SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacking?’

David Chartier reports for TUAW, “Remember those hackers in the Washington Post story who claimed to have hacked a MacBook’s wireless drivers to gain control of it? Then remember the follow-up story where the author, Brian Krebs basically, um, how shall I say: ‘slightly falsified’ his way through backing up the original story with excuses that the flaw does exist in Apple’s drivers, but Apple ‘leaned’ on them not to publicize this so they decided to use a 3rd party card? Finally, remember how, in the original article, David Maynor, one of the hackers, is quoted saying ‘We’re not picking specifically on Macs here, but if you watch those ‘Get a Mac’ commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something.’ Boy, that sure doesn’t betray any sense of ‘I am going to lie, cheat and steal to prove whatever I want’ bitterness, does it?”

Chartier reports, “Sounds like SecureWorks, the company who sponsored all this Mac hackery, is finally fessing up to their falsification and admitting that they, in fact, did not find the flaw in Apple’s drivers, and that they used a 3rd party card and software to facilitate the exploit.”

Full article here.

SecureWorks’ statement:
This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers. Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver – not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available.

Full article here.

Thomas Claburn reports for InformationWeek, “Apple sees the clarification as vindication. ‘Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is,’ Apple spokesperson Lynn Fox said in a statement. ‘To the contrary, the SecureWorks demonstration used a third party USB 802.11 device – not the 802.11 hardware in the Mac – a device which uses a different chip and different software drivers than those on the Mac. To date, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship.'”

Full article here.

Earlier this week, The Washington Post’s Brian Krebs wrote, “I’ve been asked this many times, so let me make this crystal clear: I had the opportunity to see a live version of the demo Maynor gave to a public audience the next day. In the video shown at Black Hat, he plugged a third-party USB wireless card into the Macbook — but in the demo Maynor showed me personally, he exploited the Macbook without any third-party wireless card plugged in. As far as I’m aware, only one other person at the conference saw the demo the way I saw it (a Black Hat staff member whom I’m not at liberty to name); the discrepancy over the wireless card is probably the biggest reason why the Mac community was so confused and upset by my original post. I tried to clarify that in a follow-up, and am posting the contents of that interview — verbatim — to give the public all of the information I have about this particular exploit.”

Full article here.

MacDailyNews Take: Shouldn’t Apple seek some sort of recourse? Some monetary compensation and/or public apology or at least a shot at stabbing these bozos in the eyes with lit cigarettes or something?

Contact:

Related articles:
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006

63 Comments

  1. If I remember correctly (and I do), the guy said in the video that he was using a 3rd party wireless card and that the problem was not specific to Macs. In fact, that was his preface to the whole thing, and then he repeated that at the end of the video….

  2. They could go after them and get about 4 cents after legal feels are paid, so the only gain/loss would be in the court of public opinion. I doubt this retraction will get nearly as much publicity as the original story but a libel suit against these guys by Apple might make it a bit more newsworthy, but with lega action Apple risks looking like a lawsuit-crazy bully.

  3. No one in the main stream press will pick up on this nugget of information. From here on out we will hear about how a macbook was highjacked in 60 seconds and then have to correct everyone. Then, when we point out this fact somehow we will be labeled as smug. Facts really get in the way of winning a battle for some people. Curse you factual information. Damn you to Hell!! (in my best heston impersonation)

  4. Definitely! Should sue SecureWorks and these guys personally. Need to deter this kind of devious behavior because it damages the company’s reputation. Unfortunately, probably can’t sue Washington Post but should demand a retraction.

  5. Why would anyone need a third party wireless card for a Mac laptop? That question might be appropriate for those running current gen’ laptops with wireless standard. But some of us have older laptops (like my Pismo) which don’t have wireless. Airport cards for this model are no longer made, and are only available (usually at a high price) from the used (e.g. eBay) market. So we have to rely on third party cards.

  6. Uhh.:
    If I remember correctly (and I do), the guy said in the video that he was using a 3rd party wireless card and that the problem was not specific to Macs…

    Well that’s true. They did say that.
    They’ve since said,“…they, in fact, did not find the flaw in Apple’s drivers…” So, you know, they uhh, lied. For publicity. For vengance. For cheap thrills. For who cares why.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.