Step 3: Reboot, with a twist
With the two computers connected via an Ethernet cable, Appelbaum clicked the "Restart" button to reboot the MacBook.
His next step was to convince the MacBook to run a program found over the network through Apple's NetBoot service. NetBoot is designed so system administrators of large companies can standardize on the same configuration and have everyone's Macintoshes boot from a server-based disk image. Activating NetBoot involves holding down the N key as the Mac restarts.
Even if Apple let customers disable NetBoot to prevent this kind of attack, there are other ways to pull it off, Appelbaum says. The trick of supercooling memory with a can of compressed air--and transferring the physical chips to a different computer--would defeat any boot-time countermeasures that Apple deploys. The security vulnerability he's attempting to demonstrate really is more of a hardware problem than a software one.
Photo by Declan McCullagh/CNET News.com
