By Thomas Claburn
Aug 17, 2006
In a video presented at the Black Hat USA conference in early August,
SecureWorks researcher David Maynor and Jon Ellch demonstrated hacking
into a MacBook, setting off a flurry of press coverage about the
insecurity of Wi-Fi-enabled computers from Apple and PC vendors.
Now it seems SecureWorks is backing away from its suggestion that
MacBooks are just as vulnerable as other Wi-Fi-capable computers. The
company has posted a disclaimer on its site to make it clear that the
demonstration at Black Hat used a modified MacBook.
"This video presentation at Black Hat demonstrates vulnerabilities found
in wireless device drivers," the disclaimer says. "Although an Apple
MacBook was used as the demo platform, it was exploited through a
third-party wireless device driver - not the original wireless device
driver that ships with the MacBook. As part of a responsible disclosure
policy, we are not disclosing the name of the third-party wireless
device driver until a patch is available."
A responsible demonstration policy would have forbidden the installation
of flawed drivers to make a point.
Apple sees the clarification as vindication. "Despite SecureWorks being
quoted saying the Mac is threatened by the exploit demonstrated at Black
Hat, they have provided no evidence that in fact it is," Apple
spokesperson Lynn Fox said in a statement. "To the contrary, the
SecureWorks demonstration used a third party USB 802.11 device " not the
802.11 hardware in the Mac " a device which uses a different chip and
different software drivers than those on the Mac. To date, SecureWorks
has not shared or demonstrated any code in relation to the Black
Hat-demonstrated exploit that is relevant to the hardware and software
that we ship."
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/