New Apple malware is undetectable, unstoppable, and can infect any Thunderbolt-equipped deviceBy
on January 8, 2015 at 9:00 am
Share This article
Apple products have long enjoyed a reputation for superior security in relation to Windows systems, but a new proof-of-concept malware delivery method could put a serious dent in that reputation. The exploit, dubbed Thunderstrike, currently can’t be detected or removed by any known process without using specialized hardware. Security researcher Trammell Hudson has demonstrated how to use a Thunderbolt peripheral to load what he’s calling a “bootkit” via the device’s Option ROM.Option ROMs are optional or peripheral-specific blocks of memory that were first deployed in the 1980s as a way of storing critical programs or retrieving peripheral-specific blocks of memory. They’re initialized early in the boot process and often “hook” to the BIOS to provide a bootable device or network boot. Thunderbolt devices contain their own Option ROMs, and Apple hardware checks these areas as part of its boot sequence.The exploit package is injected from the infected Thunderbolt device’s Option ROM directly into the system’s extensible firmware interface (EFI). Official documentation on the EFI/UEFI standard, shown below, seems to imply that this is impossible, since the firmware is supposed to be locked by default:In theory, EFI mechanisms prevent this attack.Unfortunately, it isn’t.
indicates that the Option ROMs are loaded during the recovery mode boot process. The one snag, at this point, is that Apple still checks the signature of the EFI file itself. Change the file size or contents, and it fails the check — or it would, if the research team hadn’t devised a method of replacing Apple’s stored public RSA key with a key under their own control.Once this step is taken, there’s no going back. Without a proper RSA authentication key, it’s impossible for the end user to update the device’s firmware with a standard Apple image. All attempts to do so will fail authentication. With such basic access to the system, there’s very little an attacker can’t do. The entire system can be monitored, keystrokes logged, website visits tracked, password data recorded. The bootkit can also be passed to other
devices if they’re connected to a compromised machine.Are “evil maid” attacks a valid vector?The one slice of good news in this issue is that the attack does require at least a brief window of physical access to the system. In most cases, that kind of requirement confines most attacks to strictly theoretical exercises, but Thunderstrike is somewhat different. First, the attack is fast. The attacker doesn’t need to sit down at the PC for several minutes, or even enter data. Surreptitiously plug in a Thunderbolt device, hold down the power button for several seconds, and boom — the attack can execute and self-install in a scant number of minutes. Depending on how sneaky the execution is, a casual observer might see nothing but a longer-than-normal boot cycle.The standard model for physical-access attacks relies on the idea of the evil maid — someone who can access a system while it’s stored in a hotel room or locked in a safe, but I daresay the speed and subtlety of this hack make it a larger threat. If you’ve ever attended a business conference or tech event, it’s not exactly rare for people to have laptops out but not strictly attended to, or to leave a system sit for a few minutes while they use the restroom or grab a soda.Third, and most chillingly, we now know that government agencies
that makes an attack like this work. One of the reports leaked by Edward Snowden detailed how the NSA will intercept hardware en route from manufacturers like Dell and HP, modify it with rootkits and spyware before it reaches its destination, then repackage the equipment and ship it on its way. While there’s no way of knowing just how widespread such tactics are, we know it happens — exploits like Thunderstrike are likely worth their weight in gold to the various national intelligence agencies of the world.Apple is preparing a firmware patch that will at least refuse to load Option ROMs during firmware updates, but it leaves open a different security exploit first detected in 2012. The timeline for a complete fix is unknown.
Post a Comment
ExtremeTech Newsletter
Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.
Subscribing to a newsletter indicates your consent to our
More Articles
Use of this site is governed by our
and . Copyright
Ziff Davis, LLC.PCMag Digital Group All Rights Reserved. ExtremeTech is a registered trademark of Ziff Davis, LLC. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis, LLC. is prohibited.Jason Hamlin Says Gold Is Unstoppable, with Stocks Leading the Way [FNV,
FNV] - The Gold Report
Get our Newsletter for FREE
TICKERS: FNV, LSG, PCR, RGLD, SSL; SAND, SVL; SVLC
Jason Hamlin Says Gold Is Unstoppable, with Stocks Leading the Way
Source: Kevin Michael Grace of The Gold Report
Downward manipulation of gold and silver is real, declares Jason Hamlin, but the longer it continues, the higher prices will go when the free market reasserts itself. In this interview with , the publisher of the Gold Stock Bull newsletter argues that rising geopolitical anxiety coupled with endless monetary expansion could lead to explosive growth in precious metals and equities. He also lists his favorite royalty/streaming companies and gold and silver miners.
The Gold Report: You
The Gold Report in December 2012, "I think the official inflation adjusted [gold] high of $2,400 per ounce ($2,400/oz) will be taken out within the next 12 months." Why didn't this happen?
Jason Hamlin: One reason is that inflation hasn't risen significantly until lately. That is due to the recent record low velocity of money. Trillions of dollars in new money were created to stimulate the economy and get us out of the financial crisis of , but the banks have held this money in excess reserves, earning interest from the Federal Reserve. As a result, it hasn't been loaned out and hasn't flowed through the economy. I think we are beginning to see this change, and coupled with de-dollarization driven by Russia and China, I expect the inflation rate to increase at a quicker pace than most people expect.
The other reason why the price of gold didn't increase was outright manipulation. Before people roll their eyes at seeing this "conspiracy theory" once again, we should point out that Britain's Financial Conduct Authority actually
?26 million (?26M) in May for manipulating the daily gold fix between 2004 and 2013. In my estimation, this is just the tip of the iceberg. A number of class-action lawsuits have recently been filed against the big banks for gold manipulation and one needs only look objectively at the recurring not-for-profit selling to understand that manipulation is taking place. When you consider the immense power that printing the world reserve currency gives a nation, the motive to continue this system and suppress alternative currencies becomes clear. We could never have the endless wars and continual deficit spending without Nixon delinking the dollar from gold.
TGR: What do you make of the report by the Financial Times that central banks have invested $29.1 trillion in markets, mostly equity markets?
JH: This is another example of "conspiracy theory" becoming "conspiracy fact." It helps explain why there's been such a divergence between equity prices and the true health of the economy. This also supports theories of a plunge-protection team working to prop up the market and keep confidence high. The greater the interventions and the farther we drift from free market price discovery, the more extreme the boom and bust cycles will be and the more devastating the impact on everyday investors. This grand experiment ends very badly, in my estimation.
TGR: The financial media pays great attention to the Dow Jones Industrial Average and the S&P 500, but are these really such good indices of the broad health of the U.S. economy?
JH: Not at all. You can look at the weak manufacturing numbers. You can look at stagnant wages or at median household net worth, which plunged 36% from 2003 to 2013. You can look at the labor force participation rate, which hasn't recovered at all from 2008. There are so many divergences from the official story of a full recovery and we are now finally starting to see some cracks in the facade.
TGR: We had stock market crashes in 2000 and 2008. Are we due for another?
JH: The warning signs have been flashing for quite some time, but stocks have continued marching higher. Valuations on a price/earnings basis have risen to lofty and unwarranted levels. By any number of measures, we are due for a major correction in the stock market. It's just a matter of when, not if. In the meantime, I haven't been shorting the market. I think it's wise to continue to ride the trend higher. We've been doing that with some technology and agricultural plays because, if the markets are manipulated, this bubble can last much longer than most people would think. But it is important to mind your stops.
TGR: Given how high the Dow Jones and S&P 500 numbers have become, what would be the psychological and political effects of another crash?
JH: Devastating. That's why we have so much manipulation behind the scenes. On the political front, it would gravely damage the current administration. On the psychological front, investors would suffer a grave loss of confidence in the market. And, very rapidly, these effects could spin out of control. Some of the financial conditions that led to the last crisis in , such as leveraged indebtedness and derivatives exposure by banks, are far worse today than in 2008.
TGR: Some people willing to admit manipulation of gold and silver prices ultimately conclude, "So what?" What do you make of that response?
JH: It makes sense in one respect. Essentially, holding down gold prices through manipulation allows investors to accumulate gold at lower prices. Manipulation is similar to holding down a spring. The countervailing force continues to grow stronger as the artificial forces weaken, and when the spring is finally released, it moves with explosive force.
Precious metals manipulation frustrates short-term investors and speculators because the price action doesn't match the fundamentals or technicals. If you have a long-term investment horizon, however, as we do, you can live with it because it gives you more time to accumulate at lower prices.
TGR: Why haven't events such as the war between Hamas and Israel, the downing of a civilian airliner over Ukraine and the ISIS takeover of much of Syria and Iraq led to a flight to safety in gold?
JH: There is always an initial kneejerk reaction toward liquidity, i.e., the U.S. dollar. However, the world is starting to move away from the dollar as its reserve currency. We see bilateral trade agreements inked by a growing number of nations and a $400 billion natural gas deal just signed by Russia and China that bypasses the dollar. As this "de-dollarization" continues, I believe investors will increasingly reject all fiat currencies, and precious metals will reassert themselves as the safe-haven asset in times of financial crisis.
TGR: You have decried the demonization of Vladimir Putin by Western leaders. What's your opinion of U.S. sanctions against Russia?
JH: They are really foolish. We are needlessly antagonizing nuclear powers?not only Russia but China as well. As scary as it sounds, the long-term goal is probably to drag Russia into some type of protracted conflict that will weaken its economy and give the U.S. an excuse to initiate force against Russia. Putin is seemingly aware of this plan and has avoided the trap. He has provided some support for the rebels in Eastern Ukraine, but Russia's involvement in that region has been quite restrained since the new Ukrainian government came to power.
I believe that these maneuvers by America to isolate Russia economically will eventually backfire.
TGR: Will the European Union (EU) back President Obama's campaign against Russia?
JH: It is my understanding that many EU nations, Germany in particular, do not share America's antagonism against Russia. Yes, sanctions can harm Russia, but the EU is already on a shaky economic footing, and so its members are worried about a boomerang effect. To harm ties with Russia, a huge trading partner, simply to please the U.S. for political reasons doesn't seem to make a lot of sense.
TGR: Why do you believe the price of gold could rise to $10,000/oz or higher?
JH: An increase in the supply of fiat money. The faster the money supply increases, the higher the gold price targets can be. As outlandish as it may seem, we must consider as models what happened in Zimbabwe, Argentina and other countries that have suffered currency crises. And what happened was a rapid devaluation of each currency and tremendous price rises in stable assets, such as precious metals.
More important than the gold price in fiat dollars, however, is how gold performs in preserving wealth and increasing purchasing power. On that front, gold has an unblemished success rate throughout history in times of crisis. Gold price targets of $10,000/oz and above reflect the belief that the U.S. dollar losing world-reserve status could lead to a panicked move out of dollars and dollar-denominated assets.
TGR: A gold price of $10,000/oz or even $5,000/oz would be great news for gold holders, obviously, but wouldn't it be terrible news for everyone else? Wouldn't socioeconomic conditions be dreadful?
JH: I tend to agree. Unfortunately, that's the trajectory we're on. So we hope for the best but prepare for the worst. I may not like the economic conditions that would accompany $3,000/oz, $5,000/oz or $10,000/oz gold, but I would at least know that my hard work and the wealth it generated would not be stolen by the Fed-induced forces of inflation. Gold is basically an insurance policy, but it also has the added benefit of significant capital appreciation over the past decade. People like to criticize gold for not paying a dividend or generating income, but the price has more than tripled in the past decade, even counting the recent correction. By comparison, the Dow Jones is up around 65% in the past 10 years. Which investment would you choose?
I would hope there is still some way to avoid the economic crash that I see coming. On the other hand, however, this crash is in some ways essential. It's needed to clear out the excess and mal-investment from the markets and begin again with a system that's more sustainable. I just hope we learn lessons from the past and find ways to avoid the same type of mistakes and crony capitalism that has taken over the current system.
TGR: What's the best way for investors to hold gold and silver?
JH: I recommend holding physical metals in your possession first and foremost, but I believe it's good to diversify geographically, so as to not have all your assets in one place. Physical bullion should be supplemented with investments in mining stocks. This is one of the only remaining sectors where I see value, and quality mining stocks will offer significant leverage to the coming advance in gold and silver prices. So far this year, we are seeing mining stocks generating returns of three to four times that of gold and silver bullion, which is a bullish indicator.
TGR: The gold?silver price ratio continues to hover around the recent historical number of 1:65. Do you anticipate this ratio changing and, if so, in which direction?
JH: Supply and demand fundamentals are now more attractive for silver than gold. It's my expectation that the gold?silver ratio will fall toward its longer historical number of 1:30. Only under extreme short-term crisis conditions might we see gold outperform silver, because gold is viewed more as a monetary and investment metal than silver, where 50% of demand comes from industrial uses.
TGR: Franklin Delano Roosevelt banned private gold ownership in the United States. Could future Western governments move to contain an economic crisis with similar measures?
JH: Anything is possible, but I don't expect it. Gold investors are wise to the possibility of confiscation, and the decentralization of information that has occurred over the Internet over the past 20 years makes it less likely. I doubt that gold investors would simply hand it over en masse now, as they did in 1933.
In addition, I know plenty of investors who buy their precious metals without a paper trail, cash and carry There's no way for the government to know who owns these metals, let alone confiscate them.
TGR: You wrote recently that "gold mining stocks remain severely oversold." Do you expect this to continue?
JH: It continued longer than I had expected, but we're already seeing signs of a bottom process. As I mentioned, mining stocks have outperformed the metals by three to four times in 2014, which is an encouraging trend.
I use the NYSE Arca Gold BUGS Index (HUI)-to-gold ratio to track this. It fell all the way to 0.16 and has since had a bit of a bounce back, but the upside potential remains absolutely huge. I think that as gold moves back toward previous highs, we're going to see a major revaluation higher for mining stocks. Already, we're seeing hedge funds and big-money traditional investors moving into precious metals equities for the first time ever because most other asset classes are so overvalued.
TGR: Which type of mining stock do you like best?
JH: I have a particular affinity for the royalty and streaming sector. Its business model is superior to strictly mining. These companies offer the same upside potential as their mining-company partners?new discoveries, increased production, etc.?but royalty companies have mitigated downside risk because they have fixed costs as per their streaming contracts and aren't exposed to the cost overruns that are commonplace in the mining industry.
TGR: Which streaming company is your favorite?
. Its market cap is about $800M, and so it has tremendous growth prospects over the next four or five years. I am a big fan of its CEO, Nolan Watson, who was previously CFO of Silver Wheaton Corp. (SLW:TSX; SLW:NYSE). Although Sandstorm has recently experienced some hiccups, I rate Watson's business acumen very highly and believe the company will bounce back strongly during the next advance in gold.
TGR: What do think of Sandstorm's strategic alliance with ?
JH: Sandstorm bought 18% of outstanding Pinecrest shares. As a result, it gets a share of Pinecrest's Enchi gold project. This contains an Inferred resource base of 1 million ounces (1 Moz) gold, is open for expansion in all directions and is located in a mining-friendly jurisdiction, Ghana. In addition to buying equity, Sandstorm also gets the right of first refusal on any future streaming deals, which I expect it to pursue aggressively.
In addition, Watson hinted that Sandstorm could for the first time buy entire companies. With the junior sector beaten down and undervalued, having someone like Watson turning companies around could reap huge rewards for Sandstorm and for investors as gold climbs back to $1,800?1,900/oz. Sandstorm has over $100M, zero debt and $100M in an undrawn line of credit. I expect several exciting announcements between now and the end of the year.
TGR: Could you comment on some of the other royalty companies?
is a more conservative play that I also like. It is better diversified than Sandstorm and has more exposure to platinum and palladium. It's a good stock to have in your portfolio, but investors willing to take on additional risk for greater reward might prefer .
TGR: What do you like about Royal?
JH: Sandstorm is up 65% year-to-date. Royal Gold is up 70%, making it one of the few stocks in the precious metals sector outperforming Sandstorm. Royal benefits from the commercial production begun at the Mt. Milligan mine in British Columbia owned by Thompson Creek Metals Co. Inc. (TCM:TSX; TC:NYSE), one of its streaming partners. During Q1/14 Royal generated income of $20M on revenues of $58M. That's more than triple the income from the same quarter last year despite gold falling around 20%. As production continues to ramp up at Mt. Milligan, we should see even greater Royal share appreciation in 2014.
I also like Royal's project pipeline. The company's most recent news is a 6.3% stream on Rubicon Minerals Corp.'s (RBY:NYSE.MKT; RMX:TSX) Phoenix gold project in Red Lake, Ontario. Royal got this for a $75M investment to finance construction. This is a late-stage project, with production expected in mid-2015 and returns for years to come. Royal Gold is a top performer this year, and I expect more of the same to come.
TGR: The Gold Report interviewed Pierre Lassonde, co-founder of Franco-Nevada, in May, and
that because "the silver space is smaller than the gold space," Silver Wheaton will eventually "run out of runway" and will be forced to compete in the gold space. Do you agree?
JH: I do. And perhaps in additional commodities as well. There is only so much growth Silver Wheaton can achieve strictly in silver, so it makes sense that it branches out into other commodities in search of deals that will be accretive to shareholders.
TGR: What's your favorite non-streaming gold company?
. I like companies that are high grade and low cost with a strong growth profile. Lake Shore has two mines in commercial production in Ontario: Timmins West and Bell Creek. Expansion of its mill to a capacity of 3,000 tons (3 Kt) per day was completed late last year. Gold production is expected to increase 27% in 2014, and Q2/14 production was a record 53,300 oz, up 70% year-to-year. Lake Shore is one of the best production growth stories, is located in a mining-friendly jurisdiction and has a strong management team. As such, I think it is a potential takeover target for a company like , so investors could see upside there.
TGR: What's your favorite non-streaming silver company?
in Mexico. This is a high-grade epithermal silver producer with low costs. In today's environment, the value of these attributes cannot be stressed enough. The company is in the middle of the expansion plan that is expected to increase production by roughly 50% this year. It has a base-case internal rate of return of 88% on its Santa Elena expansion in Sonora. I also like its La Joya property in D it has nearly 200 Moz silver equivalent (Ag eq).
Second quarter production of 412,000 oz Ag eq was down versus a year ago and versus Q1/14, leading to a dip in the share price. This is because Santa Elena began an early transition in Q2/14 from an open-pit, heap-leach operation to a 3 Kt per day underground and mill operation. I think this provides an excellent opportunity for investors to buy on the dip because Santa Elena has huge potential, and I believe SilverCrest will be one of the top-performing silver miners for the next couple of years.
TGR: You mentioned several stocks with huge increases in 2014. Where are we in the cycle? Is the much anticipated bull market finally here?
JH: We're seeing signs that this current advance is different than the breakout attempts that have failed in the past year. Again, I look for mining stocks to outperform the metals. That's usually a sign of strength behind the advance. We've seen about 3.5 times leverage on the Market Vectors Gold Miners ETF (GDX) versus gold itself. I also like to see silver outperforming gold, and we have seen this, by roughly 50% in 2014.
When prices have been beaten down this year, investors have stepped in to buy the dips, so they have rebounded pretty rapidly. I think there are stronger hands holding gold this time around. The current prolonged correction and consolidation over the last two to three years has shaken out a lot of speculators. Those that are left tend to be committed investors that believe in the fundamentals and have long-term horizons. Short-term price drops don't discourage them and don't lead to panic selling, which would occur with a higher percentage of bandwagon speculators.
All of this is very encouraging, and when you also consider rising geopolitical tensions, the U.S. dollar losing ground as world reserve currency and the other fundamental factors we've mentioned, this tells me that the advance has legs and will likely continue throughout the rest of 2014 and into 2015.
TGR: Presumably, many investors sold in May and went away. What happens in September when they return?
JH: Precious metals are entering their strongest seasonal period of the year, and this is another factor that should lend support in the coming months. As investors return, I expect them to seek value within sectors that haven't reached historically high valuations. I expect a rush into precious metals and precious metals equities, particularly from new investors. And given the relatively small size of the precious metal sector, this could have a huge impact on prices in a relatively short time.
TGR: Jason, thank you for your time and your insights.
is the founder of , the highly rated investment newsletter focused on strategies for profiting on bull markets in gold, silver, energy, rare earth metals and agriculture. Well versed in fundamental and technical analysis, he has consulted to Fortune 500 companies globally and speaks regularly at North American investment conferences.
Want to read more Gold Report interviews like this?
for our free e-newsletter, and you'll learn when new articles have been published. To see recent interviews with industry analysts and commentators, visit our
DISCLOSURE:
1) Kevin Michael Grace conducted this interview for Streetwise Reports LLC, publisher of The Gold Report, The Energy Report, The Life Sciences Report and The Mining Report, and provides services to Streetwise Reports as an independent contractor. He owns, or his family owns, shares of the following companies mentioned in this interview: None.
2) The following companies mentioned in the interview are sponsors of Streetwise Reports: SilverCrest Mines Inc. Franco-Nevada Corp. and Goldcorp Inc. are not affiliated with Streetwise Reports. Streetwise Reports does not accept stock in exchange for its services.
3) Jason Hamlin: I own, or my family owns, shares of the following companies mentioned in this interview: Franco-Nevada Corp., Lake Shore Gold Corp., Royal Gold Inc., Sandstorm Gold Ltd. and SilverCrest Mines Inc. I personally am, or my family is, paid by the following companies mentioned in this interview: None. My company has a financial relationship with the following companies mentioned in this interview: None. I was not paid by Streetwise Reports for participating in this interview. Comments and opinions expressed are my own comments and opinions. I had the opportunity to review the interview for accuracy as of the date of the interview and am responsible for the content of the interview.
4) Interviews are edited for clarity. Streetwise Reports does not make editorial comments or change experts' statements without their consent.
5) The interview does not constitute investment advice. Each reader is encouraged to consult with his or her individual financial professional and any action a reader takes as a result of information presented here is his or her own responsibility. By opening this page, each reader accepts and agrees to Streetwise Reports' terms of use and full legal .
6) From time to time, Streetwise Reports LLC and its directors, officers, employees or members of their families, as well as persons interviewed for articles and interviews on the site, may have a long or short position in securities mentioned. Directors, officers, employees or members of their families are prohibited from making purchases and/or sales of those securities in the open market or otherwise during the up-to-four-week interval from the time of the interview until after it publishes.
Please enable JavaScript to view the
powered by
Newsletter Sign-Up
Notable Quotes
"The M&I resource at GPR's Topia mine increased by 41% year over year."
Bhakti Pavani, Euro Pacific Canada
"PGLC's resource update represents a 34% increase to the M&I category.
Rob Chang, Cantor Fitzgerald
"SOP's Las Minas testing recovered up to 95% Cu, 89% Au and 84% Ag."
Ryan Walker, Euro Pacific Canada
"CNL is attractively valued given the economics of the Buritica project."
Dan Rollins, RBC Capital Markets
"THO stock is a compelling opportunity for investors."
Andrew Kaip, BMO Capital Markets}