“By now you’ve likely read much coverage regarding the now infamous ‘MacBook Wireless Hack’ — a video that was publicly exposed at the Black Hat security conference purportedly showing a standard MacBook (with a third-party wireless card) being compromised by a Dell laptop within wireless range,” MacFixIt reports.
“In a nutshell, the controversy regarding this video is such: The security flaw exploited in the video is performed using a third-party, USB-based Wi-Fi card, not the MacBook’s native, built-in AirPort hardware/software. However, the creators of the video claim that the MacBook’s hardware is similarly susceptible, but no demonstration was carried out using the native hardware due to ‘pressure’ from Apple,” MacFixIt reports. “Without an explanation of the actual exploit, and in the absence of any commentary from Apple, it is impossible to speculate whether or not the MacBook’s native hardware is actually vulnerable to this flaw as claimed.”
“Another point of consideration is the level of access afforded by this hack. In the video demonstration, the hostile Dell machine was able to access user-level functions only. There was no indication as to whether any admin or root-user level tasks could be accomplished,” MacFixIt reports.
MacFixIt offers an easy recipe to plug this “security hole” – never join untrusted wireless access points:
• Open System Preferences and navigate to the Network pane
• Select Airport, and click “Configure”
• Go to the Airport tab
• From the “By default join” menu, select “Preferred Networks” rather than “Automatic”
• Next delete all non trusted networks from the list.
MacFixIt explains, “This will cause your portable to connect only to trusted networks, refraining from automatically joining networks without user permission.”
More in the full article here.
See also MacFixIt’s “10 simple steps for securing your Mac“
Related articles:
Is your Wi-Fi vulnerable to attack? – August 04, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006
I will have root access very very shortly
root is not there by default. And with user level only the account cannot be activated.
Concerning having the user giving… the majority does not even know about a root level, and even more so have the full BSD parts installed (optional install). There is simply nothing to get on a vanilla Mac OS X install: the BSD part that could give you that is simply not there by default, that is on the majority of Macs.
Those who have installed most probably know what they are doing and are not naive with respect to security, most probably ex-Linux users and developers themselves.
As it turns out the hack described does not apply to MacBooks as it relies on third-party wireless hardware rather than the wireless cards supplied by Apple. Pressured by ZDNet journalist “Maynor said the MacBook used in the demonstration was not using the wireless gear that shipped with the computer.”
The hack, so far, only works if the Mac uses the third party wireless card, not the built-in Airport.
First, They work for (or are) the company “SecureWorks”. This is much like Norton telling you how vulnerable your computer is. They have an obvious ulterior motive… purely a financial one with free advertising. His blatant and arrogant displaying of the Apple logo shows an intent other than purely scientific.
Using a USB wireless card when NO ONE with such a Mac uses anything but the much more easy to use and configure, built-in, FREE internal card.
He also already was accessing the Mac’s UNIX shell in order to make a connection and gain access.
He claims that all wireless cards have this vulnerability, but he obviously was NOT unable to do it with the Airport wireless card built into the Mac, or else he would have used it! He, also, couldn’t do it with the MacBook just sitting there. It HAD to be connected via the UNIX shell.
So, he may be right. If you leave your Mac open and available, using the shell to access a wireless connection via a 3rd party USB wireless adapter (and totally ignoring your much better and faster built-in Airport card and its associated very easy to use software), you MAY be vulnerable to this type of attack.
Heh. “133t h@xx0r” says Apple security is a joke. I’ve heard this so many times. Forgive me if I don’t keel over in fear. Yes, that’s right, Apple’s security is useless. Mass hackings of Macs will begin happening any day now. Yep, here they come. Lots of hackings. Aaaaaaaaany day now. You just wait.
Look, any computer is vulnerable to a professional, targeted attack. But how many of us will ever be subject to such an attack? The day-to-day security danger is from worms and trojans, broadly attacking everything in sight. Apple’s security is rock-solid against those threats.
only tools like 133t that drool over every FUD about Macs can gobble this.
If AirPort is similarly vulnerable, show us that exploit, maybe it is true but it’s just too fishy that they went out of their way not to show it.
I will have to see it to believe it and I am not buying the reason given for not showing it. Apple bullying them not to use the builtin Airport? Why not bullying them NOT TO USE A MACBOOK then?
Are you all stooopid or what?
the BSD part that could give you that is simply not there by default, that is on the majority of Macs.
Is this a test? You say something that isn’t true so I correct you?
95% of Mac OS X machines out there are over 10.4 and over, the BSD subsystem is installed by default, like it really has anything to do with a wireless driver exploit.
Really, who needs the BSD subsystem to use this wireless exploit on a Windows b0x?
I’ll mimick your nick
Whatever, bye.
Does this Moscone hall banner picture say:
Mac OS X Leopard
Introducing Vista 2.0 ????
http://www.flickr.com/photo_zoom.gne?id=207241438&size=l
Your guess is as good as mine………Could be a fake – worth a look though.
I will part with something for you to think about.
A lot of flaws in Mac OS X is because of what Apple put on top and fudged around with in the already secure Unix underpinnings.
launchd for instance.
The reason Apple grabbed a already secure OS is because they couldn’t spend the money to secure their own. They shoehorned NeXT on top of Unix.
So since Apple doesn’t have the money to secure their OS, it means good old Uncle Sam with his deep pockets can find all the flaws in Mac OS X, which this juicy information is at first jealously hoarded by the “very elite” government hackers.
In fact my posts here have triggered one wise ass and they just breezed through earlier today.
Hey wise ass! You should have taken a moment to admire my pr0n collection instead of just snatching my hash file!
Oh well, here’s a thanks to Uncle Sam for giving me such a good electronics warfare training.
With that I say goodbye.
Mac OS X Leopard
Introducing Vista 2.0 ????
That’s no fake, it’s a swipe at Windows Vista because they copy the Mac OS. It’s even more of a swipe because Vista 1.0 hasn’t even shipped yet.
hehehehe
When Mac OS X “Tiger” was released Apple had banners saying “Introducing Longhorn”, which was Vista’s code name.
Nice catch by the way, thanks for showing us.
told people about a new tool he’s developing that can remotely scan and figure out the chipset and driver version of a wireless device on a target computer. So far, Ellch said the tool currently recognizes 13 different wireless device drivers, breaking them down by operating system and firmware version.
Although I don’t entirely agree with l33t haxxor and his postings of this information, I can tell you the US Government (and many others) have had this sort of technology for years.
The other banner says “Welcome to the right platform”
So this is going to be a big swipe at Vista.
Of course some might view this as fear on the part of Apple.
YES:
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
(If you’re a girl, you must be incredibly popular.)
I got all excited by your post and tried your method out on a (puke) XP Dell that my company forced on me. Unless I’m doin’ something wrong, it doesn’t work. I hit F8 at startup (and chose “Safe Boot”) but it still comes up with a password screen (after first filling the monitor with all kinds of DOS-looking crap that gave me a serious’ ’80s flashback). So is that trick only for 2K or did I pick the wrong option after F8 ?
And speaking of hacking your way through the tissue paper that is “Windows Security”, does anyone know about the Linux floppy boot disk that can change or clear the password on any version of NT and Win2K? I have it and it works but I was wondering if anyone knows whether it’s been updated for XP (or better still, the alleged “Vista”).
I was at Defcon during the presentation where they did the demo (ran the video). The hack involved the drivers for the third party USB wireless device. It resulted in a root level compromise since the hack happens at the kernel level. No need to elevate your permissions, you’re already root.
They did not clearly explain why they used the third party USB wireless adapter instead of the built-in Apple wireless device.
They only showed the video to prevent users in the presentation from using a sniffer to capture the attack. Otherwise the actual hack would of been already out in the wild.
OH WOE IS MEEEE!!!
Forgive me dear brothers of the faith for I have sinned!
I was temptated by the dark side of the force today,
yes, yes, I have sinned, I used a HeLL device coupled with
that abomination of a OS called Windoze
Oh brothers of Apple, it was horrible!!!
I attempted to use the mouse and it would jump all over,
the resolution was horrible, the graphics cheap and the text
was so hard to read
I attempted to perform a simple search for my .mac page
but atlas I forgot my address!
Surely combining .Mac and my nickname would produce the
results in MSN. BUT NOOO!!!
Oh dear brothers and sisters, please forgive me
I have learned a painful lesson and will never touch
such REDMOND EVIL SPAWN machines again..
I have repented by kissing and cleaning my Mac.
Uhm, Repentent Sinner, you might want to “repent” in the opposite order next time. Especially if you have a bird as I do.
Syphilitic aspirin grass comanche ding-dong doo.
the BSD subsystem is installed by default
Wrong. Only part of it. Next try.
PS
Ever tried to work on OS X Unix without installing the optional BSD components? Guess not.
The reason Apple grabbed a already secure OS is because they couldn’t spend the money to secure their own.
Not enough money like over 8 BILLION $ cash and no debt?
UHAHAHAHHEUHUHHAHHAHAHUEHUHAHAH
So since Apple doesn’t have the money to secure their OS
HUHHAHHAHHUHHEHHEHHEHAHAHAHAHAHAHAHAHAHAHAHHA
“doesn’t have the money….”
HAHHAHHAHUHHHAHHUHHUHHUHAHAHAUHHA
What a tool.
For your info, there is an entire department in Cupertino devoted to do just that: crack into OS X in all possible and known ways. And this on top of Leopard development.
here’s a thanks to Uncle Sam for giving me such a good electronics warfare training.
Don’t forget your aluminum helmet at night, we’ll snatch more than your hash file.
who needs the BSD subsystem to use this wireless exploit on a Windows b0x
And who in the world had said that? Troubles in reading and comprehension?
Although I don’t entirely agree with l33t haxxor and his postings of this information, I can tell you the US Government (and many others) have had this sort of technology for years.
Which does indeed tell that such sensationalistic hack is just that… sensationalistic.
PS
They are still unable to show it works on a regular MacBook, not one that has been slightly modified, use a USB wireless card and access wi-fi network from the shell.
PPS
Just what 100% of MacBook users don’t do
They did not clearly explain why they used the third party USB wireless adapter instead of the built-in Apple wireless device.
A news update says Apple leaned pretty hard on them not to expose this for what it truely is, a Mac wireless driver exploit. As you know, Apple’s drivers are made by a third party company.
My theory is, just like Cisco router backdoors, NSA wiretaps in the internet backbone, and Xerox color copy markings, that this “exploit” is actually Uncle Sam’s private little door.
This exploit has been “in the wild” for quite some time in the under ground community. It’s just that it’s been abused so much that it’s time to “expose it” and a new one put into it’s place.
How better to do this than by alerting the public they have a exploit, so everyone updates with a patch which establishes a new backdoor for Uncle Sam and shuts everyone else out?
All the lemmings go back to thinking thier machines are secure again.
A news update says Apple leaned pretty hard on them not to expose this for what it truely is, a Mac wireless driver exploit. As you know, Apple’s drivers are made by a third party company.
So Apple has been pretty hard on them “Dare not to use the MacBook builtin wirelss or else… but then you may say it actually is easy to be compromised as well.”
Else what? We rescind your ADC subscription?
Pleeeaaaseeeee. One has to be idiot to believe that. Apple leaned pretty HARD and they used a MacBook? Why not “You are not to use a MacBook” instead?
Total BS.
How better to do this than by alerting the public they have a exploit, so everyone updates with a patch which establishes a new backdoor for Uncle Sam and shuts everyone else out?
Since Mac users apply patches from Apple without missing a bit, who needs this?
PS
Don’t forget to wear your aluminum helmet when you venture outdoor.
ZDNet pressured them. The MacBook is not affected without manual intervention to internal files. Without intervention they have not been able to demonstrate the hack to the ZDNet reporter with his MacBook (brought in for the test)
MDN “hear” as in: Hear hear hear
A news update says Apple leaned pretty hard on them
News update my ass. They have been saying this from the very beginning.
The real news is that when asked to demonstrate the hack on a MacBook (unaltered by the so-called hackers) they refused claiming people could sniff out their hack.
Whatever.
And I just have dinner with Steve Jobs weekly but Apple leaned pretty hard on me not to say where.