I agree that, as presented, it’s a Trojan. Also, this specific exploit doesn’t work in current models anyway.
I’m not sure about the other things you mentioned:
- The only AppStore reference I recall was that the attacker should *not* use the AppStore since Apple’s Sandbox needed to be avoided.
- They claim that everything runs as an unprivileged user. I didn’t notice any use of sudo — if I missed it, maybe it’s just being used to start a new login session for some reason?
- I don’t see any reason this exploit wouldn’t run on a G5. That doesn’t affect the microcontroller code, and the supervising CPU code could be recompiled for the PowerPC (if iSeeYou isn’t already a fat binary with both PowerPC and Intel code).
Anyway, none of this is really the point. As you said, it’s a proof of concept, showing that it’s possible to get around even straightforward hardware limitations to do seemingly impossible things in software. But it’s really more than a proof of concept, it’s an incredibly clever tour de force.
This exact exploit is out of date, but it should remind everybody to be wary in general. This has nothing to do with Apple, and applies equally to Windows, etc.; it’s the microcontroller hack that’s the key here.
By the way, I think Stuxnet was also a USB microcontroller attack.
They were quite clear that for this to work, the payload portion was required to run in a virtual "guest OS" under VirtualBox, a system that enables alternative Intel based operating systems to operate simultaneously with OSX. VirtualBox is a free UNIX app that is equivalent to Parallels Desktop or VMWARE's Fusion which cannot even operate on any PowerPC processor computers, nor could any of the Operating Systems it supports run, since there is no Intel processor for it to use.
When an OS is virtualized under one of these type of applications such as VirtualBox, that OS can operate under its own rules, hitting the hardware, ignoring the permissions inherent in UNIX. it is a way to bypass Root permissions. Since the G5 is NOT an Intel processor, the command structure is totally different, as are the system calls. It is not a trivial issue to simply write another hardware level EPROM flash writer.
In general, I agree with your point about the new approach to attack other micro controllers included with the system, but I think that they did stretch their point when their target Macs had to be running a non-standard environment with a VirtualBox with an un-named OS of their choice. My original point was valid as well. . . that they would have gotten nowhere on a standard environment, as sold Mac, attempting this with as a remote exploit. In other words, we are both right to an extent.