MacBook wireless hack dismissed (Updated 2x)

MacBook wireless hack dismissed (Updated 2x)

Summary: As it turns out the hack described does not apply to MacBooks as it relies on third-party wireless hardware.


blackhatlogo.gifEarlier today (see below) I posted a story about about two hackers from the Black Hat conference in Las Vegas and how they supposedly demonstrated how to exploit a vulnerability in Apple's wireless device driver to remotely access and control a MacBook over a network. The story was based, in part, on a blog entry by Brian Krebs at the Washington Post.

As it turns out the hack described does not apply to MacBooks as it relies on third-party wireless hardware rather than the wireless cards supplied by Apple. FTA: "Maynor said the MacBook used in the demonstration was not using the wireless gear that shipped with the computer."

The duo appear to have singled out Apple because of what Maynor called the "Mac user base aura of smugness on security." He goes on to say:

"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something"

Um ok, David.

MacBook users can safely go back to what they were doing.

UPDATE 2: The Washington Post has updated their original post with the actual video from the conference.

ORIGINAL POST, AUGUST 3, 2006, 5:00 a.m. PST:

Title: MacBook hacked in less than 60 seconds 

In a session called Device Drivers at the Black Hat conference in Las Vegas Jon "Johnny Cache" Ellch and David Maynor demonstrated how to exploit a vulnerability in a wireless device driver to remotely access and control a MacBook over a network. They did it by targeting a specific security flaw in the MacBook's wireless "device driver." The hacking duo also claim that the exploit works with at least two Windows powered machines.

According to a blog entry by Brian Krebs at the Washington Post:

One of the dangers of this type of attack is that a machine running a vulnerable wireless device driver could be subverted just by being turned on. The wireless devices in most laptops -- and indeed the Macbook targeted in this example -- are by default constantly broadcasting their presence to any network within range, and most are configured to automatically connect to any available wireless network.

Because the hack is driver dependent Ellch talked up a new tool he's developing that can scan and determine the chipset and driver version of a remote wireless device. The tool already recognizes 13 different wireless device drivers and lists their operating system and firmware version.

The good news is that there's no immediate threat to wireless users. Maynor and Ellch are not releasing the details of their attack to the public and they gave the demo on videotape for fear that a creative hacker in the audience could packet sniff the attack and using it for malicious purposes.

Apple's wireless device drivers are created by Atheros who also produces drivers for a number of other manufacturers. No word yet on whether the duo will share their hack with manufacturers of vulnerable machines, like Apple.

Topic: Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • It would appear that the lack of exploits ...

    ... in the wild are related to Macs market share or lack opf interest. This article clearly demonstrates that the Mac is vulnerable to remote attacks. That combine with Mac users believe that they are safe should make them a compelling target. The fact that noone is attacking them therefore must be related to their market share.
    • It would appear that the lack of [i]intelligent discussion[/i] emanating

      from your side that U R mentally challenged. Just following your logic, don't shoot the messanger... :-)
      • Try to use smaller words that you understand ...

        ... and can spell when you are calling someone unintelligent. Personal attacks aside, would you care to refute what I said?
  • They DID NOT hack the Airport Card

    Watch the video. They used a 3rd party USB wireless card and
    hacked into that. Who plugs a redundant 3rd party card into their

    If the flaw was in Apple's wireless drivers, they wouldn't need to
    use the 3rd party card. All the video proves is that some 3rd party
    product has flawed drivers.

    The video is FUD.
    • Makes for a GREAT headline though!

      Consider the source.
    • Since third party network cards don't ....

      ... come with Mac drivers it was the Mac driver that was hacked! What this video showed was that Apple's security has holes just like every other piece of software out there. Nothing more and nothing less!
      • Uh, no

        You don't know what you are talking about. Third party devices
        have their own drivers. If the native Airport driver had the flaw,
        they would have no need for the third party device.
      • I disagree

        I haven't had to do it often, but I have rarely been able to use the native drivers even for "standard" cards like Cisco, Orinoco and Proxim on a Mac. I had to use a driver from IOExperts. This was on a Powerbook, but I am pretty sure this would also be the case on a MacBook.
        So, yes there is more to the story. Not saying it wasn't the native driver, but there was no real way to tell.
      • Still not right.

        > Mac drivers it was the Mac driver that was hacked

        Hmm, then I don't see why they couldn't have used the built-in
        Airport Card if this is true. I wanna know more.
        • What if the built in card didn't work?

          What happens when you want to upgrade to "N"? The fact that there are cards and third parties making drivers implies there is a market and a threat.
          • Now you're reaching...

            Wasn't it you that was accusing me of "rationalizing" things in another post?
          • Read bka1959's post and then ....

            ... tell me again what a reach it is! Seems there is more to the story then 1st meets the eye but in the end the Apple driver has the issue!
          • Keep stretching that arm farther... (nt)

  • Err...

    UH, ok, lemme get this straight. The 'researcher' was using an
    aftermarket card in a Macbook which uses a chipset that Apple
    doesn't use. (Since when does a Macbook have a slot?)

    How exactly is this an Apple issue that an aftermarket card driver
    can be compromised? Somethin' sounds sorta fishy...
    • It was a USB card

    • Maybe because the Apple wireless driver ...

      ... has the same issue?
  • Apologies

    My post earlier today was based upon erroneous information from CNet and the Washington Post blog. I have updated the post and apologize for any confusion that it caused.

    - Jason
    Jason D. O'Grady
    • You may want to withdraw your ...

      ... apology.
      • Please remove the space before ...

        ... last L to get the link to work!
      • I accept and understand the apology, thanks...

        The flaw they demonstrated was in the wireless card driver, not the Mac OS.
        As for the 'leaned on' by Apple statement, this was ALSO from the reporter at the Washington Post, probably to save face for such a sensationalized title.
        The reporter who wrote:
        "The video shows Ellch and Maynor targeting a specific security flaw in the Macbook's wireless 'device driver,' the software that allows the internal wireless card to communicate with the underlying OS X operating system. While those device driver flaws are particular to the Macbook -- and presently not publicly disclosed"
        Which while the drivers may be Mac specific, they are not by Apple for the Mac. Thus this is particular video is specifically for a third party device. (kind of silly for a laptop with built in wireless).
        from the video:
        "Don't think now that because we are attacking an apple, the flaw itself is in the apple. We are actually using a third party wireless card."
        Thus the title and focus should have been on wireless card drivers in general.
        The title "Hijacking a Macbook in 60 Seconds or Less" is not accurate and sensational.
        The reporter himself should apologize, instead of O'Grady.

        HOWEVER, I still respect and thank the researchers for demonstrating such attacks, and hope this is a wake up call for ALL manufacturers to properly test the security of their devices; PC, MAC, Linux or Third Party. They may or may not be vulnerable now, but either way, they will probably be vulnerable in the future if this type of attack is not prevented.