Mac Wi-Fi hijack demonstrated

“Is the book on the Mac Wi-Fi hijack saga finally being closed? David Maynor, chief technology officer at Errata Security, at the Black Hat DC event here on Wednesday broke the months-long silence on a controversial Mac hack. He also said he plans to publicly release computer code used in that attack,” Joris Evers blogs for CNET.

“Maynor did offer an apology,” Evers writes. “‘I screwed up a little bit,’ he said. There was a lot of confusion around the Mac hack because the original presentation used a third party Wi-Fi card. However, Maynor and Ellch had in fact also found flaws in Apple’s own hardware, he said.”

Evers writes, “Maynor demonstrated a Mac Wi-Fi hack on stage on Wednesday. His MacBook running Mac OS X 10.4.6 crashed while scanning for a wireless network and coming across rogue code Maynor was pushing out from a Toshiba laptop. While the attack he demonstrated only caused a crash, it could also be used to run code on the Mac, he said.”

“Apple fixed that particular problem in September with Mac OS X 10.4.8, Maynor said,” Evers writes. “‘I did provide the information on vulnerabilities in Apple products, I provided them with code and they were given packet captures,’ he said. In the future, Maynor said he won’t work with Apple. ‘I do not feel comfortable keeping relations with the company and will not report future findings to them,’ he said.”

Full article here.

[Thanks to MacDailyNews Reader “oh my” for the heads up.]
Whatever. The only thing demonstrated was a crash to an old, unfixed Mac OS X version. How about demonstrating an actual hijack? Thought so. This whole fiasco would make us want to stab Maynor in the eye with a lit cigarette or something, if only we cared one iota. And Maynor is a little baby. Apple will survive without Maynor’s dubious reports of future findings.

Related articles:
The curious case of the supposed Apple MacBook Wi-Fi hack – August 21, 2006
SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacking?’ – August 18, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006


  1. If anyone actually meets this guy. make sure you hit him as hard as you possibly can, right in the Face. and say i need to report to everyone how your broken bones broke when i hit you. Its for the better of the world!

  2. Clearly Maynor is an asshole. What possible good could it do to NOT report an error or vulnerability? MDN is right he’s a baby whose immature response to what is likely Apple’s wish to NOT have these exploits widely publicized is natural.

  3. And stick a cigarette in his eye.

    “‘I did provide the information on vulnerabilities in Apple products, I provided them with code and they were given packet captures”

    However, I’m sure Apple knew about the problem well before he sent his precious packet captures. He’s just upset because he THINKS they didn’t know before and should have put his name as the finder.

    I think we can give up hope that he’ll ever “grow up” because acting the way he does nets him the much needed attention that he never got from Apple…or his mother.

  4. Message to David Maynor…

    It helps a lot when you’re trying to “work with someone” if you don’t greatly embellish the so called facts and sensationalize your findings to make them sound far more consequential than what they truly are. What you did was nothing more than an ill attempted publicity stunt aimed at your own personal gain. So now you’re pissed because Apple and everyone else could see right through your pathetic motives. Too bad pal, none of us give a damn.

  5. i know … I got a big laff outta it too !!

    enjoy !!

    MW= “business” …. As in “More FUD …business as usual, I guess” — ” width=”19″ height=”19″ alt=”LOL” style=”border:0;” />

  6. “While the attack he demonstrated only caused a crash, it could also be used to run code on the Mac, he said.”

    So, any proof of this code running capability Maynor, or is it all BS like the first time?

    Honestly, the use of the word ‘could’ in that sentence immediately made his point invalid.


  7. Everything can be hacked – Geez. And let’s see, its only taken six months of working eight hours a day to get a wi-fi vulnerability to crash a Mac running an obsolete version of OS X. He in turn reported it to Apple, it was fixed (whether it was due to Maynor’s work or not we simply don’t know), and so now… what?

    I mean what are we doing here? Is all of this trying to hack the OS and it’s peripherals sole motivation to pooh pooh the Mac in general? Apple in general? Again, even the dumbest of us can deal with the reality that everything can be hacked… soooo… again, what?

    I think that motive and intent should be clearly stated by individuals and groups that are currently out hacking, apparently freely and openly (is that ok? is that ok if you’re doing it to Windows?), so that we’re not left punching in the dark. If individuals and groups are just trying to beat the alleged smugness out of Mac users then I don’t think this stuff should even be allowed – I think somebody needs to go to jail.

    If on the other hand individuals and groups are intending to work harmoniously with Apple and Macintosh users to assist in furthering the stability and near invulnerability of the best OS available to computer users today, then more power to you. I have yet to see any of this amazingly legalized hacking take place for this explicit reason. I have yet to see anyone or group state any real altruistic goals for all of this apparently counter-culture effort. Is this Maynor person on the payroll of Norton? MS? Is he independently wealthy? Again, WHAT?

    MW “free”: as in free to do whatever the fsck you want to as long as its not Windows…

  8. Anyone can hack their own computer.

    He said months ago he could hack a Mac. It took him months to prove it. The first attempt was bogus.

    Seems to me it took him a long time to set up the actual demo on a computer he’s had access to for all those months.

    I call bullshit.

  9. “….Honestly, the use of the word ‘could’ in that sentence immediately made his point invalid.

    Jim …

    correct me if I’m wrong… but wouldn’t he also need the Root Password to run his “code” on the Mac ?

    seems like more FUD from the WinCrap apologists

  10. As I understood the mechanics of the hack, it actually required the third party card to be added in addtion to the Macbook’s Airport card. The hack actually attacked the third party card to gain entry to the Mac, destroying it in the process. The hack had then connected to the Airport card, but still needed a password, or the requirement for one dropped to do any damage.
    Sounds like someone was reaching.

    MDNW Deeeeeeeeeeeeeep

  11. @oh my,

    Yes he probably would. And it could work. But it also could not work. It depends on the environment. And there is a possibility it might break the hack. And maybe then we could be a little less VAGUE!

    Can’t stand pricks like Maynor, who are so sure of themselves they use words like ‘could’, ‘possibly’, ‘probability’, ‘potentially’. If he’s so sure of his ‘work’, why doesn’t he at least use convincing language to back it up?

    Answer: he’s a bullshitter.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.