1) Apple will have a problem with this. They generally don’t care about small-scale things like hackintosh, but this is a bit different. Selling a device to automagically hack a key logger into a modern Mac goes over their ‘line in the sand’, I’d expect. Openly selling it is ... brave, IMHO.
2) I can see some further work on their part to beef up the security over usb-pd. Perhaps the first thing is, as the article suggests, to force external attention from the user (hold down both shift keys...) but ultimately I could see it going to challenge/response and sha256 keys or similar.
> Selling a device to automagically hack a key logger into a modern Mac goes over their ‘line in the sand’,
No, there is a clear distinction between what is being sold and what is being demonstrated. The latter requires additional hardware and software NOT provided with the advertised USB-PD probe being sold. Reading the end of the blog or even the product page immediately makes that distinction clear.
Maybe you're right, but I think Apple will consider that a distinction without a difference.
A thief who breaks into a car using one of those hook things for the window still needs to know what (s)he's doing. That doesn't mean you don't get a lot of police attention if you're wandering around a car-park with one of them...
The eye of Sauron will blink, swivel, and focus hard towards these guys, IMHO. Hope they have good^better lawyers.
And yet it’s still not (in the U.S., AFAIK) illegal to sell, buy, or posses one of those tools to enter the car. Not even intrinsically illegal to use it—breaking and entering the car is what is illegal, regardless of the tool used.
Of course, a lawsuit may always be filed even if they have no belief they will win.
And yet it is illegal to own lock picks in some jurisdictions. Admittedly, not as bad as it was a decade ago in the US, but still several states outlaw them unless you are a certified locksmith.
> They generally don’t care about small-scale things like hackintosh
They do, actually. Someone tried selling computers pre-configured with the correct hackintosh configs and Apple shut them down via a lawsuit[0]. They also got Wired to take down a video on 'how to hackintosh'[1], however the theme with these two events was that they occurred pre-2010. Given that a multitude of people have now created hackintosh tutorials, the only thing Apple would C&D now is someone doing what Psystar did and selling pre-configured machines.
selling is the difference. If you sell to someone, you're opening the market to, well, everyone. If it takes technical expertise to do it, that itself is a sufficient limit for Apple to not really care unless you poke the bear.
Maybe Wired is a sufficiently large distribution that the same thing applies, but if these guys had just released the details, I suspect Apple would just quietly patch stuff along the lines above. Selling it means they poked the bear. With a burning torch.
What would they do? There’s nothing illegal about selling one of these; I’m sure most of the people buying them at this point are only going to use it for security research. Heck, if I had a T2 Mac I might buy one myself…
Once you find yourself against a team of lawyers funded by an organisation with basically unlimited money them not having a "legitimate legal argument" becomes less relevant.
A good friend of mine went head to head with the Dutch tax service. It was obvious from the start the tax service could never win. So he won...after about 5 years of legal proceedings and having to finance the whole thing up front before getting his money.
Remember you have to fight them in your spare time, for them it's just work time.
I’m confused as to why I’m getting downvoted on this.
I’m not being critical of the US, just recognizing the differences in how the legal system operates vs other countries.
In Canada, for example: potential lawsuits must be signed off by a judge who believes the case has merit. This means that you cannot decide to bury someone in legal paperwork simply because you have the money to do so: you must also have a reasonable complaint.
Yes: I skipped over the fact that the US has arrangements with other countries and therefore there are other countries where you can still do this, but the US’s legal system makes it easy.
Who do you think writes code for the T2, if not programmers? You're imagining that people who are employed for Apple are special, but they of course are just ordinary programmers.
Your point about SSD controllers is embarrassingly incorrect; there exist many hackers of SSD controllers, including OpenSSD [0], an entire open-source community of folks working on the problem.
Please stop apologizing for Apple's walled gardens. They intentionally limit access to hardware, even after it's legally sold and belongs to the new owner.
Edit: Downvoters, provide evidence or knock it off. Nobody's interested in Apple apologia this morning.
Well, yes, I don't know if you've read the rest of the thread, but it's quite apologetic. For example, the parent claims that nobody outside of academic research should actually want/need/desire to write code for the T2, but this is clearly bullshit meant to apologize for Apple's sealing off of the T2 from user access.
Maybe we should stop paying a fashion company to sell us chips that we aren't allowed to touch.
1) Apple will have a problem with this. They generally don’t care about small-scale things like hackintosh, but this is a bit different. Selling a device to automagically hack a key logger into a modern Mac goes over their ‘line in the sand’, I’d expect. Openly selling it is ... brave, IMHO.
2) I can see some further work on their part to beef up the security over usb-pd. Perhaps the first thing is, as the article suggests, to force external attention from the user (hold down both shift keys...) but ultimately I could see it going to challenge/response and sha256 keys or similar.