David Chartier reports for TUAW, “Remember those hackers in the Washington Post story who claimed to have hacked a MacBook’s wireless drivers to gain control of it? Then remember the follow-up story where the author, Brian Krebs basically, um, how shall I say: ‘slightly falsified’ his way through backing up the original story with excuses that the flaw does exist in Apple’s drivers, but Apple ‘leaned’ on them not to publicize this so they decided to use a 3rd party card? Finally, remember how, in the original article, David Maynor, one of the hackers, is quoted saying ‘We’re not picking specifically on Macs here, but if you watch those ‘Get a Mac’ commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something.’ Boy, that sure doesn’t betray any sense of ‘I am going to lie, cheat and steal to prove whatever I want’ bitterness, does it?”
Chartier reports, “Sounds like SecureWorks, the company who sponsored all this Mac hackery, is finally fessing up to their falsification and admitting that they, in fact, did not find the flaw in Apple’s drivers, and that they used a 3rd party card and software to facilitate the exploit.”
Full article here.
SecureWorks’ statement:
This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers. Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver – not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available.
Full article here.
Thomas Claburn reports for InformationWeek, “Apple sees the clarification as vindication. ‘Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is,’ Apple spokesperson Lynn Fox said in a statement. ‘To the contrary, the SecureWorks demonstration used a third party USB 802.11 device – not the 802.11 hardware in the Mac – a device which uses a different chip and different software drivers than those on the Mac. To date, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship.'”
Full article here.
Earlier this week, The Washington Post’s Brian Krebs wrote, “I’ve been asked this many times, so let me make this crystal clear: I had the opportunity to see a live version of the demo Maynor gave to a public audience the next day. In the video shown at Black Hat, he plugged a third-party USB wireless card into the Macbook — but in the demo Maynor showed me personally, he exploited the Macbook without any third-party wireless card plugged in. As far as I’m aware, only one other person at the conference saw the demo the way I saw it (a Black Hat staff member whom I’m not at liberty to name); the discrepancy over the wireless card is probably the biggest reason why the Mac community was so confused and upset by my original post. I tried to clarify that in a follow-up, and am posting the contents of that interview — verbatim — to give the public all of the information I have about this particular exploit.”
Full article here.
MacDailyNews Take: Shouldn’t Apple seek some sort of recourse? Some monetary compensation and/or public apology or at least a shot at stabbing these bozos in the eyes with lit cigarettes or something?
Contact:
Related articles:
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006
jerks
No recourse needed. Let’s not give them any more attention. The truth is known.
Sad. Hope that their “credibility”, if they had any, is gone now.
Good buy old job, hello “Would you like Fries with that”
If I remember correctly (and I do), the guy said in the video that he was using a 3rd party wireless card and that the problem was not specific to Macs. In fact, that was his preface to the whole thing, and then he repeated that at the end of the video….
They could go after them and get about 4 cents after legal feels are paid, so the only gain/loss would be in the court of public opinion. I doubt this retraction will get nearly as much publicity as the original story but a libel suit against these guys by Apple might make it a bit more newsworthy, but with lega action Apple risks looking like a lawsuit-crazy bully.
No one in the main stream press will pick up on this nugget of information. From here on out we will hear about how a macbook was highjacked in 60 seconds and then have to correct everyone. Then, when we point out this fact somehow we will be labeled as smug. Facts really get in the way of winning a battle for some people. Curse you factual information. Damn you to Hell!! (in my best heston impersonation)
Definitely! Should sue SecureWorks and these guys personally. Need to deter this kind of devious behavior because it damages the company’s reputation. Unfortunately, probably can’t sue Washington Post but should demand a retraction.
AND, why would anyone need a 3rd party wireless card for a Mac laptop?
Apple should sue them for defamation. If they lied and the lie is exposed then Apple should make this public, and what better publicity then a law suit.
The day I meet those guys in person is the day that I’ll vent my steam on them…!
Why would anyone need a third party wireless card for a Mac laptop? That question might be appropriate for those running current gen’ laptops with wireless standard. But some of us have older laptops (like my Pismo) which don’t have wireless. Airport cards for this model are no longer made, and are only available (usually at a high price) from the used (e.g. eBay) market. So we have to rely on third party cards.
Yea a lawsuit now might take the press’ attention away from the stock “irregularities”.
Funny, telling everyone you hijacked a MacBook makes page 1, fessing up you were full of it makes page 6.
Wow, so noble of them, not to tell us what 3rd-party card is vulnerable, after feeling no qualms about smacking Apple.
Uhh.:
If I remember correctly (and I do), the guy said in the video that he was using a 3rd party wireless card and that the problem was not specific to Macs…
Well that’s true. They did say that.
They’ve since said,“…they, in fact, did not find the flaw in Apple’s drivers…” So, you know, they uhh, lied. For publicity. For vengance. For cheap thrills. For who cares why.
Grapho, I agree.
THAT would be a lawsuit worth filing, after the weak lawsuits Apple had launched lately.
I love Apple, but nobody’s perfect.
Apple legal should DEFINITELY sue them personally as well as their company. These guys are adults and knew what they were doing. Most importantly, this would deter other a**holes from similar BS.
if their mac card died.
This “new” SecureWorks statement merely restates what they’ve said before, omitting certain other statements. There’s no definitive admission that their exploit will not work with a stock MacBook. Their statement refers to their original presentation, and not to the capabilities of their exploit.
I think their entire presentation was B.S., but I also think this falls far short of “‘fessing up.” Apple Legal needs to drill a new orifice for these guys, and for the Washington Post and their reporter.
Apple, sue them!
It does not matter if they can’t pay. It matters that they suffer. And, it matters that other idiots will think twice before pulling a stunt like this.
“If I remember correctly (and I do), the guy said in the video that he was using a 3rd party wireless card and that the problem was not specific to Macs. In fact, that was his preface to the whole thing, and then he repeated that at the end of the video….”
Yeah, but didn’t he also specifically said that Apple’s wireless software/drivers were also vulnerable? Let’s see a demonstration of them getting through Apple’s wireless. Until then it’s pretty clear that they just lied.
“The day I meet those guys in person is the day that I’ll vent my steam on them…!”
The day I meet them in person is the day I’ll start smoking cigarettes.
Another reason to perhaps use third party wireless cards is to compensate for the woeful AirPort reception in certain PowerBook G4s. There was a period of over a year where iBook AirPort reception trounced that of PowerBooks shipping at the same time, due to the nature of internal antenna placement.
and since every MacBook and MacBook Pro is sold with wireless built in, there would be no reason for any mac users to be using the third party device they used for the so-called exploit…
What was their point again? yawn.
Hey Follower,
But the MacBooks and MacBook Pros have really great wifi, according to everything I’ve read. Many reviews have gone out of their way to point this out. SO unless your wifi is broken and you don’t want to pony up to have it fixed there would never be any reason to use a 3rd party wifi card. Unless you wanted attention to your just-another-windows-pc security flaw story by making it seem that the hottest new laptops on the market are susceptible.
I like this:
We’re not naming the 3rd party until they release a patch but hey, we had no qualms letting it be known that Apple’s Mac Book Pro was not secure.
Hypocrites…