“The Washington Post’s Brian Krebs reports on a supposed wireless networking exploit that allows a MacBook to be hijacked,” John Gruber writes for Daring Fireball. “I smell bullshit, though — if you watch the video, the exploit apparently requires the MacBook to be using a third-party wireless card. Given that all MacBooks come with built-in AirPort support, how many MacBook users are actually susceptible to this? Any?”
Gruber writes, “Worse, Krebs’s post makes no mention of this, instead making it sound as though the exploit works against MacBooks using their built-in wireless cards and drivers. If it’s truly the case that this particular exploit only works if a MacBook is using a third-party Wi-Fi card and driver software, it’s sensationalism at its worst — a case of supposed security experts impugning Apple’s reputation for the sole purpose of drawing attention to themselves.”
Full article with links here.
“I’d like to respond to the people who commented on yesterday’s post about the video’s depiction of the use of a third-party wireless card on the Macbook. I spent more than an hour with Dave Maynor watching this exploit in action and peppering him with questions about it,” Brian Krebs reports for The Washington Post.
Krebs reports, “During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.”
Full article with the video of the MacBook hijacking here.
Related article:
Hijacking an Apple Macbook in 60 seconds – August 02, 2006
This wireless exploit is old news in the underground community.
The more one makes a product a common item, the easier it is to find the flaws and share it around the world in seconds.
The only way to make a computer and software secure is to run it by a supercomputer to expose the flaws.
Then of course the NSA and CIA want their own backdoors, which I highly suspect what this driver flaw actually is.
Remember the backdoor in Cisco routers? Yea. Big Brother.
Even when you make a color copy there is little identifing markings
http://www.eff.org/Privacy/printers/docucolor/index.php#program
So they use a Mac but not to pick on Macs but to point out that it does work on Macs. They then don’t use the native Mac drivers because they didn’t want to draw attention to the problem so they did something which in most instances people wouldn’t do – use an external device. However the article implied that it was the native drivers anyway then later confirmed that they were also at fault so they needn’t have bothered. I’m not making light of any problem but it seems to me to be a very long-winded and over complicated way to highlight a problem with something – Mac or not.
I didn’t watch the video, but the article text specifically states “internal” wireless device in the Mac Book:
“The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s wireless “device driver,” the software that allows the internal wireless card to communicate with the underlying OS X operating system. While those device driver flaws are particular to the Macbook — and presently not publicly disclosed — Maynor said the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS.”
Maybe the author got it wrong. Or maybe these guys took out the Airport card and installed a 3rd party version with new drivers. I don’t know. But the article taken at face value indicated that the Mac is susceptible, along with ALL others using wireless.
Knowing that us Mac users are “arrogant” about security, I believe they said, they should have bent over backwards to show Macs are susceptible. As it is, they look dishonest.
Does yesterdays security patch resolve this?
“The more one makes a product a common item, the easier it is to find the flaws and share it around the world in seconds.”
Aren’t you guys the ones that scream “death to the infidel” if someone mentions that the lack of exploits for the mac could maybe just a little bit have to do with the fact that it’s market share is no that big?
I am confused now. Please tell me what to think. </sarcasm>
Suspicious…
This “card” must be USB, because a MacBook does not have a “card” slot of any type. However, most people, including the companies that market such products call them USB wireless network “adapters” because they look like all those little USB flash drives, not this crazy white “card” this guy supposedly attached to the hidden side of the MacBook.
I say it’s fake. He typed something into the MacBook at the beginning to “set up” the demo, along with typing some more stuff into the other laptop. He was probably logging onto the “attacker” laptop (or vice versa) using the built-in wireless, so he could legitimately do what he did. At the end, he walks around to the other side of the table with the “attacker” laptop to show, look there are no wires here, as if that proved anything… What a stupid demo.
Yawn. Next….
This is why you should use Vista instead. It has NO proven vulnerabilities.
USB is still a problem, every mac has USB!!!
now all a burgler has to do is plug a tiny thing into your macbook while your at a hot spot.
then hack away and all your base belongs to him–better not look away from your precious mac book coz now thats the firsty one hackers will go for.
realisticly you are safe at home but turn your back while your at a hot spot and someone can steal your credit card numbers or your moms email!
os x is so secure?
lately i dont think so, look at all the articles like this, every day paracitically a new mac virus story even whether its for real or not.
and windows has em too, but at least i have the same as my friends and not be laughed straihgt into the kool aid……
Exactly what I thought too. I wanna know wich “card” he inserted in the MacBook ?
And could they have done it with the bulit in airport card ?
This is why you should use an abacus instead. It has NO proven vulnerabilities.
Anyone know were SecureWorks is located??
I am taking the liberty to add this comment from Thor on Brina Krebs page : (please forgive me Thor, but I thought it was a very good comment !)
: “Brian, Brian, Brain.
Nice headline. I am sure that it brought you a lot of hits, but now that I have seen the video, I find some of what you wrote very troubling.
First, you state that these guys found a flaw in “the software that allows the internal wireless card to communicate with the underlying OS X operating system.” Instead, the video shows them installing a third-party wireless card (which is more than a bit phony since all MacBooks have built-in wireless).
So, I ask, are Mac users doing the normal thing, using their built-in wireless, vulnerable? They don’t say, and we don’t know. I think you have some obligation to follow up on this. If the driver for the built-in wireless is vulnerable, I want to know. So far, I have doubt, since these guys say themselves that they used a Mac specifically because Mac users are so smug about security. They could have proven their point much better using a more realistic scenario.
Second, what is with the headline. I know. . . it draws lots of hits. Good for you. From a Mac user’s perspective, however, we see a lot of these headlines only to find out that the full story is a lot more complicated. Today’s was just one more example.
A better headline “Mac using an unnecessary third-party wireless card hacked in 60 seconds.”
Posted by: Thor | August 2, 2006 11:16 PM”
First, They work for (or are) the company “SecureWorks”. This is much like Norton telling you how vulnerable your computer is. They have an obvious ulterior motive… purely a financial one with free advertising. His blatant and arrogant displaying of the Apple logo shows an intent other than purely scientific.
Using a USB wireless card when NO ONE with such a Mac uses anything but the much more easy to use and configure , built-in, FREE internal card.
He also already was accessing the Mac’s UNIX shell in order to make a connection and gain access.
He claims that all wireless cards have this vulnerability, but he obviously was NOT unable to do it with the Airport wireless card built into the Mac, or else he would have used it! He, also, couldn’t do it with the MacBook just sitting there. It HAD to be connected via the UNIX shell.
So, he may be right. If you leave your Mac open and available, using the shell to access a wireless connection via a 3rd party USB wireless adapter (and totally ignoring your much better and faster built-in Airport card and its associated very easy to use software), you MAY be vulnerable to this type of attack.
Can someone, please, tell me what is that likelihood? I’d think it would be much more likely that someone would just steal the unattended MacBook.
Read this where the attacker admit to NOT uing the MacBooks built in wireless
http://abcnews.go.com/Technology/wireStory?id=2266507
The drivers are written by a third party, and Appel may fix the issue but this hack also applies to Windows.
You don’t know exploits like I do.
This was a fixed demo like the last one claiming they could get in when in reality they had a local user account and were accessing the Mac locally. Pure simple unreal FUD!
Lets see, the guy uses a Dell to break into a mac and the first file he creates is named owned.
Definitly a windows fanboy.
That said, he did computer users a service by highlighting these types of flaws.
Mark
MDN wrote:
> Full article with the video of the MacBook hijacking here.
> (Link to http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html)
Am I completely blind, or is there no link to a video on that page?
The highlighting of serious flaws within any OS is a good thing. Maybe we should all exercise a little more caution and less blatant chest pounding about how great our OS is.
Seriously, not only does the demo’er not use the built-in wireless of the MacBook for the demo, he apparently used some weird-looking USB “card,” not the typical “Cardbus” type wireless slot card that most PC Windows laptop users (those without built-in wireless) use. I’m not surprised that the driver for such a low-use product did not get enough security attention. Who uses those USB wireless network “adapters” except maybe some folks with networked Tivo’s?
They could not have designed a more rediculous demo if they tried very very hard. I’ve never felt more “smug” about Mac OS X than I do now, if this is the best the “hacker” can do…
He only made changes in the home directory. Can you make changes outside of that? Was file sharing turned on? I know that doesn’t limit you to the home directory of the Mac you are networked to but it can make things a hell of a lot easier to do.
I’d like to play Devil’s Advocate and point something out as we all like to banter about the “no known viruses targeting OSX” or “No one attacks OS X because the install base is too small”. A little while back, there was released in the wild a worm aimed at OSX. “The End is Near!” claimed the Anti-OSX crowd! “Here comes the flood of attacks against Macs!” and, “You Mac users will see now!! OSX is as Vulnerable as Windows, just no one has cared until now!!”
Now, I admit: At this news, I, too, shook with fear! My Dear Mac could now be under attack! ACK!
So, I wanted to see what this new bit of malevolence could do to my precious system. I proceeded to back up my system for easy re-install should I need it and actually downloaded said Prophet of Doom for the Red Delicious, er… Macintosh. Shaking, nay! Quivering! I downloaded it…. My heart beating faster, I saved it… Now, I felt like the SOB in “The Tell Tale Heart”, my Mac silently portraying the cry, “Why?? What did I do to you??”
I clicked on the file!!! …. ….. A message box, “This will install an application, do you want to proceed?” ….
” width=”19″ height=”19″ alt=”hmmm” style=”border:0;” /> I ….. ENTERED IT!!!! (I was about to cry, seeing the deviousness of this exploit!!) …..
My heart was beating faster … Or was it my Mac’s?? I couldn’t tell!!! THE MADNESS, I TELL YOU!!!!! The drama as I sat and waited for something to happen.
Much to my dismay, the Prophets of Doom were correct!! After installing and launching the exploit, the Pure Evil of it’s Payload was rent unto my hapless Mac!!!
Another system dialogue box!!!! It read, “An application error occurred. The program will quit.”
My God, Man!! I tell you, more viruses like this and Apple is in a world of heart!!!!
I couldn’t take it any more!!! I had to press “Command + Delete” after highlighting the culprit on my Desktop!!
Such Evil should not allow to exist!
How come that when logged in he is automatically inside the home folder of the user currently logged in?
Is he logged in as sthe current user?
Does he really have root access?