Earlier today (see below) I posted a story about about two hackers from the Black Hat conference in Las Vegas and how they supposedly demonstrated how to exploit a vulnerability in Apple's wireless device driver to remotely access and control a MacBook over a network. The story was based, in part, on a blog entry by Brian Krebs at the Washington Post.
As it turns out the hack described does not apply to MacBooks as it relies on third-party wireless hardware rather than the wireless cards supplied by Apple. FTA: "Maynor said the MacBook used in the demonstration was not using the wireless gear that shipped with the computer."
The duo appear to have singled out Apple because of what Maynor called the "Mac user base aura of smugness on security." He goes on to say:
"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something"
Um ok, David. MacBook users can safely go back to what they were doing.
UPDATE 2: The Washington Post has updated their original post with the actual video from the conference.
ORIGINAL POST, AUGUST 3, 2006, 5:00 a.m. PST:
Title: MacBook hacked in less than 60 seconds
In a session called Device Drivers at the Black Hat conference in Las Vegas Jon "Johnny Cache" Ellch and David Maynor demonstrated how to exploit a vulnerability in a wireless device driver to remotely access and control a MacBook over a network. They did it by targeting a specific security flaw in the MacBook's wireless "device driver." The hacking duo also claim that the exploit works with at least two Windows powered machines.
According to a blog entry by Brian Krebs at the Washington Post:
One of the dangers of this type of attack is that a machine running a vulnerable wireless device driver could be subverted just by being turned on. The wireless devices in most laptops -- and indeed the Macbook targeted in this example -- are by default constantly broadcasting their presence to any network within range, and most are configured to automatically connect to any available wireless network.
Because the hack is driver dependent Ellch talked up a new tool he's developing that can scan and determine the chipset and driver version of a remote wireless device. The tool already recognizes 13 different wireless device drivers and lists their operating system and firmware version.
The good news is that there's no immediate threat to wireless users. Maynor and Ellch are not releasing the details of their attack to the public and they gave the demo on videotape for fear that a creative hacker in the audience could packet sniff the attack and using it for malicious purposes.
Apple's wireless device drivers are created by Atheros who also produces drivers for a number of other manufacturers. No word yet on whether the duo will share their hack with manufacturers of vulnerable machines, like Apple.