Exclusive Deal While supplies last, save 40% off over 40 iPhone 5 and iPhone 4/4S cases and chargers as well as Samsung S III cases at Kensington.com. Use coupon code 'SAVE40%' at checkout to receive this exclusive discount.      
toggle

AAPL Stock: 443.21 ( + 1.07 )

http://www.macnn.com/articles/06/08/18/wi.fi.macbook.hack/

Wi-Fi hack demo used modified MacBook

updated 05:20 pm EDT, Fri August 18, 2006

 

Wi-Fi MacBook hack


Security researchers who appeared to demonstrate vulnerabilities in wireless device drivers earlier this month using a MacBook now admit that the laptop was in fact exploited using a third-party wireless device driver, not Apple's own default software. "This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers," reads a disclaimer on the SecureWorks website. "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver -- not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available." A responsible demonstration policy forbids the installation of flawed drivers to make a point, according to InformationWeek.

Apple responded to the disclaimer, acknowledging the admission as proof that its systems are not vulnerable as they were made to appear during the conference.

"Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is," said Apple spokesperson Lynn Fox. "To the contrary, the SecureWorks demonstration used a third party USB 802.11 device [...] not the 802.11 hardware in the Mac [...] a device which uses a different chip and different software drivers than those on the Mac."

"To date, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."


by MacNN Staff

Post tools:

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    08/18, 06:05pm | report spam | Reply |

    Huh?

    A responsible demonstration policy forbids the installation of flawed drivers to make a point, according to InformationWeek.

    What does that mean? If you're trying to demonstrate flawed drivers, you can't install flawed drivers? The point is the drivers are flawed....

  1. jpellino

    Fresh-Faced Recruit

    Joined: Oct 1999

    0
    08/18, 08:35pm | report spam | Reply |

    black hat?

    More like a**hat. If anything, they just made the mac community even more smug, because apparently they couldn't do this to an as-supplied OSX machine. The contention that the usb wifi dongle was just to prove it could be done on anything is smoke and mirrors.

  1. godrifle

    Fresh-Faced Recruit

    Joined: Jan 2006

    0
    08/18, 10:08pm | report spam | Reply |

    Dammit

    And I just swapped out the built-in drivers on my MacBook for third-party drivers because I *thought* the Apple drivers weren't secure.

    I *never* should have listened to a bunch of caffeine-amped wannabes.

  1. ccsccs7

    Mac Enthusiast

    Joined: Nov 2001

    0
    08/19, 05:23am | report spam | Reply |

    Lame

    That was rather lame. I mean, I can log onto my iBook server wirelessly with the command line. He didn't discuss any account setups (was remote account login enabled? How do we know he wasn't just "cheating"?)

    That whole thing with wires. If he REALLY wanted to prove anything, he'd have done it in reverse as well with the MacBook hacking the Dell—I thought that was what he was going to do, but pointing out the wireless access with "proof" was… dumb. Quite alarmist if you ask me. "Oh, look! I'm deleting your files." "Ooo! I got your secret password(s)!"

    *rolls eyes*

  1. jonbwfc1

    Fresh-Faced Recruit

    Joined: Nov 2003

    0
    08/19, 07:28am | report spam | Reply |

    hmm

    "A responsible demonstration policy forbids the installation of flawed drivers to make a point, according to InformationWeek.

    What does that mean? If you're trying to demonstrate flawed drivers, you can't install flawed drivers? The point is the drivers are flawed...."

    Yes, but the machine they demonstrated it on wouldn't have those drivers on it, so you're creating an entirely false impression. It all goes against the credibility of what you're doing and makes it look much more like a lame publicity stunt than people trying to make a serious point in an intelligent way.

    Frankly, the whole thing stinks. It's been shown to be totally unprofessional, completely opportunistic and apparently geared more towards press coverage than any sense of making the point in a calm intelligent way. Great way to give the more conscientious security professionals a really bad name. Imagine if someone had demonstrated that fitting Michelin tyres caused a particular make of car to crash, then it was found out the car they demonstrated it on is always shipped with Bridgestone tyres. The car manufacturer would have their internal organs ripped out, figuratively speaking.

    I think Apple have considerable grounds for suing these idiots. They've certainly attempted to damage Apple's reputation on a completely fabricated basis.

  1. LouZer

    Fresh-Faced Recruit

    Joined: Nov 2000

    0
    08/19, 08:00pm | report spam | Reply |

    Re: hmmm

    Yes, but the machine they demonstrated it on wouldn't have those drivers on it, so you're creating an entirely false impression. It all goes against the credibility of what you're doing and makes it look much more like a lame publicity stunt than people trying to make a serious point in an intelligent way.

    If they wouldn't have those drivers, why would they even exist? There are many reasons for said drivers to be installed (what if your airport card died?). To say they'd "never" be installed is basically telling companies not to bother making the drivers as they'll never be needed.

    But the point they were trying to make was about the security and issues with third-party drivers in the first place. They chose to do it on a mac, when they could have done it on any machine, because they knew that if they did it on a mac, people might listen (as opposed if they did it on a generic windows box, and everyone would just go "ho-hum").

    I think Apple have considerable grounds for suing these idiots. They've certainly attempted to damage Apple's reputation on a completely fabricated basis.

    So if they did this on a dell, would dell have reason to sue? And only the idiots who didn't hear them, or read the many, many, many articles that specifically pointed out they were using a "third-party adapter" would think it was a "mac" problem.

    Apparently if you find any kind of problem with any kind of third-party software, you better not show it off on a Mac because it would make Apple look bad and they'll sue!

  1. Monstermind

    Junior Member

    Joined: May 2000

    0
    08/20, 07:33pm | report spam | Reply |

    Sue, Apple, Sue!

    You're gung ho about persecuting legitimate businesses that use the word "pod" in any part of their products, let's see if you have the balls to go after THIS lot.

    C'mon, "Slave Labor" Steve, show us how tough you are.

  1. rahrens

    Fresh-Faced Recruit

    Joined: Aug 2006

    0
    08/20, 10:20pm | report spam | Reply |

    grounds for suit

    I don't know if they really have grounds for a suit, but I think what the other poster was saying is that the authors of that demo deliberately made the MacBook look as if it was vulnerable to a wireless attack. They made no effort to properly release any information to the manufacturer (Apple) that would prove that their "attack" was real or proved any vulnerability exists at all. Their demo was so obviously amateurish and tricked out to make the MacBook look bad that they failed to properly document the conditions of the attack. Now we find out that one of the conditions include third party drivers?

    It may not be grounds for a lawsuit, but it was in very bad taste, and obviously a setup, to boot.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    08/21, 09:36am | report spam | Reply |

    Re: grounds for suit

    Now we find out that one of the conditions include third party drivers?

    What do you mean "now we find out...". That was known back when it first happened. And of course there's the rumors and innuendo that the hackers were pressured by Apple NOT to show a hack of their airport until a fix could be made.

  1. Albert

    Fresh-Faced Recruit

    Joined: May 2003

    0
    08/21, 09:52am | report spam | Reply |

    Pathetic

    This is an obvious attack and slander against Apple products.

    These guys are 'genuine' hacks and should be ignored or tarred and feathered; not to mention laughed at and riddiculed for there unscruplous behavior.

    SecureWorks is a joke

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News