May 25, 2012 - 05:30 PM EDT — AAPL: 562.29 (-3.03, -0.54%) | NASDAQ: 2837.53 (-1.85, -0.07%)

Hijacking an Apple Macbook in 60 seconds

Wednesday, August 2, 2006 · 10:33 am · 70 Comments

“If you want to grab the attention of a roomful of hackers, one sure fire way to do it is to show them a new method for remotely circumventing the security of an Apple Macbook computer to seize total control over the machine. That’s exactly what hackers Jon “Johnny Cache” Ellch and David Maynor plan to show today in their Black Hat presentation on hacking the low-level computer code that powers many internal and external wireless cards on the market today,” Brian Krebs reports for The Washington Post.

Krebs reports, “The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s wireless ‘device driver,’ the software that allows the internal wireless card to communicate with the underlying OS X operating system. While those device driver flaws are particular to the Macbook — and presently not publicly disclosed — Maynor said the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS. Still, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the ‘Mac user base aura of smugness on security.’”

“‘We’re not picking specifically on Macs here, but if you watch those ‘Get a Mac’ commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something,’ Maynor said. ‘The main problem here is that device drivers are a funny mix of stuff put together by hardware and software developers, and these guys are often under the gun to produce the code that will power products that the manufacturer is often in a hurry to get to market,’” Krebs reports.

Krebs reports, “Maynor said he and his colleague opted in favor of a videotaped demonstration versus a live one because of the possibility that someone in the audience could intercept the traffic sent to a potentially live target and deconstruct the attack — possibly to use the exploit in the wild against other Macbook users.

“Apple — like many computer manufacturers — outsources the development of its wireless device drivers to third parties. In Apple’s case, the developer in question is Atheros, a company that devises drivers for a number of different wireless cards, each designed with drivers specific to the operating systems on which they will be used,” Krebs reports. “Maynor and Ellch also found two different device driver flaws for wireless products aimed at Windows systems. This is notable because it points out a security loophole in the way that Microsoft has traditionally processed device drivers.”

Krebs reports, “Maynor said he and Ellch have been in contact with Apple, Microsoft and other companies responsible for vetting the device drivers that power the embedded or third-party wireless card devices meant for those systems, and that both companies are working with wireless card vendors and original equipment manufacturers (OEMs) to remedy the problems. Assuming the wireless device driver makers affected by these flaws fix the problems, it may be an uphill battle for those vendors to find an easy way for users to upgrade that software.”

Krebs reports, “I should note here that while the bad guys may or may not have known about these security weaknesses for some time, there is not a single shred of evidence that these flaws have been exploited ‘in the wild’ (as security companies like to say). That said, it might not be terrible idea to take advantage of the button your laptop that allows you to turn off the machine’s constant search for wireless networks when you’re not actively trying to go online.”

Full article here.

MacDailyNews Take: Those “Get a Mac” commercials are really getting under some people’s skin. Good.

Categories: MacDailyNews, News

Thank You for supporting MacDailyNews!

♥ Adobe Photoshop CS6 Extended for Mac - Student and Teacher Edition DVD (65171323) only $249!
♥ Blowout: Apple 15.4" MacBook Pro i7/4Core/2.0GHz/4GB/500GB (MC721LL/A) only $1,549.99 + Free Shipping from MacMall
♥ Mac Madness Save 25% on Parallels Desktop 7!
♥ 15% Off Compatible Ink. 10% Off All Others (excludes OEMs). Free Shipping over $55. Coupon: 123BLOSSOM, Expires 6.18.12
♥ Save up to 60% at the Hammacher Schlemmer Special Values Sale-While supplies last.
♥ Dragon Dictate for Mac 2.5 - New! Simply Smarter Speech Recognition
♥ Up to 30% OFF Accessories from Verizon Wireless
♥ Limited Time Offer: Get free ZAGGsmartbuds when you buy a ZAGGsparq!

Comment Feed

70 Comments

1 2 3 4 Next »

Jerkstore

Wednesday, August 2, 2006 - 10:37 am · Reply

Videotaped. Sounds fishy to me.
j

Wednesday, August 2, 2006 - 10:40 am · Reply

holy shit

my smugness just took a big hit in the groin
Dirty Pierre le Punk

Wednesday, August 2, 2006 - 10:40 am · Reply

But if those commercials prompt a round of Mac attacks that actually do work, then not so good.
Pieter De Becker

Wednesday, August 2, 2006 - 10:43 am · Reply

What goes around comes around!

External coders are no excuse!!!

At work Apple!!!
still smug

Wednesday, August 2, 2006 - 10:45 am · Reply

hmmm … my guess is that apple will fix this pronto and we’ll still be able to bask in a (realtively) ‘sploit free world, while M$ aficionados continue to fester in their digital petri dishes.
RePlay

Wednesday, August 2, 2006 - 10:46 am · Reply

Bet this will garner a boatload of attention. Maybe Apple should do its own programing for wireless.
critic

Wednesday, August 2, 2006 - 10:46 am · Reply

Good. When Apple releases the patch for this tomorrow I can resume being smug.
gwm

Wednesday, August 2, 2006 - 10:47 am · Reply

You know, it shouldn’t be long before one of these guys that likes to publish malicious operating system exploits finds themselves in big legal trouble.

They want to ‘stab in the eye’? C’mon. We’re hovering near encitement to violence with statements like that. Combine that with the public demonstration of a malicious hack? Gettin’ dicey, no?
BustingTheSkullsOfIdiots

Wednesday, August 2, 2006 - 10:48 am · Reply

La di dahdi. This is not an OS X flaw — it is a driver flaw. I love the people who will turn this around and go “OS X has flAWWSSS!” like Chicken Little. It’s so fun to watch idiots get spun up.
G-Spank

Wednesday, August 2, 2006 - 10:48 am · Reply

No it’s all good. Mac OS X is much more secure, but Apple needs to identify these types of problems and fix them. For Apple it is a controllable situation. For MS, it is not.
Damacles

Wednesday, August 2, 2006 - 10:51 am · Reply

What sounds like bad news here (if true) is actually GREAT news!

Please, let guys like this help Apple fix such problems BEFORE they get loose in the wild, not AFTER!

The truth is that flaws exist in ALL systems, Mac, Windows, and beyond–and always will. The difference lies in how the company responsible for those flaws addresses them.

If these are REAL, lets hope Apple (and even MonkeySoft) fixes them quickly. Regrettably, we ALL suffer when hackers do their thing.
hairbo

Wednesday, August 2, 2006 - 10:54 am · Reply

Yikes!

no normal user is going to make any distinction between a flaw that originates in OS X vs. a third-party driver. If somebody hijacks a MacBook, it’s going to reflect very poorly on Apple.

It’s really good that folks like this are out there, though. If the story is to be believed, then they will disclose their findings to both Apple and MS in the hopes of plugging this security hole in the future.
Complex Systems

Wednesday, August 2, 2006 - 10:58 am · Reply

Nothing as complex as Mac OS X– or Windows XP is going to be without flaws. However, when comparing security vulnerabilities between the two the difference is huge. I’d liken it to the difference between a a girl who has slept only with one BF and a toothless $10 crack whore. Guess which is which.
Naraa Haras

Wednesday, August 2, 2006 - 10:59 am · Reply

I remember reading about a security analyst going to a convention and having his Mac pwned. Seems as though this explains it.
TowerTone

Wednesday, August 2, 2006 - 11:00 am · Reply

I downloaded a patch for my iMac but it still wants a cigarette.
Digital Kid

Wednesday, August 2, 2006 - 11:00 am · Reply

Bring it, Krebs!
JadisOne

Wednesday, August 2, 2006 - 11:00 am · Reply

Still, if someone were to somehow do this on a grand scale, the score would still be Windows – 144,000+ to Mac – 1. Like golf, the lower the score, the better. Mac still wins and is a more secure system to use than Windows could ever hope to be.
Delusional Turd

Wednesday, August 2, 2006 - 11:00 am · Reply

“This is not an OS X flaw — it is a driver flaw”
It ships on the OS X discs, is updated by Apple on software update. It’s part of the OS.
Jaakko

Wednesday, August 2, 2006 - 11:00 am · Reply

Lets be realistic. What are the odds somebody will actually seize control of your mac with a specific security flaw known by VERY few people. Propably same as getting hit by a lightning while under a shark attack in the mediterranean.
kenh

Wednesday, August 2, 2006 - 11:02 am · Reply

re:”But if those commercials prompt a round of Mac attacks that actually do work, then not so good”

The idea that there is some genius hacker out of there who has not heard of OSX and will suddenly strike is silly.

That does not mean that a real attack cannot happen, but if security through obscurity were valid, then how could the first 8500 copies of Windows Vista be attacked by several viruses within 8 hours of release.
Yes, that was a Beta version, but the difference is the underlying structure of an operating system that is the main determining factor.

OSX becomes stronger when faced with challenges, unlike others that keep getting new variants of old viruses. That fact tells you everything you need to know about the inherent weakness of the “other” operating system.

Could these guys be right in this case? Of course, but look at history.