PDA

View Full Version : MacBook Wi-Fi hack didn't use Apple drivers


MacBytes
Aug 18, 2006, 01:25 PM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Apple Software
Link: MacBook Wi-Fi hack didn't use Apple drivers (http://www.macbytes.com/link.php?sid=20060818142518)
Description:: Apple tells Macworld.com that the Wi-Fi exploit demonstrated at Black Hat 2006 in a video doesn't show a flaw in their hardware or software. A third-party USB adapter with different chips and drivers was used, and Apple says the two researchers haven't provided Apple with code or a demonstration showing a working exploit on Apple equipment. The researchers added a note at their Web site confirming that only an unnamed third-party adapter was used. This doesn't mean the researchers have no flaw to show, but rather that their nose-thumbing at Apple users who were too secure in their security was misplaced, at least at present. The researcher's claim that they were providing information to Apple now seems off-base, too."

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

yellow
Aug 18, 2006, 01:26 PM
Vindication, haters! :P

jsw
Aug 18, 2006, 01:27 PM
That's good news.

Of course, it'll never be as widespread as the "fact" that the MacBooks were hacked, which will live forever. :rolleyes:

yellow
Aug 18, 2006, 01:28 PM
Of course, it'll never be as widespread as the "fact" that the MacBooks were hacked, which will live forever. :rolleyes:

Damn.. that's so correct.

I'll be hearing about this FUDtardery from people for years. :mad:

Oh.. can I turn my smugness back on now? :p

Bob Knob
Aug 18, 2006, 02:18 PM
I wonder if Apple's legal department will pay a visit to SecureWorks.

aranhamo
Aug 18, 2006, 02:45 PM
MacBook Wi-Fi hack didn't use Apple drivers

This is news? Right in the video where he displays the hack, he says that he's using a third-party USB wireless card. We've known from day one that he didn't use the built-in wireless card.

bluebomberman
Aug 18, 2006, 02:58 PM
This is news? Right in the video where he displays the hack, he says that he's using a third-party USB wireless card. We've known from day one that he didn't use the built-in wireless card.

Yeah, it's old news, but it bears repeating because I think a lot of people didn't quite understand exactly what the hackers did exactly and how.

skwoytek
Aug 18, 2006, 02:58 PM
This is news? Right in the video where he displays the hack, he says that he's using a third-party USB wireless card. We've known from day one that he didn't use the built-in wireless card.

Kreb's says they did attack the built-in wireless card in his recent report! (http://blog.washingtonpost.com/securityfix/2006/08/the_macbook_wireless_exploit_i.html)

August 15th - Kreb's writes, "In the video shown at Black Hat, he plugged a third-party USB wireless card into the Macbook -- but in the demo Maynor showed me personally, he exploited the Macbook without any third-party wireless card plugged in."

Don't just write Brian Krebs! Write the Washington Post!

Brian Krebs: brian.krebs@washingtonpost.com
Letters to the Editor: letters@washpost.com

aranhamo
Aug 18, 2006, 03:14 PM
exploited the Macbook without any third-party wireless card plugged in

That's what they've been saying all along though. That he used a third-party card in his demo, but that the same hack can be done on the built-in card. They gave some lame excuse about Apple pressuring them, so they used a third-party one in the video. Stupid, but old news nevertheless.

bousozoku
Aug 18, 2006, 03:17 PM
I guess they've made already smug Mac OS X users more smug because of their deception. :p

Peace
Aug 18, 2006, 03:30 PM
Since Apple switched to Intel everybody and their brothers have been out to get Apple..Things won't change..We should get used to it and know that we have the FRIGGIN BEST O/S out!! :D

bousozoku
Aug 18, 2006, 04:06 PM
Since Apple switched to Intel everybody and their brothers have been out to get Apple..Things won't change..We should get used to it and know that we have the FRIGGIN BEST O/S out!! :D

It's just funnier to see them scrape for reasons that Macs suck.

mozmac
Aug 18, 2006, 05:24 PM
I'm glad Apple came forth to explain their exquipment is still secure. Shame on the guys for not mentioning that they were using 3rd party equipment.

Timepass
Aug 18, 2006, 06:40 PM
Kreb's says they did attack the built-in wireless card in his recent report! (http://blog.washingtonpost.com/securityfix/2006/08/the_macbook_wireless_exploit_i.html)

August 15th - Kreb's writes, "In the video shown at Black Hat, he plugged a third-party USB wireless card into the Macbook -- but in the demo Maynor showed me personally, he exploited the Macbook without any third-party wireless card plugged in."

Don't just write Brian Krebs! Write the Washington Post!

Brian Krebs: brian.krebs@washingtonpost.com
Letters to the Editor: letters@washpost.com


people need to read this. It hurts apple so call claim and some said earily apple put pressurre on them to use a 3rd party. I wouldnt put it pass apple to do that.

solvs
Aug 18, 2006, 09:46 PM
people need to read this. It hurts apple so call claim and some said earily apple put pressurre on them to use a 3rd party. I wouldnt put it pass apple to do that.
Huh?

pjo
Aug 19, 2006, 05:25 AM
I'm glad the airport card drivers aren't vulnerable, but I wonder how much can be reasonably done to ensure that third party drivers don't introduce problems.

I mean I don't expect apple users to buy this card, but I can't think of any way to ensure that a driver (which has kernel access) won't introduce more of these vulnerabilities

MacRumorUser
Aug 19, 2006, 06:33 AM
I never heard about the macbook being hacked, and at the end of the day the chances of it actually happening are slim to none anyway so who really gives a ****?

No-one I know even cares about apple, let alone knows anything about this. The only people hurt by this 5 minute pain in the head are nurdlingers who really shoud get out more, take a walk, find a river, look for a bridge and GET OVER IT :p :p :p

harisdmac
Aug 19, 2006, 07:26 AM
I think the video and the allegation of 'hacking' the MacBook is totally fake. Since they do not provide any info regarding the way the performed it, nor they performed it in public, it could just be the case of a server running in the background of the Macbook, letting to perform shell functions remotely (e.g., with ssh or something). It doenst have to be a third party wireless drivers flaw or something. Real hackers do publish their work and code so that people can fix it, they dont just make vids demonstrating things that anyone can do with the appropriate software!

shamino
Aug 19, 2006, 10:18 AM
That's good news.

Of course, it'll never be as widespread as the "fact" that the MacBooks were hacked, which will live forever. :rolleyes:
You mean like those reports of Mac OS X being vulnerable to attacks, when the "test" site includes a custom-written web-form for dynamically creating local user-login accounts?

Yeah, isn't it amazing how vulnerable Macs are. All you have to do is hack the hardware and OS and applications to deliberately remove all of Apple's security features and then the system is wide open.

starflyer
Aug 19, 2006, 11:35 AM
http://www.smallworks.com/archives/00000461.htm

theBB
Aug 19, 2006, 11:42 PM
http://www.smallworks.com/archives/00000461.htm
Geez, this article claims they may not have hacked anything at all. I wonder if Washington Post will retract its story as prominently.

shamino
Aug 20, 2006, 10:08 AM
Geez, this article claims they may not have hacked anything at all. I wonder if Washington Post will retract its story as prominently.
The Post did delete the statement from Atheros that they were never contacted about any problem with their driver. (At least the link is broken.)

(edit) Nevermind. The link was just broken. Go here (http://blog.washingtonpost.com/securityfix/2006/08/update_on_the_apple_macbook_cl.html) and scroll to the bottom of the article.

nagromme
Aug 21, 2006, 06:04 PM
Ouch:

http://daringfireball.net/2006/08/curious_case

bousozoku
Aug 21, 2006, 07:37 PM
If these two were simply trying to promote their business, I'd say that they're out of business. Who would hire them to do more than fill envelopes?