Hackers to hijack MacBook
Many systems running a vulnerable wireless device driver are vulnerable just by being turned on, as the wireless devices in most laptops constantly broadcast their presence to any network within range. Many wireless-enabled notebooks are even configured to automatically connect to any available wireless network.
The attack to be demonstrated today, however, is executable regardless of whether a vulnerable laptop connects to a local wireless network. The wireless card need only be active for the attack to prove successful, and because device drivers operate at such a low level within the operating system, traditional safeguards such as firewalls and anti-virus software are unlikely to stop the host system from accepting malicious probes from potential attackers.
The hackers are trying to shed light on the fact that many device drivers are developed by a peculiar mix of hardware and software developers in an environment where products are rushed to market. Such rushing of important low-level software development makes the drivers prone to security flaws due to lack of thorough code review, according to blogger Brian Krebs.
Ellch is also scheduled to discuss a new tool he is developing which remotely scans and discovers chipsets as well as driver versions of wireless devices on target computers following the demonstration. Ellch said the tool recognizes 13 different wireless device drivers so far, and breaks them down by operating system as well as firmware version.
"I'm getting this tool to the point where it can tell you not only how many people in a room are running, say, Centrino or Broadcom devices, but that 'x' number are running them on a Windows box with a specific version of the driver," Ellch said. "The useful thing for that information is that if you have a device driver exploit and it's version-specific, you could tweak [the exploit] before you launch it."
Both hackers have been in contact with Apple as well as Microsoft, and those companies are working with original equipment manufacturers as well as wireless card vendors to address the problems, according to Maynor.