toggle

AAPL Stock: 113.99 ( + 1.98 )

Printed from http://www.macnn.com

Wi-Fi hack demo used modified MacBook

updated 05:20 pm EDT, Fri August 18, 2006

Wi-Fi MacBook hack

Security researchers who appeared to demonstrate vulnerabilities in wireless device drivers earlier this month using a MacBook now admit that the laptop was in fact exploited using a third-party wireless device driver, not Apple's own default software. "This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers," reads a disclaimer on the SecureWorks website. "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver -- not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available." A responsible demonstration policy forbids the installation of flawed drivers to make a point, according to InformationWeek.

Apple responded to the disclaimer, acknowledging the admission as proof that its systems are not vulnerable as they were made to appear during the conference.

"Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is," said Apple spokesperson Lynn Fox. "To the contrary, the SecureWorks demonstration used a third party USB 802.11 device [...] not the 802.11 hardware in the Mac [...] a device which uses a different chip and different software drivers than those on the Mac."

"To date, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. testudo

    Joined: Dec 1969

    0

    Huh?

    A responsible demonstration policy forbids the installation of flawed drivers to make a point, according to InformationWeek.

    What does that mean? If you're trying to demonstrate flawed drivers, you can't install flawed drivers? The point is the drivers are flawed....

  1. jpellino

    Joined: Dec 1969

    0

    black hat?

    More like a**hat. If anything, they just made the mac community even more smug, because apparently they couldn't do this to an as-supplied OSX machine. The contention that the usb wifi dongle was just to prove it could be done on anything is smoke and mirrors.

  1. godrifle

    Joined: Dec 1969

    0

    Dammit

    And I just swapped out the built-in drivers on my MacBook for third-party drivers because I *thought* the Apple drivers weren't secure.

    I *never* should have listened to a bunch of caffeine-amped wannabes.

  1. ccsccs7

    Joined: Dec 1969

    0

    Lame

    That was rather lame. I mean, I can log onto my iBook server wirelessly with the command line. He didn't discuss any account setups (was remote account login enabled? How do we know he wasn't just "cheating"?)

    That whole thing with wires. If he REALLY wanted to prove anything, he'd have done it in reverse as well with the MacBook hacking the Dell—I thought that was what he was going to do, but pointing out the wireless access with "proof" was… dumb. Quite alarmist if you ask me. "Oh, look! I'm deleting your files." "Ooo! I got your secret password(s)!"

    *rolls eyes*

  1. jonbwfc1

    Joined: Dec 1969

    0

    hmm

    "A responsible demonstration policy forbids the installation of flawed drivers to make a point, according to InformationWeek.

    What does that mean? If you're trying to demonstrate flawed drivers, you can't install flawed drivers? The point is the drivers are flawed...."

    Yes, but the machine they demonstrated it on wouldn't have those drivers on it, so you're creating an entirely false impression. It all goes against the credibility of what you're doing and makes it look much more like a lame publicity stunt than people trying to make a serious point in an intelligent way.

    Frankly, the whole thing stinks. It's been shown to be totally unprofessional, completely opportunistic and apparently geared more towards press coverage than any sense of making the point in a calm intelligent way. Great way to give the more conscientious security professionals a really bad name. Imagine if someone had demonstrated that fitting Michelin tyres caused a particular make of car to crash, then it was found out the car they demonstrated it on is always shipped with Bridgestone tyres. The car manufacturer would have their internal organs ripped out, figuratively speaking.

    I think Apple have considerable grounds for suing these idiots. They've certainly attempted to damage Apple's reputation on a completely fabricated basis.

  1. LouZer

    Joined: Dec 1969

    0

    Re: hmmm

    Yes, but the machine they demonstrated it on wouldn't have those drivers on it, so you're creating an entirely false impression. It all goes against the credibility of what you're doing and makes it look much more like a lame publicity stunt than people trying to make a serious point in an intelligent way.

    If they wouldn't have those drivers, why would they even exist? There are many reasons for said drivers to be installed (what if your airport card died?). To say they'd "never" be installed is basically telling companies not to bother making the drivers as they'll never be needed.

    But the point they were trying to make was about the security and issues with third-party drivers in the first place. They chose to do it on a mac, when they could have done it on any machine, because they knew that if they did it on a mac, people might listen (as opposed if they did it on a generic windows box, and everyone would just go "ho-hum").

    I think Apple have considerable grounds for suing these idiots. They've certainly attempted to damage Apple's reputation on a completely fabricated basis.

    So if they did this on a dell, would dell have reason to sue? And only the idiots who didn't hear them, or read the many, many, many articles that specifically pointed out they were using a "third-party adapter" would think it was a "mac" problem.

    Apparently if you find any kind of problem with any kind of third-party software, you better not show it off on a Mac because it would make Apple look bad and they'll sue!

  1. Monstermind

    Joined: Dec 1969

    0

    Sue, Apple, Sue!

    You're gung ho about persecuting legitimate businesses that use the word "pod" in any part of their products, let's see if you have the balls to go after THIS lot.

    C'mon, "Slave Labor" Steve, show us how tough you are.

  1. rahrens

    Joined: Dec 1969

    0

    grounds for suit

    I don't know if they really have grounds for a suit, but I think what the other poster was saying is that the authors of that demo deliberately made the MacBook look as if it was vulnerable to a wireless attack. They made no effort to properly release any information to the manufacturer (Apple) that would prove that their "attack" was real or proved any vulnerability exists at all. Their demo was so obviously amateurish and tricked out to make the MacBook look bad that they failed to properly document the conditions of the attack. Now we find out that one of the conditions include third party drivers?

    It may not be grounds for a lawsuit, but it was in very bad taste, and obviously a setup, to boot.

  1. testudo

    Joined: Dec 1969

    0

    Re: grounds for suit

    Now we find out that one of the conditions include third party drivers?

    What do you mean "now we find out...". That was known back when it first happened. And of course there's the rumors and innuendo that the hackers were pressured by Apple NOT to show a hack of their airport until a fix could be made.

  1. Albert

    Joined: Dec 1969

    0

    Pathetic

    This is an obvious attack and slander against Apple products.

    These guys are 'genuine' hacks and should be ignored or tarred and feathered; not to mention laughed at and riddiculed for there unscruplous behavior.

    SecureWorks is a joke

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

DoxieGo Portable Scanner

Sometimes, people need to scan things, but having a computer at hand to do so isn't exactly feasible. Maybe it's the home of a relat ...

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

toggle

Most Commented