“By now you’ve likely read much coverage regarding the now infamous ‘MacBook Wireless Hack’ — a video that was publicly exposed at the Black Hat security conference purportedly showing a standard MacBook (with a third-party wireless card) being compromised by a Dell laptop within wireless range,” MacFixIt reports.
“In a nutshell, the controversy regarding this video is such: The security flaw exploited in the video is performed using a third-party, USB-based Wi-Fi card, not the MacBook’s native, built-in AirPort hardware/software. However, the creators of the video claim that the MacBook’s hardware is similarly susceptible, but no demonstration was carried out using the native hardware due to ‘pressure’ from Apple,” MacFixIt reports. “Without an explanation of the actual exploit, and in the absence of any commentary from Apple, it is impossible to speculate whether or not the MacBook’s native hardware is actually vulnerable to this flaw as claimed.”
“Another point of consideration is the level of access afforded by this hack. In the video demonstration, the hostile Dell machine was able to access user-level functions only. There was no indication as to whether any admin or root-user level tasks could be accomplished,” MacFixIt reports.
MacFixIt offers an easy recipe to plug this “security hole” – never join untrusted wireless access points:
• Open System Preferences and navigate to the Network pane
• Select Airport, and click “Configure”
• Go to the Airport tab
• From the “By default join” menu, select “Preferred Networks” rather than “Automatic”
• Next delete all non trusted networks from the list.
MacFixIt explains, “This will cause your portable to connect only to trusted networks, refraining from automatically joining networks without user permission.”
More in the full article here.
See also MacFixIt’s “10 simple steps for securing your Mac“
Is your Wi-Fi vulnerable to attack? – August 04, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006