“By now you’ve likely read much coverage regarding the now infamous ‘MacBook Wireless Hack’ — a video that was publicly exposed at the Black Hat security conference purportedly showing a standard MacBook (with a third-party wireless card) being compromised by a Dell laptop within wireless range,” MacFixIt reports.
“In a nutshell, the controversy regarding this video is such: The security flaw exploited in the video is performed using a third-party, USB-based Wi-Fi card, not the MacBook’s native, built-in AirPort hardware/software. However, the creators of the video claim that the MacBook’s hardware is similarly susceptible, but no demonstration was carried out using the native hardware due to ‘pressure’ from Apple,” MacFixIt reports. “Without an explanation of the actual exploit, and in the absence of any commentary from Apple, it is impossible to speculate whether or not the MacBook’s native hardware is actually vulnerable to this flaw as claimed.”
“Another point of consideration is the level of access afforded by this hack. In the video demonstration, the hostile Dell machine was able to access user-level functions only. There was no indication as to whether any admin or root-user level tasks could be accomplished,” MacFixIt reports.
MacFixIt offers an easy recipe to plug this “security hole” – never join untrusted wireless access points:
• Open System Preferences and navigate to the Network pane
• Select Airport, and click “Configure”
• Go to the Airport tab
• From the “By default join” menu, select “Preferred Networks” rather than “Automatic”
• Next delete all non trusted networks from the list.
MacFixIt explains, “This will cause your portable to connect only to trusted networks, refraining from automatically joining networks without user permission.”
More in the full article here.
See also MacFixIt’s “10 simple steps for securing your Mac“
Related articles:
Is your Wi-Fi vulnerable to attack? – August 04, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006
a Mac wireless driver exploit. As you know, Apple’s drivers are made by a third party company.
What are you spouting off impudently ?
Either it is a Mac wireless driver exploit, hence wi-fi drivers are made by Apple, or it is a wireless driver exploit, driver made by third party company, hence an exploit that would work with whatever OS and brand of hardware.
That is a Mac wireless exploit has been quickly debunked: the MacBook needed to have internal files modified, use a BSD wireless external card and connect to the wi-fi network using the shell explicitly. You’re right: just what Mac users do. LOL.
They refused, REFUSED, to demonstrate the hack on a different MacBook without them interfering with it before hand claiming Apple bullied them.
Oh yeah? So how comes Apple allowed them to use a MacBook AT ALL if they are so mean with little boys?
Finally, it is not Apple drivers that are done by third party company. It is the drivers for wireless cards using the Atheros chip set which is used by each and every one PC manufacturer in the world.
Mac wireless driver exploit? Either you are a so naive to gobble everything you read or you are just drooling over the FUD bandwagon always very active against everything Apple.
I suppose the latter, otherwise, I have a nice property in Rome. Very famous: Coliseum. Nice assured revenue. Interested?
Daring Fireball has a good take, summing it all up:
http://daringfireball.net/2006/08/krebs_followup
By the way, do you also reply to eBay, CitiBank, HSBC emails claiming to re-enter your account details for verification purposes?
Seems so.
Do your own research guys. Google is your friend:
“The target machine needs to have the rootkit installed before the hack can be performed.”
So much ado about nothing (on the Mac, on other systems it is confirmed it works with the builtin wireless cards)
What I think is more important is the fact that these guys chose to demonstrate the vulnerability on a Mac, instead of a Windows or Linux machine, which are also vulnerable to the exploit. The presenters cited the “Mac userbase aura of smugness on security” and the recent ads as their reason for choosing a Mac as their guinea pig and – what’s more – a previously hacked Mac using an external third party wifi card.
Just this motivation alone is enough to call spade a spade. Let me spell it out for you, so you better understand: M-O-R-O-N-S
It’s an advertisement ! and a good one, every people speak about it, are infuriating or in laugh thanks to it. It is a good ads. “speak about me, bad or good , but speak about me”.
Of course apple can do EVERYTHING better than the competition, and the toyota is SO much better than general motors or ford. Of couuuurse, it’s the wonderful world of advertisement, not a documentary, idiots.
Go back to earth, please, and next time avoid to cover your ass from being unable to show the hack truly on a MacBook without claiming “Boohhohh, we would like to but Apple was mean to us and said don’t”.
Pfffff
The wireless access point, where the MacBook had to connect to using a third party USB card was…. on the Dell laptop ITSELF USED TO RUN THE HACK.
That is, it was done using a computer-to-computer wi-fi network.
What are we still talking about? How does taste the cheese the moon is made of?
I agree. The whole thing is fishy from beginning to end. So the dudes were brave enough to show an exploit which affects the MacBook (and all other OSes, BTW) but not brave enough to hack the Airport drivers? How could they use a MacBook and then claim that Apple told them not to do stuff with it? Talk about wanting to be the “tough guy screw ’em all hacker” and the “little baby victim” all in one go. Whatever.