“We’ve always known that wireless networking had lots of security problems. But we didn’t realize how bad they could be until this week, when Intel released information about security vulnerabilities in the software that runs its Centrino wireless systems, and when security researchers independently demonstrated how they could exploit similar flaws to take over a wireless laptop with startling ease,” Stephen H. Wildstrom reports for BusinessWeek.
“On Aug. 1, Intel issued a bulletin warning of three flaws in the software that lets its Wi-Fi radios communicate with the Windows operating system. Although the company said that it knew of no active exploitation of the flaws, one of them was especially dangerous because it could allow an attacker to take remote control of a computer over the air. Then the next day, on Aug. 2, two researchers demonstrated just such an attack at the Black Hat security conference in Las Vegas,” Wildstrom reports.
Wildstrom reports, “At the event, David Maynor of SecureWorks and Johnny Cache (the nom de guerre of independent researcher Jon Ellch) decided to forgo a live demo for fear of giving away too much information to the bad guys, and instead settled for a video (available from C|Net) that obscured crucial details, but remained plenty scary. In the video, it took Maynor just a minute or so on a Dell laptop to take complete control of an Apple Computer MacBook Pro through a vulnerability in its Wi-Fi card, built by an unidentified third party.”
Wildstrom reports, “Maynor stressed that there was nothing Mac-specific in the attack. The problem was not in the OS X operating system from Apple (AAPL) but in the third-party ‘device driver’ software. Although only Intel (INTC) has announced vulnerabilities, it seems a safe bet at this point that there are similar problems with any type of Wi-Fi radio working with any operating system, including any flavor of Windows or Linux.”
“For the time being, there’s not a whole lot you can do to protect yourself, short of turning off the wireless adapter on your laptop. Intel has released patches to fix the vulnerabilities in its software, but warns that installing them could cause problems because PC manufacturers frequently install modified versions on their own systems,” Wildstrom reports. “It would probably be best to wait until fix software is available from the maker of your computer or from the maker of your add-in wireless card, if you use one. In the meantime, it’s a good idea to turn off wireless when you are not actually using it.”
Full article here.
MacDailyNews Take: If there is “nothing Mac-specific in the attack,” then why use a MacBook? For the headlines, of course. Apple currently has 12% of the portable market share in the U.S. Surely, using a non-Apple laptop from any of makers included the other 88% of the market would have been more representative, but then, who’d be surprised or pick up the story about yet another security breach on a Windows system?
Brian Krebs and The Washington Post should be ashamed of their initial headline, “Hijacking a Macbook in 60 Seconds or Less.”
Letters to the Editor:
Related MacDailyNews articles:
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006