Maynor demos MacBook Wi-Fi hijack, admits mistakes

Maynor demos MacBook Wi-Fi hijack, admits mistakes

Summary: Looking to put to rest one of the most bizarre vulnerability disclosure disputes in recent memory, hacker David Maynor offered an apology for mistakes made, provided a live demo of the controversial MacBook Wi-Fi takeover and promised to release e-mail exchanges, crash/panic logs and exploit code to clear his tarnished name. Maynor kicked off a presentation at the Black Hat DC 2007 with a demo of the attack against a MacBook running Mac OSX 10.

SHARE:
Looking to put to rest one of the most bizarre vulnerability disclosure disputes in recent memory, hacker David Maynor offered an apology for mistakes made, provided a live demo of the controversial MacBook Wi-Fi takeover and promised to release e-mail exchanges, crash/panic logs and exploit code to clear his tarnished name.David Maynor with MacBook

Maynor kicked off a presentation at the Black Hat DC 2007 with a demo of the attack against a MacBook running Mac OSX 10.4.6, proving that he was able to crash the machine via a device driver flaw in Apple's AirPort Atheros.

He then ran the exploit against a fully patched MacBook to prove that Apple did fix the exact issue he reported, even if the company opted not to credit him, his co-presenter Jon "Johnny Cache" Ellch or his then employer [SecureWorks].

"I screwed up a bit [at last year's Black Hat in Las Vegas]. I probably shouldn't have used an Apple machine in the video demo and I definitely should not have discussed it a journalist ahead of time," Maynor said in an interview after his demo.


 
  Black Hat Gallery: Hackers discuss weaknesses in Wi-Fi drivers, RFID proximity devices and hardware-based forensics. Images in our gallery.  

 
"I made mistakes, I screwed up. You can blame me for a lot of things but don't say we didn't find this and give all the information to Apple.

"They claimed we had nothing to do with their patches but I'll release all the crash and panic logs that we gave to them. You can look at it and decide for yourself," Maynor said. "I'll give you crash/panic logs if you want."

The only difference from the 10.4.6 and 10.4.8 machines is the changes to the Airport code," he said, offering examples of e-mail exchanges he had with Apple's security response team discussing the severity of the threat. For legal reasons, Maynor said he could not share e-mails sent from his SecureWorks address.

He said the code, logs, e-mail exchanges will be published on the Errata Security blog.

Here are the slides from Maynor's presentation (PPT). 

Topics: Collaboration, Apple, Hardware, Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

208 comments
Log in or register to join the discussion
  • What a joke

    Let's recap:

    1. Maynor demos what he claims is a hack to Apple's airport drivers. It soon turns
    out that it's a third-party card that works in any machine, and that Maynor hates
    Apple and Mac users in general because they are smug about how secure their
    computers are.
    2. He gets called on it and spins like a top.
    3. Ou joins forces with Maynor because Ou also hates Apple, probably for the
    same reasons.
    4. Ou declares that he has the dirt that will vindicate Maynor and prove Apple is
    the lying scumbag dirtball corporation he knows it really is, and he'll tell all in a
    few days.
    5. Weeks go by. Apple patches their airport drivers after crediting Maynor for
    getting them to dig in the code, but claim their patch does not affect Maynor's
    hack, which is non-existent.
    6. Maynor goes to ground.
    7. Ou loudly proclaims Apple is a lying dirtbag scum corporation trying to
    discredit Maynor because Maynor had the guts to Speak Truth to Power, and that
    Ou has the dirt that will vindicate Maynor and prove to the world that Apple is a
    lying dirtbag, scumball company.
    8. 8 months go by.
    9. Maynor crawls out into the light of day and says: Hey, Apple did patch my flaw
    and didn't give me credit for it. See, I'll show you. Here's my hack before the
    patch, and see, it doesn't work after the patch. What? Is it the same hack I did the
    first time? Well, uh, yeah. Because I say so. Just trust me.
    frgough
    • And your point IS????

      All I heard while reading your post was blah blah blah blah blah blah blah blah blah. There was no point and nothing of interest there.

      Care to come again with something a bit more coherent?
      andrej770
      • That's OK

        You don't need to feel badly that you can't understand that this is more Maynor
        theatrics.
        frgough
      • His point is . . .

        oh, never mind. You obviously wouldn't get it anyway.
        brian ansorge
      • and your point?

        idiot!!
        Arm A. Geddon
    • Maybe

      Maynor and Ou still want to put out a light cigarette in all Mac users eyes. ;)
      Rick_K
      • Henceforth, let the one-eyed smiley be the symbol for all Mac users

        If Maynor and Ou smoke, I wish them healthy and productive cancer cells.
        YinToYourYang-22527499
    • Your kind is beyond hope.

      So your theory is that although Maynor got his ass chewed out by the low likes of you the first time because he didn't squeal right away, that now hes back to take a real horrible beating because hes saying so much this time that if he is lying even he knows he would get caught. I suggest hes not lying and facts are facts and you just don't like them. GO cry me a river of Apple red tears.

      You know, enough is enough, its time for you to at least attempt to accept reality. People who are not wearing "APPLE COLORED GLASSES" said ages ago that Apple hasn't ever denied the vulnerability even once. They just don't give credit where credit is due and rely on the over sized loud mouths of their all too SMUG users to create enough flying FUD to drown out the real questions. YOU LOSE. GET USED TO IT.
      Cayble
      • HWta I don't understand

        Is why Maynor would show the "exploit" on 10.4.6 when 10.4.7 was already out at
        the time, and then show it not present in 10.4.8, later, despite the fact that 10.4.7
        was around when he demonstrated the exploit?

        Does it exist in 10.4.7?

        If not, Maynor has demonstrated nothing.

        What am I missing here?
        Lettuce.Pickles
        • Your talking like a moron.

          All he ever said was that this exploit existed AT THE TIME 2006 in certain instances of numerous platforms and 10.4.6 was one of them and we know as fact reported by Apple they released to wireless patch when they said they did. Then the flaw was gone.

          Don't play stupid.
          Cayble
    • What a Joke - Author or programmer?

      People who really cares who get's credit for fixing a flaw in an OS. Seems Maynor made a mistake by not showing his work initially and now wants credit. The Author of this talkback wants everyone to think Apple is the BOmb. Who cares if you nif you Apple or Microsoft. All I care about is that fixes are fixed. BOTH OS's have issues and I only want them fixed. I have used them both and know of some quirky things as a user in both OS's.

      I have kids who use Mac's (strickly because of school) and I use Microsoft. I want my Kid's computers to as hacker proof as possible. Let's just get things fixed and stop complaining about who gets what credit and what OS is better.
      palo905@...
      • Maynor DID show his work to Apple he said, that was what he agreed to do.

        Don't get side tracked here..

        Maynor did this new demo right infront of everyone at a Blackhat conference in 2007. NOT ONE SINGLE PERSON THAT WAS THERE HAS EVER SAID IT WAS FAKED.

        All who were there at the first one didn't dispute it either.

        Only backseat drivers after the fact, like too many Apple Jack posters at ZDNet who clearly are without a clue.
        Cayble
    • Oh my god. Your a masive idiot frgough. GIve it a rest.

      Your sickening and delusional.

      I guess if hes lying Apple will without a doubt sue him.

      And given Im posting this now in 2014, guess what.

      Im right your wrong and the whole world knows it now.

      Apple just kept their mouth shut and hoped either nobody notices or idiots like you draw attention away.

      Your the worst kind of jackass that exists.

      I bet you figure Elvis is alive and still living in your basement too.
      Cayble
  • Oh boy - here we go.

    These Apple fan boys are more zealous and fanatical than Al Qaeda, and operate on about the same tolerance level. Let the ranting posts begin!
    ejhonda
    • Ah the irony

      The second post up here is from a Windows fanboy whining about Apple fanboys. Funny how insanely obsessed you guys are with users of Apple's computers. Why do you care so much?
      tic swayback
      • jumping the gun

        EJHonda made no references to any OS except state something about Mac fanboys. How exactly can you come to a conclusion from this post that he is a Windows fanboy. Seems like he just made a comment about Apple fanboys.
        code_Warrior
        • It's real simple

          EJHonda has posted Pro Microsoft Anti Everything else posts on ZDNet before. He/
          she (it) has shown a certain [b]Zealotry[/b] for Microsoft.
          Rick_K
          • and so...

            there are Windows Zealots, Linux Zealots, and Mac Zealots.... big freakin deal... it seems most of them hang out on ZDNet just waiting for a story to get posted so that one can blast the other. Perhaps you should all just have a party, and settle your disputes with rock 'em sock 'em robots.
            Badgered
          • I just don't get it

            ---there are Windows Zealots, Linux Zealots, and Mac Zealots.... big freakin deal... ---

            Exactly. I'd bet there are more posts complaining about zealots, or accusing others of being zealots than there are posts by zealots. Boring.
            tic swayback
          • These people are

            Zealot zealots.
            Prime Detailer