“We’ve always known that wireless networking had lots of security problems. But we didn’t realize how bad they could be until this week, when Intel released information about security vulnerabilities in the software that runs its Centrino wireless systems, and when security researchers independently demonstrated how they could exploit similar flaws to take over a wireless laptop with startling ease,” Stephen H. Wildstrom reports for BusinessWeek.
“On Aug. 1, Intel issued a bulletin warning of three flaws in the software that lets its Wi-Fi radios communicate with the Windows operating system. Although the company said that it knew of no active exploitation of the flaws, one of them was especially dangerous because it could allow an attacker to take remote control of a computer over the air. Then the next day, on Aug. 2, two researchers demonstrated just such an attack at the Black Hat security conference in Las Vegas,” Wildstrom reports.
Wildstrom reports, “At the event, David Maynor of SecureWorks and Johnny Cache (the nom de guerre of independent researcher Jon Ellch) decided to forgo a live demo for fear of giving away too much information to the bad guys, and instead settled for a video (available from C|Net) that obscured crucial details, but remained plenty scary. In the video, it took Maynor just a minute or so on a Dell laptop to take complete control of an Apple Computer MacBook Pro through a vulnerability in its Wi-Fi card, built by an unidentified third party.”
Wildstrom reports, “Maynor stressed that there was nothing Mac-specific in the attack. The problem was not in the OS X operating system from Apple (AAPL) but in the third-party ‘device driver’ software. Although only Intel (INTC) has announced vulnerabilities, it seems a safe bet at this point that there are similar problems with any type of Wi-Fi radio working with any operating system, including any flavor of Windows or Linux.”
“For the time being, there’s not a whole lot you can do to protect yourself, short of turning off the wireless adapter on your laptop. Intel has released patches to fix the vulnerabilities in its software, but warns that installing them could cause problems because PC manufacturers frequently install modified versions on their own systems,” Wildstrom reports. “It would probably be best to wait until fix software is available from the maker of your computer or from the maker of your add-in wireless card, if you use one. In the meantime, it’s a good idea to turn off wireless when you are not actually using it.”
Full article here.
MacDailyNews Take: If there is “nothing Mac-specific in the attack,” then why use a MacBook? For the headlines, of course. Apple currently has 12% of the portable market share in the U.S. Surely, using a non-Apple laptop from any of makers included the other 88% of the market would have been more representative, but then, who’d be surprised or pick up the story about yet another security breach on a Windows system?
Brian Krebs and The Washington Post should be ashamed of their initial headline, “Hijacking a Macbook in 60 Seconds or Less.”
Contact info:
Brian Krebs:
Letters to the Editor:
Related MacDailyNews articles:
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006
Oh my geez — Krebs is a WaPostie! I should have known by the amazing lack of quality. Freaking obsolete media.
Seems like if it affects all the machines, then demonstrating on the 12% market, which has prided itself on invulnerability, is certainly more effective than showing yet another Windows exploit.
They were VERY careful to say that the problem was not in the OS, and that it was not Mac-specific, but rather applies to all makes & models.
And as we all know, headlines are the only thing that motivates Apple to fix flaws.
I also wonder what the configuration of the macbook was in terms of security. Was windows file sharing turned on? Remote access? etc. etc.?
This proved nothing about Mac security. It was completely rigged, and not even using Apple’s AirPort interface/drivers. I won’t be convinced until he can stand in front of a live audience and remotely hijack their Macbooks one-by-one.
Dear Brian,
Okay, I get it… having problems paying the bills? You just had to get the latest and greatest hot tub, but dude why throw mud at one of the best American companies to pay for it? How much did the band of Pirates in Redmond pay you? .. I don’t expect an answer, you apparently hate details, like what settings the MacBook had turned on?
I know F.U.D. when I smell it, get out of journalism, there are enough corporate lackeys polluting truth as it is.
david, a very happy iBook owner, in Mpls. MN.
You guys do realize that they also used A THIRD PARTY WIRELESS CARD in that “experiment”???
Shameful.
SB
My question is how this exploit could affect a computer on a secure network. Does that change anything?
The problem was not in the OS X operating system from Apple (AAPL) but in the third-party ‘device driver’ software. Although only Intel (INTC) has announced vulnerabilities, it seems a safe bet at this point that there are similar problems with any type of Wi-Fi radio working with any operating system, including any flavor of Windows or Linux.”
See I told you, but there is more. All Mac wireless drivers are vulnerable. Even the one’s on non-Intel Mac’s.
The reason for this is that a third party company makes the wireless drivers for Apple.
And IT IS a problem in Mac OS X because Apple has allowed a possibility for a exploit to flourish and not instituted proper security compartmentalization.
This is just another discovered “backdoor” like the one security folks found in Cisco routers.
I’ve told folks a zillion times, wireless anything is insecure. Uncle Sam has trained me to be a Electronic Warfare Specialist, to create fake “blips” on enemy radar screens and tap phone lines from space. Once anything is made by a company, it’s immediately bought by front companies for the NSA/CIA/military and reverse engineered to discover the electronic vulnerabilities. This info is leaked into the civilian and hacker community.
Apple really doesn’t have a chance.
Hmmm, MP had a good post in the last thread on this.
” width=”19″ height=”19″ alt=”grin” style=”border:0;” /> etc.
My question. If someone has a mobile wi fi system to act as the invader, just how close do they have to be to attack your system? This sounds like it has to be a personal attack not a broadbased internet attack. PS, if they are that close, they may just steal your computer first.
N.
COUGH COUGH
Something you all might like to see, freshly posted by me.
Your welcome, a lot of innocent moles at Apple died to bring us this information.
x mobile
Busting the Skull of Busting the Skull
One word: LAME!!!
SB
Re: 133t h@xx0r
Sorry I can’t resist… this will open a can of worms.. but oh well. If you’re in the ‘intelligence’ community, can you tell us if/when more people are finally gonna leak the truth about 9/11 being an inside job and go mainstream, like Bob Bowman has?
I’ve been reading these stories for a few days now. My complaint is the reporting is all sensationalism. If any Airport equipped Mac is vulnerable, sit outside an Apple store and get at it. I don’t believe much of what I read and only slightly more I see in a video.
Comments:
1. This reminds me of an article earlier this year. If you want to prove what you claim – prove it. Don’t spend the same amount of time proving your exploit by all but turning on Remote Desktop (i.e. joining the same network and manually assigning IPs).
2. Krebs reports, “Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yet.” -So why use a Mac and then repeatedly say it’s not about the Mac. Oh, and then say it’s about the Mac too. If you don’t really care what Apple requests, use the internal Mac WiFi.
3. Businessweek writes, “These new vulnerabilities are much more frightening because they allow an attacker to bypass all of the computer’s defense mechanisms, including file encryption.” -Yes, because the user must be using the Mac to be attacked. Therefore, File Vault is unlocked. Can you get into another users files? I have not read that the exploit gives you root access.
4. Businessweek also states, “You’re likely to notice if someone tries to take over your computer while you are actually working on it, but these attacks will work on a computer sitting idle, even if it is not logged in to a wireless access point.” It almost sounds like I need to remove my battery to be safe. Doesn’t closing a Macbook put it to sleep? I know I can’t access my files on my Macbook from my PowerMac when it’s closed. Desktops may be vulnerable.
Questions:
1. If a computer is connected to a network (my home network) which uses WEP, how difficult is it to connect to my computer – when you aren’t part of my trusted network.
2. How difficult is it to find the IP address of a Macbook with airport on, but not connected to any network.
P.S. 133t h@xx0r is my Hero.
Yeah, the 9-11 was in inside job by the 2nd dynasty of the Xorxians, which are directly related to the Bush/Cheney/Halliburton clan, which are in reality aliens from planet X.
davida, he didn’t say he was a ‘spy’, he said he was one of the geeks the creeps go to for raw information and ‘remote monitoring’.
Busting the Skull of Busting the Skull, I disagree with me … it may be garbage video but the content is certainly enticing. How long did it take you to create the video you streamed over the phone’s screen? Nicely done, there. I think you messed up with the FireWire icon on a phone that lacks external connections when we are shown all sides of it. The renaming of iCal seems unlikely, as well. And using the terminal icon for something called “Log”? An internal volume with a mere 50 MB storage? OK … there were a few things that “don’t compute”, but you did a neat job throwing it together.
I’m no wireless guru, but it looked like, to me, you had to access the “evil” remote intentionally. Just surfing the net wirelessly did NOT appear to open your Mac up to the hack.
You had to first connect your Mac TO the offending computer. Not the other way around.
My advice – be careful who you connect to.
If they connected via the Airport/router and then got into the Mac. That would bother me a lot more.
Am I wrong?
for all you 9/11 inside job ‘unbelievers’, I invite you to put ‘9/11 proof’ in Google… good luck ’cause there ain’t any. If it wasn’t an inside job, why did all those who were responsible for protecting us got promoted, and not fired. The list of inconsistencies in the official 9/11 conspriracy theory is too long to list here. If you care, you’ll look with eyes wide open. This is not a left vs. right issue, it’s a State vs. you issue. Pray for the children. This honorable military man is running for congress in Fl., he is a brave man, check his site out… http://bowman2006.com/ The US is being run by brutal, pedophiliac bisexual men, they are very sick people. I know you don’t WANT to believe this, but investigate it our for our children’s sake, please.
Is your Wi-Fi vulnerable to attack? NO!
“The US is being run by brutal, pedophiliac bisexual men”
Ummm… I’m just as much a believer as you that 9-11 was likely an inside job, but that comment doesn’t add credibility to the argument. Even if it’s true.
Why specifically pedophiliac bisexual men? Priests are running the country? No way. via the choir?
“Brutal” I’ll buy.
And this is SO far off topic – I don’t care about arguing about it.
The point of targeting Mac OS X is to show that even it is not immune to being attacked.
agreed, the “pedophiliac bisexual men”, was bit over the top, but still true. google the ‘Franklin Scandal’, or “Conspiracy of Silence’ in google video… I just saw it last night, still fresh in my mind. The Girls and Boys Town orphanage out of Nebraska was/is a breeding ground for young prostitutes used to bribe V.I.P.s. Also investigate how one is initiated into the Skull and Bones secret society, and apparently their bizarre rituals aren’t exclusive to Yale’s campus. I was merely using one of many examples of how these men operate.
Nobody with a brain would state that Mac OS X is immune to attacks.
The point was to make Apple/Mac OS look bad.
It was bogus, otherwise, why not use the built-in Airport card?
Not to mention, NOBODY is shocked when a Windows system gets cracked – wouldn’t get a single hit these days.
SB
Dear PC Apologist,
If the flaw is in a 3rd party driver rather than Apple’s OS, how would you expect Apple to fix it? Third Parties rarely supply source code to Apple.
I should also add that Apple hasn’t claimed to be invulnerable. The Mac Fan Boys do.
I guess this desire to spread FUD is why you are a PC apologist.
Read the flaws in the hack demo on MacFixIt’s front page.
http://www.macfixit.com/article.php?story=20060804100417787
The fact that a MacBook has been used is just to make headlines. The affected systems and machines are ALL existing using that third party card.
Nothing to do with the Mac but if it was demonstrated – doing EXACTLY the very same things – on a Dell it would have had ZERO resonance.
It is a sad example of sensationalism that has nothing to do with ANY OS or vendors. The culprit is on the third Wi-Fi card, regardless of the OS or the maker of your hardware.
Just one more proof that the Mac is so much on the radar of malware writers or crackers that it is even used when there is nothing to show.
Talk about obscurity.