MacBook wireless hacked, not hacked, ok hacked

MacBook wireless hacked, not hacked, ok hacked

Summary: If you've been following the drama over the hackability of a MacBook's wireless driver your head is probably spinning. The latest news is that the MacBook's wireless device driver is indeed hackable with the exploit demonstrated at the Black Hat conference in Las Vegas on Wednesday.

SHARE:
TOPICS: Wi-Fi
18

owned-macbook.pngIf you've been following the drama over the hackability of a MacBook's wireless driver your head is probably spinning. The latest news is that the MacBook's wireless device driver is indeed hackable with the exploit demonstrated at the Black Hat conference in Las Vegas on Wednesday.

First, some background is in order. Washington Post blogger Brian Krebs first reported at 7:30 a.m. on August 2nd that a pair of hackers had developed a "new method for remotely circumventing the security of an Apple Macbook computer to seize total control over the machine."

Then at 6:45 p.m. Krebs amended his post with the actual video shown at the conference clearly showing that the MacBook in question was in fact using a third-party wireless card connected via a USB card reader. At several points in the video Dave Maynor disclaims this fact, even stating at the beginning "Don't think however just because we're attacking Apple, the flaw itself is in an Apple, we're actually using a third-party wireless card."

In his follow-up post at 9:00 a.m. ET on August 3 Krebs mentions that the exploit does indeed work with the default MacBook wireless device driver and that Apple had pressured the hackers to use a third-party wireless card in a USB card reader attached to the MacBook.

During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.

So, it turns out that MacBook users aren't are safe from the exploit as Apple's PR machine would have you believe. If you want to stay as safe as possible keep your Airport connection turned off when it's not in use and never connect to an unknown WiFi access point.

Topic: Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion
  • Are you buying this?

    For you there is no difference between being told and being shown?? Krebs got it wrong, and now he says he peppered them with questions for an hour. From the report it wasn't obvious that he asked *any* questions.

    Apple pressured them not to make the issue about the Mac drivers, but they tell The Post anyway? This shows Apple can't lean on hackers (obvious really) Come on! You've got the video showing the 3rd-party card. You've got their words. Now let's not put Kreb's self-serving ammendment on the same level.
    GWMahoney
    • Should you be named GWBalony?

      Face facts Jack. Apple wireless drivers are insecure. No amount of smoke-screens or attempted rubbishing of the reporter will change that.

      Go home, relax, its just the start of things to come (well providing you guys ever get over the 5% mark...)
      Scrat
      • I don't own a Mac

        A fact is something you can verify. A fact is something reporters are supposed to check up on. Are you getting the idea?

        What was originally claimed has never been demonstrated once. If you think that proves anything, then you have an agenda.
        GWMahoney
      • 5%? Try 12%

        Since we're talking about laptops here, Apple's share of the laptop
        market is up to 12%.
        bhawthorne
        • Ah, the US...

          12%, maybe in the US.
          I don't see a lot of people with Apple notebooks here in Europe (considering that the UK are not in Europe :)
          Olivier Pilot
      • why do windows zealots allways post this?

        What do peecee users care about OSX security? We certainly
        don't care or even track the millions of virus/adware/spyware for
        winblows...

        "Should you be named GWBalony?

        Face facts Jack. Apple wireless drivers are insecure. No amount
        of smoke-screens or attempted rubbishing of the reporter will
        change that.

        Go home, relax, its just the start of things to come (well
        providing you guys ever get over the 5% mark...)
        Posted by: Scrat Posted on: 08/04/06"

        Why are they so insecure?
        wacho
        • Thanks, btw I use SuSE 10.0 (NT)

          ...
          Scrat
  • Shoddy reporting; plain and simple

    That anyone is paying any attention at all to Krebs' reports is
    nothing short of just plain silly. Ther are too many questions left
    unanswered, even the ones claimed to be addressed. There is an
    obvious agenda at play here, and it's the same tired FUD campaign
    against the Mac that's been played out again and again. Until
    there's something actually reported or reliably demonstrated,
    there's really nothing to see here.
    ignis fatuusz
  • Good followup here

    http://daringfireball.net/2006/08/krebs_followup
    tic swayback
    • and good info here

      http://www.macfixit.com/article.php?story=20060804100417787
      Benton Rich
      • If you missed Benton's post...

        http://www.macfixit.com/article.php?story=20060804100417787


        ...that's one for the printer!
        [ARB1D3_[00L3R
  • This is low level hack in the device driver.

    What they are saying that the people who write the operating system software needs to be careful how they intergrate device drivers into their systems. Devices driver are not intended to be secure and have plenty intended "holes" for the system operational control over the device and they are saying the operating system creators need to make sure to plug or control all "holes" in the device driver before someone discovers the "hole" takes advantage of it. The "holes" are nothing wrong since this allows to have more control over the device. This "hole" in the 802.11 protocol seems to have been overlook by everyone including Apple, Microsoft, and possibly Linux.
    phatkat
  • OMG!!! What happened to ZDnet!!!

    I once saw a video where they did this autopsy on a space alien.

    Looked real, too.

    Didn't buy it. Did you?

    I have been watching the news reports from ZDnet and "fair and balanced" sways all the way to the "Blue Screen of Death".

    What is going on? This is the third story of complete irrationality posted anti-apple.

    McAffee says Apple is more insecure than windows.
    And it's not because they are loosing their shirts in software sales. It's NOT!

    LOOK HERE!!!

    http://daringfireball.net/2006/08/krebs_followup

    Now that's good reporting!
    [ARB1D3_[00L3R
    • Of course it's good reporting ...

      .. because it says whayt you want to hear .... :-)
      fredsmith6
  • umm...

    One thing which the article conveniently left out was that the hack works on both PCs and Macs.

    As for those users asking what happened to ZDNet, Apple users happened; yes Apple makes great machines, I love my new macbook. But that doesn?t mean they are god, they like all other products have their flaws. Look at the macbook heating issues (although mine hasn?t be harmed by that), its brown stains, and yes even Apple has it?s security loopholes (the recent security update speaks to that). Instead of speaking about Apple as if it were a god, lets treat it the way it should be, a good well refined products. Just like Dell or Sony (never add HP to that list). And I've spoken to people who say, they won't buy Apple because of it's users.

    As for PC users, their will never be 100 percent dominance of Windows, if OSX dies Linux or something else will take it?s place.
    canadiangrit
    • In my defense...

      Sorry if I came off as offensive, it's just
      the third story I have seen that gives props
      to sensationalistic journalism without rational
      credibility.

      http://news.zdnet.com/2100-1009-6101226.html
      as such.

      Realize that it wasn't until OSX that I and my Linux/FreeBSD mates started pecking around the thing- and found a user-friendly yet secure system
      that has received more than its' share of bad
      publicity.

      I can't make people learn command-line, but I
      have done time in the "please fix my PC" feild.
      [ARB1D3_[00L3R
    • Why say what's 'automatically' obvious?

      Okay, maybe not automatic, but almost EVERYONE assumes [i]anything[/i] non-Mac is vulnerable these days, usually courtesy of osmosis with a certain Redmond software company.

      Frankly, when this vid first surfaced I couldn't figure out how Macs [i]weren't as vulnerable[/i] as anyone else's Wi-Fi hardware is. They use the same Wi-Fi standards for their drivers as anyone else's hardware does. It's why they call them [i]standards[/i], isn't it?
      flatliner
      • Good Logic...

        You have good logic and I am no expert, but... I have had many
        Macs on my system and sometimes visiting high dollared pcs -
        with no compromise.

        However, the rest of the story is that I have allowed a neighbor
        with a new inexpensive Dell on my system lately and have been
        plagued with router corruption, shut down and even found it
        necessary to hardwire my Apple tower because his pc was
        attempting to hijack the router control away from my Apple
        when I was trying to repair the damage done. I did get a
        measure of success by upgrading the firmware on the router but
        was confused because I have never before encounter such
        problems - even when pc neighbors were grabbing signal off my
        system (had to stop that on principal).

        I have asked around with friends that are Dell engineers and
        have not found an explanation of such - it is a Linksys 54g
        wireless router.

        My thoughts are that, standards aside, all things are not equal in
        system use of network hardware.
        ladyirol