Audio & Video
Business Center
Cameras
Cell Phones & PDAs
Desktop PCs
Gadgets
Gaming
HDTV
Laptops
Macs & iPods
Monitors
Printers
Software
Spyware & Security
Storage
Upgrading
Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Products
Most Popular Downloads
Thursday, August 03, 2006 3:39 PM PT Posted by Narasu Rebbapragada
Lessons from the MacBook Hackers (With Video)
I had an eerie feeling watching a big-screen video of a security researcher hacking into a MacBook through a Wi-Fi connection. Partly, it was because I was sitting in a room full of people clamoring to know how he did it. Mostly, it was because I was typing on a black MacBook myself.I was listening to a lecture given by Johnny Cache and Dave Maynor at the Black Hat 2006 conference here in Las Vegas. (Maynor is the MacBook hacker in the video, which you can see here:)
In the end, the Mac wasn't the focus of the hour-long briefing. And Cache and Maynor hacked the drivers of a third-party external Wi-Fi card. They chose the MacBook--in part because of Apple's smug Mac vs. PC commercials--to demonstrate the security weaknesses in 802.11 device drivers and the dangers inherent in releasing products before they?ve been thoroughly tested.
"Speed to market is so important, people are getting pushed to get stuff out the door as quickly as possible," said Maynor.
Companies want to be first out of the gate with the latest, greatest products. (And we at PC World want to be the first to review them.) But Cache and Maynor showed, in step-by-step fashion, how they could identify Wi-Fi chip sets and the drivers through their unique data transfer patterns. By identifying the drivers, they could find their vulnerabilities and write exploits to take advantage of them. The result: Maynor was able to remotely search, add, and delete files on the Wi-Fi connected MacBook.
This is not just a MacBook problem. It's also a Windows problem. It's a problem wherever multiple parties--in this case the chip maker, the Wi-Fi hardware manufacturer, and even the OS developer--are writing portions of drivers that aren't properly tested with each other.
The likelihood that you'll encounter to this particular exploit is small. "You have to have some economic gain," said Cache in an interview after the event. Right now, there's little gain in hacking into an individual laptop at short range. But what happens when the range of Wi-Fi is kilometers instead of meters? What happens when cities provide always-on public Wi-Fi connections?
"Vendors should be dealing with it now before it is a big problem in a year or two," says Maynor.
Let's hope they do.
Recent Posts
Archives
View posts from:
PC World's Marketplace
PC World's Free Whitepapers
QUICK LINKS:
cheap laptops
cell phones
laser printers
HDTV reviews
LCD TV Plasmas
digital cameras
laptop reviews
security antivirus
windows vista reviews
digital camera reviews
inexpensive desktop
LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
tech news tech blogs community & forums laptop prices software reviews downloads
Lame: Apple's Wifi comes standard with the laptop he's using. I guess he's proving that for the .02% of people who opt *not* to use the built-in wifi, they might be in danger. It is a point well taken that device drivers are a potential point of insecurity since they have access to the internals of the system.
However, I wish the press wouldn't sensationalize things like "proof of concept" viruses that aren't in the wild and purport that macbooks' wifi is hacked in minutes. They even say in the presentation several times that it's a third party card.
they did that to demonstrate that it wasnt just macs that were vulnerable. if they had just used the built in wifi then people would assume (something like you did albeit in reverse) that only macs were vulnerable.
Jeromatron: This problem exists on the Mac wirless card as well. People need to have an open mind (even Mac fanatics) that there are security vulnerabilities in Mac. I own a Mac and work in the security field, myself, and laugh when I see people like you. This also wasn't a "proof of concept" virus, it was a "proof of concept" exploit. I pray for the day a horrible 0-day worm hits Mac. You people need to wake up!
I agree with you vladhackula that this was a (exploit) and not (virus). Now I'm not very MAC knowledgeable but pretty PC knowledgeable, now Wifi and other wireless communication hardware are easier to hack into than wired network computers which Is why wireless/WiFi users should get a good firewall up now for the PC users that use Windows, Windows Firewall "it's default firewall" is recomended unless you have a wireless router it has a firewall installed in the hardware which is a bit more protection. And I have heard too that MAC's are more unlikley to get viruses thatn PC's but we can't always depend on that statement.
Oh boy, I don't want to see apple or any other frutty company on the day their computers get infected with worms....
Who would want to eat an apple that has a worm? Same for the non eatable one!