MacBooks and death threats

MacBooks and death threats

Summary: The soap opera of the MacBook that was hacked wirelessly takes another turn. This time: death threats against the hackers.


maynor-macbook-hack.pngThe soap opera of the MacBook that was hacked wirelessly takes another turn.

Back in early August hackers Jon "Johnny Cache" Ellch and David Maynor demonstrated how they exploited a defect in a wireless device driver to compromise a MacBook notebook computer. I blogged about the exploit and later updated my post when a video demonstration revealed that the hack was against a third-party WiFi card connected to the MacBook with a third-party USB card reader.

You are probably (correctly) asking yourself "Why on earth would anyone use a third-party WiFi card with a MacBook when it comes with WiFi built in." The answer to that question came from an interview of the duo by Brian Krebs:

During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet.

The next day I posted that the native MacBook WiFi card and device driver were indeed susceptible to the Black Hat exploit and that MacBook users should exercise caution when using public WiFi networks and keep Airport turned off when it's not in use.

In today's episode of MacBook Exposed fellow ZDNet blogger George Ou has taken a few journalists to task for promoting the HackBook story incorrectly leading to "a vicious orchestrated assault on researcher David Maynor and the company SecureWorks." The dissenters are upset because they claim that Maynor and SecureWorks falsified their research presented at Black Hat 2006.

When I contacted David Maynor by email and later phoned him late Saturday night, Maynor was very disturbed by the whole incident.  He had already been receiving hate mail and even death threats at the Black Hat convention but the threats had escalated with this latest fabricated story about him falsifying his research.

If you watch the video of the hack Maynor clearly states that he uses a third-party WiFi card (pictured), so Maynor and Ellch fabricated little (if anything) at all in their demo.

Topic: Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Research better next time

    You might want to research things a bit better before you start slamming other bloggers. Even Brian Krebs did a bit better this morning:

    Posted by SecureWorks on their website:

    "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver -- not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."

    Apple's revised statement today made it clear that the company had not received any evidence from SecureWorks to back up the claim that the Macbook drivers are indeed vulnerable.

    Furthermore, SecureWorks admitted that the drivers and hardware on the MacBook (as shipped by Apple) had not been successfully hacked by this method.

    The demo at issue purported to be a hack of a MacBook, albeit with a third party usb wireless device. It turns out that the authors had installed a device driver for the third party wireless card that they hacked themselves prior to installing it on the MacBook, solely for the purpose of supporting the demo!

    If that's not a falsified demonstration of a hack, I can't imagine what one would look like, then!

    I don't in any way support threats of any kind. That's childish, as well as illegal. But purposefully falsifiying a demo for the sole purpose of obtaining publicity is reprehensible!
    • Also add in...

      Kreb's headline that led one to believe this was a Mac specific hack, as opposed to the general wireless hack it appears to be. Add in the trash talk from the hackers about sticking lit cigarettes in Mac users' eyes. Add in the general confusion, and the complete lack of evidence they've provided that this can work on a Mac with a native Airport card (all I've seen so far is that they've assured a few reporters this is the case) and what are we left with?

      Some confusing reports that contradict one another, and some childish jerks responding childishly to the childish jerks who started the whole thing.
      tic swayback
  • Someone isn't telling the whole story

    John Gruber has what I think is a very perceptive analysis of this
    whole thing here:
    • I'll second that..

      George Ou just asks too much to be taken on trust along the lines
      that '(he) knows far more than he's telling' and '(all) will be revealed
      in a few days' but NOTHING has been added.
      Childish defensive petulence is not a substantial argument and that
      goes for Mac and Windows users too.
  • pretty much sums it up
    • Better analysis here
      • Better? not so sure but at least civil.

        I may not agree with the analysis, but what I do find refreshing from the post, and the responses both, is that it was reasonable and less flame oriented than anything else I have read on the topic. Reasonable people with differing points of view that can discuss the differences and not get in the mud while doing so.

        I still think the hack was done in a controlled space that may not reflect the risk a user has in Starbucks while drinking coffee. If you leave your computer laying around and out of sight you should not be surprised at anything that occurs, which as far as I can tell was the case with the conditions for the hack. This is a different answer than your Mac is at risk from anyone in range of your Airport signal. This is what the headline was implying - as headlines do - to catch attention.

        If this is real, and it may be, all a reporter need do is bring their own Mac (or better yet a new one out of the box) to the party. Turn it on; tell them the clock is running and report the results. The real world rules are that they be within (not touching the Mac physically)30 feet. I am thinking this would not be hard to set up the conditions for this and it would stop the talk and have real information to work with. This would allow the hackers to keep their techniques to themselves to not broadcast the "how" and show the issue as real to the population at large. If this is unreasonable... perhaps there is no problem that the real world need concern itself with.
        • Agreed

          That's my point in all this. My main objection has been the manner in which the original demo was conducted. According to later comments on the several blogs that support Maynor and Ellch (sp?), they used the open shell on the Mac to connect to the Dell to speed things up and prevent a disconnect that would occur when the hacked third party driver dies after the hack. Reconnection would have required them to drop a reconnect executable onto the Mac to get it to reconnect via the built in card...

          I'm not a hacker, and am not a real knowledgable Unix user. I support Windows machines at work for the Feds, and use Macs at home. But from what I saw on the video, I would have preferred for them to have done it the right way, just like they were trying to hack a Mac sitting at Starbucks. After all, the supposed target of the demo was Black Hatters, right? So I would suppose they would be familiar enough with the general techniques involved to not get lost in the shuffle.

          Additionally, the disclaimer that they used a third party card and driver to not expose the manufacturer of the built in card and driver is bullshit. That would work if it were some no name laptop whose identity could be hidden, but they used a MacBook, and held it up to the camera for identification! Not exactly protecting the identity of the manufacturers involved were they?

          I still think that the demo should demonstrate three things:

          1. That the target machine was stock equipped and configured.

          2. That the attack takes place under field conditions, with a login on the target at user level permissions, and without touching the target, not loading a hacked driver into it first.

          3. That the demo should demonstrate an admin or root level function after control of the target has been established to prove elevated privileges have been obtained.

          This can be done on a video, like the original, and would settle the issues that have muddied the waters so far since the Black Hat.

          I think the authors were so set on showing their demo at the Black hat convention, and weren't ready, that they took shortcuts, and targeted the Mac for publicity purposes. Both of these actions have so obscured the original purpose of the demo that the issue isn't the wireless attack that can threaten multiple wireless cards, but has devolved into a shouting match over whether they really hacked a Mac.

          I hope they rethink their plans, and re-release a video that more thoroughly covers things as I outlined above so we can get back to what the subject is supposed to have been in the first place.
  • ejkpqhx 65 qjt

    qpsmvh,vhazlcee85, bktaz.