Video interview on hacked MacBook

Video interview on hacked MacBook

Summary: Having attended the Black Hat and DEFCON conference last week, I had the opportunity to interview David Maynor and Jon "Johnny Cache" Ellch about the research work they did on driver hacking.  These two researchers had just given their presentation showing how they hacked in to an Apple MacBook in mere seconds and gained root control through a flawed Wi-Fi driver.

SHARE:
TOPICS: Windows
7

Having attended the Black Hat and DEFCON conference last week, I had the opportunity to interview David Maynor and Jon "Johnny Cache" Ellch about the research work they did on driver hacking.  These two researchers had just given their presentation showing how they hacked in to an Apple MacBook in mere seconds and gained root control through a flawed Wi-Fi driver.

I happened to have my own personal Sony HDV (High Definition Video) camera with me and I was able to video record the interview.  I've converted the footage in to Windows Media format in to two ten minute segments.  The files had to be embedded in this manner because the video footage was wide screen anamorphic and playing the video files back natively would force the video to play back in 4:3 aspect ratio which would look all wrong.

Interview part one:

Interview part two:

After the video interview, I spoke with David and Jon about the possibility of getting the OS vendors like Microsoft to mandate device driver hardening options so that the users can at least choose to use a driver harden mode and they thought this was a good idea.  I'll have to follow up with Microsoft and see if they're interested in enforcing driver hardening in their driver certification program.

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • What is it with you and Apple?

    The issue isn't that a MacBook got hacked (with the inference
    that OS X was hacked) but that a third party driver got hacked.
    Moreover, since it wasn't the Airport card that got hacked, how
    often will this proliferate? The story is that a WiFi driver got
    hacked and it is platform independent, so for those PC and Mac
    laptop owners using third party WiFi cards, they need to contact
    their WiFi card vendor about updated drivers.

    No OS manufacturer should get dinged because of faulty third
    party drivers, especially if they weren't provided by the OS
    manufacturer via a software distro agreement.

    Then again, who's gonna read an article titled, "Third Party WiFi
    drivers hacked"?

    I actually liked the interview and appreciate that you made
    explicit mention that this exploit DOES NOT AFFECT AIRPORT
    USERS.

    Too bad the title is so misleading.
    MacKeyser
    • Title says "macbook" which is 100% accurate

      My title didn't say Apple "Airport" got hacked. As it turns out, Apple hardware and drivers aren't out of the woods yet. But as it turns out, there may be some issues there yet.
      georgeou
      • What does that mean?

        Not out of the woods yet? uh, if you got something to publish,
        publish it. Otherwise, you've got nothing but innuendo and that
        has no place in a tech journal or being reported in anything
        other than a gossip column.

        Either Airport has been or is about to be hacked or it ain't. This
        obtuse "not out of the woods yet" is nonsense.

        And, duh, of course individual drivers aren't out of the woods,
        yet. The issue is that it was a WiFi driver problem which could be
        exploited on ANY platform fully utilizing WiFi that was the
        problem.

        And I totally agree on having choice about locking down
        unnecessary access points within the standard.

        So, if the researchers had used a WiFi card on a Vaio, would the
        title have been "Sony Vaio hacked? No, of course not. "Windows
        hacked" perhaps? NO. Windows has been hacked countless
        times.

        Saying MacBook infers the underlying OS, which absolutely
        under no circumstances did that happen. Not that it won't, but it
        didn't.

        Look, I said I liked the interview and appreciated the distinction
        explicitly articulated that this was NOT an airport or apple issue
        (as far as they could tell at the time of the interview anyway), but
        a 3rd party issue with regards to the 3rd party WiFi driver and a
        serious issue with the WiFi standard, itself, possibly.

        Bottom line is a Macbook didn't get hacked. A third party WiFi
        card got hacked. IT was the entry point. ITS driver was the
        software that was penetrated. I'd wager with a little jiggering,
        they could perform the same penetration on a Windows box in
        the same period of time (meaning almost no time at all).

        The issue is WiFi and suspect drivers. Why not just stick with
        that instead of continuing this shilling for MS and denigrating all
        things Apple?
        MacKeyser
        • This is going to blow up on Apple soon

          I'm under NDA right now, but I can say you're going to see a big scandal on this in the coming days. For now, you can read this.
          http://blog.washingtonpost.com/securityfix/2006/08/the_macbook_wireless_exploit_i.html

          Yes, MacBook hardware is affected. It doesn't have to be 3rd party hardware.
          georgeou
          • This is crap, George

            You simply cannot under NDA make assertions that you cannot
            prove.

            That is a complete lack of journalist integrity. Either you CAN
            publish with proof or you can't. But it is complete and utter
            horsepuckey to publish without any possibility of providing
            proof.

            Moreover the WP blog has already shown to have problems.
            Moreover, the questions, the ACTUAL questions like we KNOW it
            wasn't using an ExpressCard because it was a MacBook and the
            MAC showed an APPLE MAC address (not one associated with the
            any USB device of any kind), then they either lied about the hack
            and it was actually Apple hw and sw they hacked (in which case,
            why is SecureWorks outright said that they couldn't hack the
            Apple hw/sw in question rather than say something which
            wouldn't paint them as liars) or they have some explaining to do.

            See, I have yet to see an answer as to why the MAC showed an
            APPLE addy. And the video is pretty easy to break down.
            Moreover, it should have showed an NON-Atheron and NON-
            Broadcom addy as well.

            Enough with the future stuff. Either you CAN publish with facts
            or you shouldn't publish. Blogging is NOT akin to gossip column
            writing. As a Technical Director, certainly you would NOT allow
            someone to assert to YOU that any OS had problems and make
            all sorts of assertions with the promise of future disclosure.
            Sure, you might listen out of curiousity, but base decisions?
            Agree to publish them without corroboration? As I recall, Mary
            Mapes got into all kinds of trouble by NOT having corroboration
            and proof.

            If you ARE a journalist and you truly respect the NDA, then
            simply shut up until you CAN publish. That is the journalistic
            standard. Hiding behind an NDA is just so....wrong.
            MacKeyser
    • As if

      So now device drivers are "platform independent?" That's going to come as a shock to all the driver writers who have to pass Microsoft's certification program.

      This does suggest that the WiFi Alliance's certification program needs to be more robust, as that and the MS tests are all there is.
      richardbennett
      • Just the man I wanted to hear from on this

        Do you think it's even feasible to create a driver lockdown mode as these two researchers suggest? This means that a lot of ?standard? features will have to be ignored.
        georgeou