toggle

AAPL Stock: 98.15 ( -0.23 )

Printed from http://www.macnn.com

Hackers to hijack MacBook via Wi-Fi

updated 01:50 pm EDT, Wed August 2, 2006

Hackers to hijack MacBook

Two hackers today are planning to take complete control of a MacBook at a Black Hat presentation. Jon "Johnny Cache" Ellch and David Maynor have targeted a specific security flaw in the MacBook's wireless device driver, according to a one blogger, and while the security flaw is not Mac-specific, Maynor said the hackers decided to demonstrate the exploit on a Mac due to a "Mac user base aura of smugness on security." "We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," Maynor said. "The main problem here is that device drivers are a funny mix of stuff put together by hardware and software developers, and these guys are often under the gun to produce the code that will power products that the manufacturer is often in a hurry to get to market."

Many systems running a vulnerable wireless device driver are vulnerable just by being turned on, as the wireless devices in most laptops constantly broadcast their presence to any network within range. Many wireless-enabled notebooks are even configured to automatically connect to any available wireless network.

The attack to be demonstrated today, however, is executable regardless of whether a vulnerable laptop connects to a local wireless network. The wireless card need only be active for the attack to prove successful, and because device drivers operate at such a low level within the operating system, traditional safeguards such as firewalls and anti-virus software are unlikely to stop the host system from accepting malicious probes from potential attackers.

The hackers are trying to shed light on the fact that many device drivers are developed by a peculiar mix of hardware and software developers in an environment where products are rushed to market. Such rushing of important low-level software development makes the drivers prone to security flaws due to lack of thorough code review, according to blogger Brian Krebs.

Ellch is also scheduled to discuss a new tool he is developing which remotely scans and discovers chipsets as well as driver versions of wireless devices on target computers following the demonstration. Ellch said the tool recognizes 13 different wireless device drivers so far, and breaks them down by operating system as well as firmware version.

"I'm getting this tool to the point where it can tell you not only how many people in a room are running, say, Centrino or Broadcom devices, but that 'x' number are running them on a Windows box with a specific version of the driver," Ellch said. "The useful thing for that information is that if you have a device driver exploit and it's version-specific, you could tweak [the exploit] before you launch it."

Both hackers have been in contact with Apple as well as Microsoft, and those companies are working with original equipment manufacturers as well as wireless card vendors to address the problems, according to Maynor.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. kaisdaddy

    Joined: Dec 1969

    0

    I'm planning to...

    ...take control of all computers on the planet through a very obscure bit of code that every computer built since 1972 is vulnerable to.

    OK, I haven't actually done it yet, but just like the guys in this article, I'm planning to. That should be enough to get me a writeup in MacNN, right? :-)

  1. RyanG3

    Joined: Dec 1969

    0

    What OS?

    So what OS will be running on the MacBook? I'm guessing Windows via Boot Camp.

    The "Get a Mac" ads are more about OS X than the hardware.

    The blind ignorance of these "hackers" make me want to smash their heads in with a baseball bat, then burn their eyes with a flaming Dell laptop.

  1. jedi1yoda1

    Joined: Dec 1969

    0

    Taking Control

    I'm curious as to what level of "control" they are going to achieve.

    I regularly take full control of users machines in my network with Remote Desktop. Are they going to gain that level of control if the machine they are "hacking" has the Remote Desktop Service running if they don't know the username and password. I don't see how gaining access to the wireless card is ging to "take control" of the machine, even if just on the command line level.

    From reading the linked article, it seems as if they are just going to force it on a network and force some data to it.

  1. phillymjs

    Joined: Dec 1969

    0

    Oh noes!

    The mean old black hats are going to take us down a peg! A whole peg!

    Pfft. Whatever, 1337 d00dz.

    The point about Mac security is that yes, if you're determined you're gonna get in... but that's a damn sight better than Windows, where just getting some s****** noob to click a URL in IE can be enough to take over the machine.

    ~Philly

  1. Zak Nilsson

    Joined: Dec 1969

    0

    What exactly?

    So are they going to be "hacking" a Mac that has File Sharing turned on? With no password? And Remote Desktop turned on? I'm interested to hear the specifics of how they're supposedly going to "control" this Mac. Have they said anything about that? Does anybody know?

    Because to me, this is sounding a lot like another one of those "Hey look I can 'hack' your Mac as long as I have access to a local account and all the sharing is turned on" sort of things.

  1. jpellino

    Joined: Dec 1969

    0

    Thank heavens...

    We have these wonderful individuals looking out for us. I for one feel safe as kittens knowing that our security problems are in the hands of people like this, who "decided to demonstrate the exploit on a Mac due to a "Mac user base aura of smugness on security." "We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something,"

    My mind is at ease that they have the best interests of the user community at heart, and that they are truly mature individuals exhibiting the sort of professionalism that will have them go far in their chosen technical field.

  1. jasonsRX7

    Joined: Dec 1969

    0

    so why

    Why is being smug about Mac security any worse than being smug about Unix or Linux security? Users of those platforms often tout their security features.

  1. brlittle

    Joined: Dec 1969

    0

    because

    Why is being smug about Mac security any worse than being smug about Unix or Linux security? Users of those platforms often tout their security features.

    Because users of those systems are l337, and u r not.

    Or something equally stupid. I'm interested to see the results, but skeptical that this will turn out to be anything that presents real danger to a user's data.

  1. JulesLt

    Joined: Dec 1969

    0

    Pizza

    >Why is being smug about Mac security any worse than >being smug about Unix or Linux security? Users of those > platforms often tout their security features. Because we have attractive girlfriends/boyfriends, while they have beards and pizza?

  1. nat

    Joined: Dec 1969

    0

    uh

    as opposed to MS's blatant lie

    "Secure by design, default and deployment".

    Yeah, that's not too obnoxious.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Adesso Xtream S3B Bluetooth speaker

Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

toggle

Most Commented