How to protect your Mac’s Wi-Fi from attack

“By now you’ve likely read much coverage regarding the now infamous ‘MacBook Wireless Hack’ — a video that was publicly exposed at the Black Hat security conference purportedly showing a standard MacBook (with a third-party wireless card) being compromised by a Dell laptop within wireless range,” MacFixIt reports.

“In a nutshell, the controversy regarding this video is such: The security flaw exploited in the video is performed using a third-party, USB-based Wi-Fi card, not the MacBook’s native, built-in AirPort hardware/software. However, the creators of the video claim that the MacBook’s hardware is similarly susceptible, but no demonstration was carried out using the native hardware due to ‘pressure’ from Apple,” MacFixIt reports. “Without an explanation of the actual exploit, and in the absence of any commentary from Apple, it is impossible to speculate whether or not the MacBook’s native hardware is actually vulnerable to this flaw as claimed.”

“Another point of consideration is the level of access afforded by this hack. In the video demonstration, the hostile Dell machine was able to access user-level functions only. There was no indication as to whether any admin or root-user level tasks could be accomplished,” MacFixIt reports.

MacFixIt offers an easy recipe to plug this “security hole” – never join untrusted wireless access points:

• Open System Preferences and navigate to the Network pane
• Select Airport, and click “Configure”
• Go to the Airport tab
• From the “By default join” menu, select “Preferred Networks” rather than “Automatic”
• Next delete all non trusted networks from the list.

MacFixIt explains, “This will cause your portable to connect only to trusted networks, refraining from automatically joining networks without user permission.”

More in the full article here.

See also MacFixIt’s “10 simple steps for securing your Mac

Related articles:
Is your Wi-Fi vulnerable to attack? – August 04, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006

56 Comments

  1. How to hack a Windows PC in 60 seconds:

    1. Log in to windows in Safe Mode

    2. Disable the welcome screen

    3. Reboot

    4. Log in as “Administrator”

    5. Change the passwords to all the other accounts on the computer

    I did this to my computer when I forgot the password. Woops.

  2. An appendix to my previous entry:

    The account “Administrator” comes preinstalled with no password, and has all administrative privileges. In order to change other accounts’ passwords, you do not have to enter the existing password for that account.

  3. This will cause your portable to connect only to trusted networks, refraining from automatically joining networks without user permission.

    IMO a setting to automatically join any network is a remarkably DUMB idea!

    Forget about Wi-Fi for a minute. Would you want your Mac to link up with any server that it comes across (or worse yet, with any server that finds your Mac)? Of course not!

    Sounds like time for a security update to clear this behavior.

  4. By golly, that’s just how I had my Airported iMac already set. Bully for me! Looks like it’s not too hard to do it right with a bit o’ common sense. BTW, I have two neighbors with WiFi. Sometimes our RoadRunner goes down (big surprise) and I just pick a name from the drop down menu and leech. Mac life be so easy.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.