL
    • Haskell
    • Unreal Engine
    • Unity3D
    • Development for the Internet of things
    • Functional Programming
    • Amazon Web Services
    • Google Cloud Platform
    • Development under AR and VR
    • Assembly systems
    • Version control systems
    • Kotlin
    • R
    • CAD/CAM
    • Customer Optimization
    • Development of communication systems
    • Microsoft Azure
    • Perfect code
    • Atlassian
    • Visual Studio
    • NoSQL
    • Yii
    • Mono и Moonlight
    • Parallel Programming
    • Asterisk
    • Yandex API
    • WordPress
    • Sports programming
    • Lua
    • Microsoft SQL Server
    • Payment systems
    • TypeScript
    • Scala
    • Google API
    • Development of data transmission systems
    • XML
    • Regular expressions
    • Development under Tizen
    • Swift
    • MySQL
    • Geoinformation services
    • Global Positioning Systems
    • Qt
    • Dart
    • Django
    • Development for Office 365
    • Erlang/OTP
    • GPGPU
    • Eclipse
    • Maps API
    • Testing games
    • Browser Extensions
    • 1C-Bitrix
    • Development under e-commerce
    • Xamarin
    • Xcode
    • Development under Windows Phone
    • Semantics
    • CMS
    • VueJS
    • GitHub
    • Open data
    • Sphinx
    • Ruby on Rails
    • Ruby
    • Symfony
    • Drupal
    • Messaging Systems
    • CTF
    • SaaS / S+S
    • SharePoint
    • jQuery
    • Puppet
    • Firefox
    • Elm
    • MODX
    • Billing systems
    • Graphical shells
    • Kodobred
    • MongoDB
    • SCADA
    • Hadoop
    • Gradle
    • Clojure
    • F#
    • CoffeeScript
    • Matlab
    • Phalcon
    • Development under Sailfish OS
    • Magento
    • Elixir/Phoenix
    • Microsoft Edge
    • Layout of letters
    • Development for OS X
    • Forth
    • Smalltalk
    • Julia
    • Laravel
    • WebGL
    • Meteor.JS
    • Firebird/Interbase
    • SQLite
    • D
    • Mesh-networks
    • I2P
    • Derby.js
    • Emacs
    • Development under Bada
    • Mercurial
    • UML Design
    • Objective C
    • Fortran
    • Cocoa
    • Cobol
    • Apache Flex
    • Action Script
    • Joomla
    • IIS
    • Twitter API
    • Vkontakte API
    • Facebook API
    • Microsoft Access
    • PDF
    • Prolog
    • GTK+
    • LabVIEW
    • Brainfuck
    • Cubrid
    • Canvas
    • Doctrine ORM
    • Google App Engine
    • Twisted
    • XSLT
    • TDD
    • Small Basic
    • Kohana
    • Development for Java ME
    • LiveStreet
    • MooTools
    • Adobe Flash
    • GreaseMonkey
    • INFOLUST
    • Groovy & Grails
    • Lisp
    • Delphi
    • Zend Framework
    • ExtJS / Sencha Library
    • Internet Explorer
    • CodeIgniter
    • Silverlight
    • Google Web Toolkit
    • CakePHP
    • Safari
    • Opera
    • Microformats
    • Ajax
    • VIM
  • Administration
    • System administration
    • IT Infrastructure
    • *nix
    • Network technologies
    • DevOps
    • Server Administration
    • Cloud computing
    • Configuring Linux
    • Wireless technologies
    • Virtualization
    • Hosting
    • Data storage
    • Decentralized networks
    • Database Administration
    • Data Warehousing
    • Communication standards
    • PowerShell
    • Backup
    • Cisco
    • Nginx
    • Antivirus protection
    • DNS
    • Server Optimization
    • Data recovery
    • Apache
    • Spam and antispam
    • Data Compression
    • SAN
    • IPv6
    • Fidonet
    • IPTV
    • Shells
    • Administering domain names
  • Design
    • Interfaces
    • Web design
    • Working with sound
    • Usability
    • Graphic design
    • Design Games
    • Mobile App Design
    • Working with 3D-graphics
    • Typography
    • Working with video
    • Work with vector graphics
    • Accessibility
    • Prototyping
    • CGI (graphics)
    • Computer Animation
    • Working with icons
  • Control
    • Careers in the IT industry
    • Project management
    • Development Management
    • Personnel Management
    • Product Management
    • Start-up development
    • Managing the community
    • Service Desk
    • GTD
    • IT Terminology
    • Agile
    • Business Models
    • Legislation and IT-business
    • Sales management
    • CRM-systems
    • Product localization
    • ECM / EDS
    • Freelance
    • Venture investments
    • ERP-systems
    • Help Desk Software
    • Media management
    • Patenting
    • E-commerce management
    • Creative Commons
  • Marketing
    • Conferences
    • Promotion of games
    • Internet Marketing
    • Search Engine Optimization
    • Web Analytics
    • Monetize Web services
    • Content marketing
    • Monetization of IT systems
    • Monetize mobile apps
    • Mobile App Analytics
    • Growth Hacking
    • Branding
    • Monetize Games
    • Display ads
    • Contextual advertising
    • Increase Conversion Rate
  • Sundry
    • Reading room
    • Educational process in IT
    • Research and forecasts in IT
    • Finance in IT
    • Hakatonas
    • IT emigration
    • Education abroad
    • Lumber room
    • I'm on my way

The new Apple T2 chip makes it difficult to audition through the built-in microphone of the

The new Apple T2 chip makes it difficult to audition through the built-in microphone of the 3r3114.  
3r3114.  
Apple has published documentation 3r3119. on the T2 security chip, which is built into the latest branded notebooks, including the MacBook Pro introduced at the beginning of the year and the recently announced MacBook Air. 3r3114.  
3r3114.  
Until today, little was known about the chip. But now it turns out that this is a very interesting chip. It has a number of security features, including the storage and protection of device encryption keys, fingerprint data and secure boot functions. In addition, the 3r332 chip. hardware [/i] disables the microphone of the built-in camera when closing the lid of the laptop. 3r3114.  
3r3119. 3r3114.  
“This shutdown is implemented at the hardware level and therefore does not allow any software, even with the privileges of root or kernel in macOS, and even software on the T2 chip, to turn on the microphone when the lid is closed,” the published guide says The microphone is given one paragraph. 3r3114.  
3r3114.  
3r3114.  
3r3114.  
It also adds that the camcorder itself is 3r3323. [/i] does not turn off. hardware, because "its field of view is completely blocked by a closed lid." 3r3114.  
3r3114.  
Apple said the new feature adds an “unprecedented” level of security for the Mac. We are talking about protection against malicious programs, trojans and RAT, which recently became widespread for the operating system macOS (under Windows such programs in large numbers exist a long time ago). 3r3114.  
3r3114.  
The threat of hackers connecting to webcams on laptops became a reality a few years ago, with the proliferation of remote administration tools (RAT). At the same time, the habit of sticking a laptop webcam with tape or an opaque sticker spread among users. 3r3114.  
3r3114.  
Until a certain moment, some users believed that Apple’s webcams on Apple laptops could not be activated without the user's knowledge, but last year, malware was detected as 3r3346. Fruitfly
which dispelled this myth. 3r3114.  
3r3114.  
At first glance, the malware is quite simple and consists of only two files:
 
3r3114.  
~ /.client
 
SHA256: ce07d208a2d89b4e0134f5282d9df580960d5c81412965a6d1a0786b27e7f044
 
3r3114.  
~ /Library /LaunchAgents /com.client.client.plist
 
SHA256: 83b712ec6b0b2d093d75c4553c66b95a3d1a1ca43e01c5e47aae49effce31ee3
3r3114.  
3r3114.  
The .plist file itself simply supports the constant operation of .client. But the latter is much more interesting: it is a minified and obfuscated Perl script that, among other things, establishes a connection with one of the management servers. 3r3114.  
3r3114.  
But the most interesting part of the script is at the end of the __DATA__ section. There a Mach-O binary file was found, a second Perl script and a Java class, which is extracted by the script, written to the /tmp /folder and executed. In the case of the Java class, it starts with pple.awt.UIElement set to true, that is, it does not appear in the Dock. 3r3114.  
3r3114.  
It is this binary that takes screenshots (from the display) and accesses the webcam. The researchers point out that for this, the malware uses truly “ancient” system calls that were used before OS X appeared. 3r3114.  
3r3114.  
SGGetChannelDeviceList
 
SGSetChannelDevice
 
SGSetChannelDeviceInput
 
SGInitialize
 
SGSetDataRef
 
SGNewChannel
 
QTNewGWorld
 
SGSetGWorld
 
SGSetChannelBounds
 
SGSetChannelUsage
 
SGSetDataProc
 
SGStartRecord
 
SGGetChannelSampleDescription
3r3114.  
3r3114.  
From this, they conclude that the authors do not have the experience of modern development for Mac, but use the old documentation, which hints at their foreign origin from a region where Apple technology is not installed everywhere. In addition, the binary includes the source code of the open library libjpeg in the 1998 version. One way or another, the malware successfully performs its functions and spies on Mac users through the laptop’s built-in webcam. 3r3114.  
3r3114.  
It is known that espionage through laptop webcams is used not only by curious hackers for entertainment, but also by special services. In the British intelligence service GCHQ for many years acted the department for the development of such trojans in the framework of the program 3-33116. Optic Nerve
. Even some famous techies like Mark Zuckerberg
sealed with tape 3r3119. webcam on a laptop.
! function (e) {function t (t, n) {if (! (n in e)) {for (var r, a = e.document, i = a.scripts, o = i.length; o-- ;) if (-1! == i[o].src.indexOf (t)) {r = i[o]; break} if (! r) {r = a.createElement ("script"), r.type = "text /jаvascript", r.async =! ? r.defer =! ? r.src = t, r.charset = "UTF-8"; var d = function () {var e = a.getElementsByTagName ("script")[0]; e. ): d ()}}} t ("//mediator.mail.ru/script/2820404/"""_mediator") () (); 3r3124.

It may be interesting

  • Comments
  • About article
  • Similar news
This publication has no comments.

weber

Author

6-11-2018, 06:14

Publication Date

Development / Information Security

Category
  • Comments: 0
  • Views: 309
Frontend DevDay. Record of reports
Very corporate post: opening in Moscow
On new MacBooks, Linux cannot be loaded
Universal monitoring - Sludge
Another way to see application
Apple updates the MacBook Pro
Write a comment
Name:*
E-Mail:


Comments
Wow Tastic UK offers a huge range of toys, presents, and gadgets for kids and adults. Discover our great range of fun and unusual toys for baby and toddlers. Check Out: Gadgets for Kids
Today, 19:21

noorseo

Nice information, valuable and excellent design, as share good stuff with good ideas and concepts, lots of great information and inspiraopencarttion, both of which I need, thanks to offer such a helpful information here.

Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work!
메리트카지노

Really nice and interesting post. I was looking for this kind of information and enjoyed reading this one. Keep posting. Thanks for sharing.

메리트카지노
Today, 18:33

taxiseo2

This is a wonderful article, Given so much info in it, These type of articles keeps the users interest in the website, and keep on sharing more ... good luck.

opencart eticaret

This is a wonderful article, Given so much info in it, These type of articles keeps the users interest in the website, and keep on sharing more ... good luck.

메리트카지노
Today, 18:27

taxiseo2

I really loved reading your blog. It was very well authored and easy to undertand. Unlike additional blogs I have read which are really not tht good. I also found your posts very interesting. In fact after reading. I had to go show it to my friend and he ejoyed it as well!seo toronto



Hey what a brilliant post I have come across and believe me I have been searching out for this similar kind of post for past a week and hardly came across this. Thank you very much and will look for more postings from you. [Url = https: //mtsoul.net] 먹튀 검증 [/ url]

Today, 16:41

raymond weber

I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.먹튀검증

Today, 15:58

raymond weber

Adv
Website for web developers. New scripts, best ideas, programming tips. How to write a script for you here, we have a lot of information about various programming languages. You are a webmaster or a beginner programmer, it does not matter, useful articles will help to make your favorite business faster.

Login

Registration Forgot password