The curious case of the supposed Apple MacBook Wi-Fi hack

“So remember a few weeks ago when Brian Krebs posted a report titled ‘Hijacking a MacBook in 60 Seconds or Less’ on his Washington Post computer security weblog? He reported on a supposed Wi-Fi security exploit demonstrated at the Black Hat security conference, wherein ‘security researchers’ Jon Ellch and David Maynor hacked into a MacBook via Wi-Fi,” John Gruber writes for Daring Fireball.

Gruber writes, “The Washington Post’s Brian Krebs seems to have painted himself into a particularly uncomfortable corner. It was Krebs who broke the original story, and it was Krebs who gave it the made-for-Digg headline ‘Hijacking a MacBook in 60 Seconds or Less.’ It was Krebs who then wrote, in a follow-up:”

During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.

I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.

Gruber writes, “It is becoming more and more clear that the reporting Krebs “stands by” is false. Maynor and Ellch, I believe, have discovered no such exploit against a stock MacBook. And if I’m right, not only has Krebs blown the story with regard to the security of the MacBook, he has also impugned the integrity of Apple by publishing the claim that the company “leaned on” Maynor and Ellch — an accusation Krebs published without evidence, without details regarding what exactly constituted “leaning on”, and without comment from Apple.”

Full Gruberlicious article here.

Related MacDailyNews articles:
SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacking?’ – August 18, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006

26 Comments

  1. I think that this is a perfect example where rendition is needed. Let’s deliver the individual involved to Pakistan where folks are trained in the finer arts of extracting the truth. After a few weeks of we can all be certain who is lying or not. Until then….

  2. (another!) Great article by Gruber. Hopefully all the morons involved in this charade will get their comeuppance. I can’t wait to see what the “fireworks” will consist of. Gentlemen, light your cigarettes!

  3. I think this pretty much proves that Apple’s new commercials are ticking of all the right people. To quote from Moulin Rouge, “The jealousy has driven him MAD!”

    In this case, people like Maynor, Krebs, and especially George Ou are just bottled up bags of superheated rage and jealousy about the Mac. We can now sit back and enjoy all the hot air they are expending as they continue to make bigger fools of themselves.

    With 20 more “I’m a Mac” commercials on the way, the show is just getting started! Who says the commercials aren’t working?!

  4. I think this is an open and shut case. The Macbooks wireless cards are so far proven innocent of any security faults. No proof has been put forth so it is innocent until proven guilty. And from what I’ve read I wouldn’t worry about Apple’s security as it seems this supposed experts have to cheat and hack to try and prove something that is simply a flat out lie!

  5. The MacBook Wi-Fi crack is real, it’s a purposeful flaw in driver software that’s written by another company.

    It’s Uncle Sam’s “backdoor”, just like the CISCO router “flaw” was too.

    Apple uses another company to write their driver software as to deflect blame from itself if it’s discovered.

    It wasn’t Apple that leaned on those security researchers, it was the US Government.

    http://www.eff.org/Privacy/printers/docucolor/

  6. “Sputnik”! That’s the name of the “real IT world” moron that used to troll around this site.

    Thanks, Mike K.! I’ve been trying to remember that dolt’s name for a couple of months now, so many thanks, indeed!

  7. I emailed SecureWorks earlier today to express my outrage at what was happening.

    Apple really should this time take them to the cleaners… in this case it is easy to see that they ARE the enemy!

    Well said above: the Mac/PC adverts ARE working!!

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.