Latest in Ars technica

Image credit:

Your Mac's connection to Harry Potter

Share
Tweet
Share

Sponsored Links

The next time you wish to hack into a Mac, it may help to grab your wand and book of spells. At the NoSuchCon security conference this week, security architect Alex Ionescu presented a talk where he revealed that special undocumented code on a Mac's SMC (system management controller) can be invoked by entering a secret spell used in J.K. Rowling's Harry Potter series.

That spell is "SpecialisRevelio," the words used by a wizard to "reveal charms and hexes that have been cast onto a target" or "reveal the ingredients of a potion." In an Ars Technica post about the secret spell, blogger Dan Goodin notes, "While most details are far too technical for this article, the gist of the research is that the SMC is a chip that very few people can read, but just about anyone with rudimentary technical skills can 'flash' update."

One of the possible attacks that Ionescu pointed out is infecting the SMC with code to pull out the FileVault key used to encrypt a Mac drive, although to implement this, an attacker would have to know details of the Mac like the model, year and screen size in advance.

Much more likely attacks provided by the spell backdoor include marking targets. The SMC could be programmed to emit audible or visual alerts through the fans or LED displays, which could point out a specific Mac to an attacker. A Mac could even be programmed to turn off at a certain time and refuse to boot again.

There's good news in all of this scary talk: to reflash the firmware an attacker has to have physical access to the Mac. Ionescu also reported that many of the SMC security holes were plugged in OS X Mountain Lion. A full copy of the presentation can be downloaded here (PDF file).

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Sony's self-driving 'Sociable Cart' delivers mixed-reality inside, ads outside

Sony's self-driving 'Sociable Cart' delivers mixed-reality inside, ads outside

View
Ford teams up with charging companies to form the FordPass Network

Ford teams up with charging companies to form the FordPass Network

View
Olympus' OM-D E-M5 Mark III camera is small and shoots fast

Olympus' OM-D E-M5 Mark III camera is small and shoots fast

View
Apple confirms 50 percent of iPhones have upgraded to iOS 13

Apple confirms 50 percent of iPhones have upgraded to iOS 13

View
Samsung will fix bug that lets any fingerprint unlock a Galaxy S10

Samsung will fix bug that lets any fingerprint unlock a Galaxy S10

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr