Hijacking an Apple Macbook in 60 seconds video posted online

“The Washington Post’s Brian Krebs reports on a supposed wireless networking exploit that allows a MacBook to be hijacked,” John Gruber writes for Daring Fireball. “I smell bullshit, though — if you watch the video, the exploit apparently requires the MacBook to be using a third-party wireless card. Given that all MacBooks come with built-in AirPort support, how many MacBook users are actually susceptible to this? Any?”

Gruber writes, “Worse, Krebs’s post makes no mention of this, instead making it sound as though the exploit works against MacBooks using their built-in wireless cards and drivers. If it’s truly the case that this particular exploit only works if a MacBook is using a third-party Wi-Fi card and driver software, it’s sensationalism at its worst — a case of supposed security experts impugning Apple’s reputation for the sole purpose of drawing attention to themselves.”

Full article with links here.

“I’d like to respond to the people who commented on yesterday’s post about the video’s depiction of the use of a third-party wireless card on the Macbook. I spent more than an hour with Dave Maynor watching this exploit in action and peppering him with questions about it,” Brian Krebs reports for The Washington Post.

Krebs reports, “During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.”

Full article with the video of the MacBook hijacking here.

Related article:
Hijacking an Apple Macbook in 60 seconds – August 02, 2006

25 Comments

  1. This wireless exploit is old news in the underground community.

    The more one makes a product a common item, the easier it is to find the flaws and share it around the world in seconds.

    The only way to make a computer and software secure is to run it by a supercomputer to expose the flaws.

    Then of course the NSA and CIA want their own backdoors, which I highly suspect what this driver flaw actually is.

    Remember the backdoor in Cisco routers? Yea. Big Brother.

    Even when you make a color copy there is little identifing markings

    http://www.eff.org/Privacy/printers/docucolor/index.php#program

  2. So they use a Mac but not to pick on Macs but to point out that it does work on Macs. They then don’t use the native Mac drivers because they didn’t want to draw attention to the problem so they did something which in most instances people wouldn’t do – use an external device. However the article implied that it was the native drivers anyway then later confirmed that they were also at fault so they needn’t have bothered. I’m not making light of any problem but it seems to me to be a very long-winded and over complicated way to highlight a problem with something – Mac or not.

  3. I didn’t watch the video, but the article text specifically states “internal” wireless device in the Mac Book:
    “The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s wireless “device driver,” the software that allows the internal wireless card to communicate with the underlying OS X operating system. While those device driver flaws are particular to the Macbook — and presently not publicly disclosed — Maynor said the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS.”

    Maybe the author got it wrong. Or maybe these guys took out the Airport card and installed a 3rd party version with new drivers. I don’t know. But the article taken at face value indicated that the Mac is susceptible, along with ALL others using wireless.

  4. “The more one makes a product a common item, the easier it is to find the flaws and share it around the world in seconds.”

    Aren’t you guys the ones that scream “death to the infidel” if someone mentions that the lack of exploits for the mac could maybe just a little bit have to do with the fact that it’s market share is no that big?

    I am confused now. Please tell me what to think. </sarcasm>

  5. Suspicious…

    This “card” must be USB, because a MacBook does not have a “card” slot of any type. However, most people, including the companies that market such products call them USB wireless network “adapters” because they look like all those little USB flash drives, not this crazy white “card” this guy supposedly attached to the hidden side of the MacBook.

    I say it’s fake. He typed something into the MacBook at the beginning to “set up” the demo, along with typing some more stuff into the other laptop. He was probably logging onto the “attacker” laptop (or vice versa) using the built-in wireless, so he could legitimately do what he did. At the end, he walks around to the other side of the table with the “attacker” laptop to show, look there are no wires here, as if that proved anything… What a stupid demo.

  6. USB is still a problem, every mac has USB!!!

    now all a burgler has to do is plug a tiny thing into your macbook while your at a hot spot.

    then hack away and all your base belongs to him–better not look away from your precious mac book coz now thats the firsty one hackers will go for.

    realisticly you are safe at home but turn your back while your at a hot spot and someone can steal your credit card numbers or your moms email!

    os x is so secure?

    lately i dont think so, look at all the articles like this, every day paracitically a new mac virus story even whether its for real or not.

    and windows has em too, but at least i have the same as my friends and not be laughed straihgt into the kool aid……

  7. I am taking the liberty to add this comment from Thor on Brina Krebs page : (please forgive me Thor, but I thought it was a very good comment !)
    : “Brian, Brian, Brain.

    Nice headline. I am sure that it brought you a lot of hits, but now that I have seen the video, I find some of what you wrote very troubling.

    First, you state that these guys found a flaw in “the software that allows the internal wireless card to communicate with the underlying OS X operating system.” Instead, the video shows them installing a third-party wireless card (which is more than a bit phony since all MacBooks have built-in wireless).

    So, I ask, are Mac users doing the normal thing, using their built-in wireless, vulnerable? They don’t say, and we don’t know. I think you have some obligation to follow up on this. If the driver for the built-in wireless is vulnerable, I want to know. So far, I have doubt, since these guys say themselves that they used a Mac specifically because Mac users are so smug about security. They could have proven their point much better using a more realistic scenario.

    Second, what is with the headline. I know. . . it draws lots of hits. Good for you. From a Mac user’s perspective, however, we see a lot of these headlines only to find out that the full story is a lot more complicated. Today’s was just one more example.

    A better headline “Mac using an unnecessary third-party wireless card hacked in 60 seconds.”

    Posted by: Thor | August 2, 2006 11:16 PM”

  8. First, They work for (or are) the company “SecureWorks”. This is much like Norton telling you how vulnerable your computer is. They have an obvious ulterior motive… purely a financial one with free advertising. His blatant and arrogant displaying of the Apple logo shows an intent other than purely scientific.

    Using a USB wireless card when NO ONE with such a Mac uses anything but the much more easy to use and configure , built-in, FREE internal card.

    He also already was accessing the Mac’s UNIX shell in order to make a connection and gain access.

    He claims that all wireless cards have this vulnerability, but he obviously was NOT unable to do it with the Airport wireless card built into the Mac, or else he would have used it! He, also, couldn’t do it with the MacBook just sitting there. It HAD to be connected via the UNIX shell.

    So, he may be right. If you leave your Mac open and available, using the shell to access a wireless connection via a 3rd party USB wireless adapter (and totally ignoring your much better and faster built-in Airport card and its associated very easy to use software), you MAY be vulnerable to this type of attack.

    Can someone, please, tell me what is that likelihood? I’d think it would be much more likely that someone would just steal the unattended MacBook.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.