Maynor demos MacBook Wi-Fi hijack, admits mistakes
Maynor kicked off a presentation at the Black Hat DC 2007 with a demo of the attack against a MacBook running Mac OSX 10.4.6, proving that he was able to crash the machine via a device driver flaw in Apple's AirPort Atheros.
He then ran the exploit against a fully patched MacBook to prove that Apple did fix the exact issue he reported, even if the company opted not to credit him, his co-presenter Jon "Johnny Cache" Ellch or his then employer [SecureWorks].
"I screwed up a bit [at last year's Black Hat in Las Vegas]. I probably shouldn't have used an Apple machine in the video demo and I definitely should not have discussed it a journalist ahead of time," Maynor said in an interview after his demo.
Black Hat Gallery: Hackers discuss weaknesses in Wi-Fi drivers, RFID proximity devices and hardware-based forensics. Images in our gallery. | ||
"They claimed we had nothing to do with their patches but I'll release all the crash and panic logs that we gave to them. You can look at it and decide for yourself," Maynor said. "I'll give you crash/panic logs if you want."
The only difference from the 10.4.6 and 10.4.8 machines is the changes to the Airport code," he said, offering examples of e-mail exchanges he had with Apple's security response team discussing the severity of the threat. For legal reasons, Maynor said he could not share e-mails sent from his SecureWorks address.
He said the code, logs, e-mail exchanges will be published on the Errata Security blog.
Here are the slides from Maynor's presentation (PPT).