Blog|Login|中文Deutsche日本語
July 26, 2011
 The Attack Coolness Factor
Pin It

Blackhat conference is around the corner and we're beginning to receive glimpses of upcoming talks. One of the presentations will show attendees how to manipulate a Mac battery in order to install malware. Cool? Yeah! Sophisticated? Absolutely! Practical? Not really...

Our own ADC member, Tal Be'ery, provides his thoughts...

No matter how obscure and fun an attack sounds, we need to focus on the real threats. Although it's an original vulnerability that reflects the deep security knowledge of the researcher, we do not expect to see too much of it (or any) in the wild as it...

1. Requires physical access to the battery.

2. Makes no sense economically - Why would hackers invest time and money in the R&D of a new tool that would cost 130$ per deployment (the cost of a battery), would only be relevant for a selected group (specific battery model of apple laptops), and would require physical access when the hacker could infect millions of machines using OS exploits and social engineering with a low cost per infection - without even getting up from the couch?

With that said, if a possible target of an Advanced Persistent Threat (APT) attack (such as highly sensitive state infrastructures) is using such a vulnerable device - they may need to evaluate its use until a patch is released.

So the general public should not worry about this super cool attack, but instead invest time and resources in protection from the usual threats by installing Antivirus software and maintaining awareness of social engineering attacks.


Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

« Web Applications Probed Once Every Two Minutes | Main | A FAQ on our semi-annual Web Application Attack Report (WAAR) »

Find Us Online
RSS Feed - Subscribe Twitter Facebook iTunes LinkedIn YouTube
Authors
Monthly Archives
Email Subscription
Sign up here to receive our blog: