# June Meetup Highlights

BreachForce’s June edition bought 2 talks.

* **NaughtyMag: Making Macbook Blink Its Data Away**  
    *by Adhokshaj Mishra*
    
* **Securing the Mind of Machines : GenAI Security & Trust Frameworks**  
    *by Harsh Tandel*
    

## Naughty Mag

### Overview:

* A side-channel attack that turns Apple’s MagSafe LED indicator into a data exfiltration device..
    
* **What are Side Channel Attacks?** Software can control LED status using SMC to indicate color change if battery over 80%
    
* The LED, usually meant to indicate charging status (amber/green), can be modulated to transmit data covertly
    

### Key Concepts:

**🔌 MagSafe Connection Points:**

* Uses its own protocol
    
* **Pinout:**
    
    * Ground
        
    * Power
        
    * Adapter Sense
        
* **1-wire protocol:** computer ↔ cable ↔ charger (powerbrick)
    
* All communicate with each other to negotiate power
    
* Also lets them control which connectors are manufacture supported
    
* **Integrated Circuit DS24123:** Can take command over 1-wire from Macbook and change LED status
    

> ⚠Note: The IC involved is not widely documented

### How Control Works

* **Charger Startup:**
    
    * Charger provides very low current initially
        
    * Why negotiation works first - then fails
        
    * Initial creators - which created the ability to change MagSafe charger color.
        
        * [https://apphousekitchen.com/aldente-overview/features/#control-magsafe-led](https://apphousekitchen.com/aldente-overview/features/#control-magsafe-led)
            
        * [https://github.com/AppHouseKitchen/AlDente-Charge-Limiter](https://github.com/AppHouseKitchen/AlDente-Charge-Limiter)
            
* Control of the MagSafe LED is software-driven, but routed through
    
    * The SMC (System Management Controller).
        
    * Can be manipulated using the SMC API, which documents key
        
        values for LED control.
        
* Attackers can:
    
    * Use software tools or custom scripts (several emerged from
        
        GitHub issues).
        
    * Leverage I/O Kit on macOS to interface with the hardware.
        

### Exfiltration Method:

* LED controls can be toggled with precision:
    
* Requires:
    
    * Precise control of on/off timing
        
    * Understanding of data encoding methods
        

**Encoding Challenges:**

* Simple binary (e.g., 0000 or 1111) can lead to ambiguity in timing- based detection.
    
* Manchester Encoding may be needed to avoid repetition ambiguity
    
    ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1751179469587/cdd13c4f-3b0e-493b-9cea-c26b5f4df481.png align="center")
    
* Morse code is a viable fallback for slower but clearer data transmission.
    
    * Don't need rising/falling edge
        
    * only need steady state
        
    * New encoding to not be dependent on time
        

### Limitations

* Color masking is not feasible (LED has limited colors).
    
* Can be detected via High-Security Monitoring (HSM).
    
* Could be made stealthier by tuning antenna properties of the wire (convert power cable into low-range antenna).
    

### Counter Measures

* Channels require software side component
    
* Monitor end user devices
    
* Be aware of such potential attacks
    

### Related Concepts:

* Read Morris Mano - Digital Electronics
    
* Why Manchester encoding can't work for discrete waves. Digital Electronics & Computer Architecture (background needed)
    
* macOS IOKit, SMC APIs
    

---

## **Securing the Mind of Machines**

Talk covered the evolving threat landscape around Generative AI.

* The expanding attack surface of GenAI systems and MCP servers
    
* The MITRE ATLAS threat framework for AI
    
* OWASP Top 10 for LLMs
    

**Key Points Discussed:**

* Prompt Injection
    
* Data Poisoning & Model Leakage
    
* Jailbreaking via DAN-style prompts
    
* RAG (Retrieval-Augmented Generation) manipulation
    

**Defense Techniques:**

* Responsible AI and Secure AI frameworks (Google SAIF, NIST RMF)
    
* Guardrails, Meta Prompts, DSPM
    
* ISO standards for AI management (42001, 27563)
    

How red teamers can practice attacks against GenAI systems and what compliance & trust mechanisms are beginning to emerge in the field

This [**blog**](https://breachforce.net/ai-attack-defend) discusses the topics covered during the session.
