Maynor demos MacBook Wi-Fi hijack, admits mistakes

Summary:Looking to put to rest one of the most bizarre vulnerability disclosure disputes in recent memory, hacker David Maynor offered an apology for mistakes made, provided a live demo of the controversial MacBook Wi-Fi takeover and promised to release e-mail exchanges, crash/panic logs and exploit code to clear his tarnished name. Maynor kicked off a presentation at the Black Hat DC 2007 with a demo of the attack against a MacBook running Mac OSX 10.

Looking to put to rest one of the most bizarre vulnerability disclosure disputes in recent memory, hacker David Maynor offered an apology for mistakes made, provided a live demo of the controversial MacBook Wi-Fi takeover and promised to release e-mail exchanges, crash/panic logs and exploit code to clear his tarnished name.
David Maynor with MacBook

Maynor kicked off a presentation at the Black Hat DC 2007 with a demo of the attack against a MacBook running Mac OSX 10.4.6, proving that he was able to crash the machine via a device driver flaw in Apple's AirPort Atheros.

He then ran the exploit against a fully patched MacBook to prove that Apple did fix the exact issue he reported, even if the company opted not to credit him, his co-presenter Jon "Johnny Cache" Ellch or his then employer [SecureWorks].

"I screwed up a bit [at last year's Black Hat in Las Vegas]. I probably shouldn't have used an Apple machine in the video demo and I definitely should not have discussed it a journalist ahead of time," Maynor said in an interview after his demo.


 
  Black Hat Gallery: Hackers discuss weaknesses in Wi-Fi drivers, RFID proximity devices and hardware-based forensics. Images in our gallery.  

 
"I made mistakes, I screwed up. You can blame me for a lot of things but don't say we didn't find this and give all the information to Apple.

"They claimed we had nothing to do with their patches but I'll release all the crash and panic logs that we gave to them. You can look at it and decide for yourself," Maynor said. "I'll give you crash/panic logs if you want."

The only difference from the 10.4.6 and 10.4.8 machines is the changes to the Airport code," he said, offering examples of e-mail exchanges he had with Apple's security response team discussing the severity of the threat. For legal reasons, Maynor said he could not share e-mails sent from his SecureWorks address.

He said the code, logs, e-mail exchanges will be published on the Errata Security blog.

Here are the slides from Maynor's presentation (PPT). 

Topics: Collaboration, Apple, Hardware, Wi-Fi

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.