AOH :: ISN-2814.HTM

Black Hat: MacBook hit with wireless hack

Black Hat: MacBook hit with wireless hack
Black Hat: MacBook hit with wireless hack 

By Robert McMillan
August 02, 2006
IDG News Service

Security researchers David Maynor and Jon Ellch performed a digital 
drive-by Wednesday at the Black Hat USA conference. Their target: an Apple 
Computer Inc. MacBook.

The two researchers have found ways to seize control of laptop computers 
by manipulating buggy code in wireless device drivers. In a videotaped 
demonstration at the conference, Manor showed how to use sophisticated 
hacking tools to add and remove files on a Wi-Fi enabled MacBook, 
manipulating the system from an adjacent laptop computer.

Wireless devices are designed to be constantly sniffing for new networks, 
and this can lead to security problems, especially if their driver 
software is buggy.

This can often happen as vendors rush to implement the complex wireless 
standards, said Ellch, a student at the U.S. Naval postgraduate school in 
Monterey, Calif. "A lot of hardware manufacturers have to ship stuff 
quickly," he said. "One of the things that gets sacrificed in the speed 
game is security."

Apple is not the only vendor to have problems with its wireless drivers, 
said Maynor, who is a researcher with SecureWorks Inc. By exploiting bugs 
in four different wireless cards, the researchers found ways to seize 
control of laptops running Windows and Linux as well, they said.

"Don't think that just because we're attacking Apple that the flaw itself 
is in Apple," Maynor said. "We wanted to do some other demos and they 
weren't panning out."

However, Maynor said that the researchers knew that if they showed their 
demonstration on a Mac OS X system -- generally considered to be a very 
secure platform -- that show attendees would take their findings 

The idea of poking a hole in Apple's current advertising campaign, which 
smugly boasts that Mac OS X is more secure than Windows, also appears to 
have been a factor. "I've got to be honest, those Mac commercials, they 
just jump right out at you," Maynor told attendees during his 

The researchers are now working with Apple to fix the problems, which may 
involve both operating system and driver patches, according to Maynor. 
Apple declined to comment for this story.

The Black Hat demonstration came just days after Intel Corp. issued 
patches for wireless driver flaws that could lead to the same problems 
that the researchers demonstrated in Las Vegas.

Maynor and Ellch could not say whether Intel's patches addressed flaws 
that they had discovered, but they said that they had not worked with the 
chipmaker on these fixes.

It is possible that the Intel patches were released in anticipation of 
their talk, the researchers said. Still, both men praised Intel for 
addressing driver security. "You have to admire a company that would 
proactively fix things before a talk instead of waiting until afterward," 
Ellch said.

Maynor and Ellch's presentation got high marks from last year's 
most-talked-about Black Hat presenter, Michael Lynn, who was sued by Cisco 
after disclosing vulnerabilities in Cisco's Internetworking Operating 
System. "That was pretty awesome," Lynn said, as the two were mobbed by 
show attendees after their talk.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches. 

Site design & layout copyright © 1986-2014 CodeGods