Wireless Macbook Security Exploit?

[mkrishnan]

So the concept of this attack seems similar to Bluetooth exploits that target "discoverable" phones. And the solution for many people was to make their phones non-discoverable, since they were already paired to all the important devices anyway.

In the Airport preferences, there is the "By default, join: Preferred networks" option. In addition, when you click options, you can select to keep searching for preferred networks when one does not find a preferred network. But I'm not sure... is this enough? Or is the system vulnerable even when it is only looking for preferred networks? It would seem like one could spoof enough of the signal of a preferred network in some cases (e.g. when it's a company network with a known name as opposed to my hidden network at home, the name of which no one else really knows).

It seems like, in the long run, there needs to be something like a "non-discoverable" mode for 802.11 to solve this issue....

 

[yellow]

but that doesn't mean that OS X is anywhere near impenetrable

I don't think that anyone who has A Clue™ doesn't know this already.
The ilk of people who think it's immune are the same ilk of people that don't understand why their WindowsPC is running so "slowly".

I just resent being called smug.

I also resent blackhatters who are new to the OS X game getting all rightous. Where were they the last 5 years?
They're part of the REASON "mac users are so smug about security".

 

[yanniboy]

Money

People make money from the Micrapplesoft when they discover a flaw and sell it to them. So it is in their interest to approach these guys and not the card manufacturer, as well as creating hype around their case.

 

[hulugu]

...Actually it's the smug attitude of so many Mac owners that makes them such satisfying targets. You reap what you sow. I've been using Macs since 1984 (and PCs about as long) and Mac users get on my nerves sometimes.

Um, hello?

You've been using Macs since their inception, therefore you are a Mac user, who is according to you a smug and satisfying target.

Maybe, not all Mac users are the same monolithic group.

 

[hulugu]

...I can tell you as someone who works with hackers (half of my buddies are at BlackHat this week) that OS X is NOT inherently secure, and that there are plenty of vulnerabilities that surface on it that are well-known in the "hacker" community long before they are made "public," and also long before they are also repaired by Apple.

OS X is definitely inherently more secure than Windows, but the near-complete lack of viruses/use of other exploits for them is definitely not because they are ironclad in terms of security. That should be abundantly clear from a cursitory reading of the kbase article on the latest security update. Many of those fixes were to rootkit holes! As in, god-sized sized security holes...

I've always told, or at least tried to say, that Macs were more secure than Windows and did not have the same vulnerabilities, nor the number of viruses and other associated bits of malware. Macs are immune to many things, but you're absolutely right, they're not invulnerable.

One thing to note is this particular vulnerability also affects Windows, so if we're still comparing the two against each other this vulnerability doesn't exactly tip the scales.

 

[shadowfax]

I don't think that anyone who has A Clue™ doesn't know this already.
The ilk of people who think it's immune are the same ilk of people that don't understand why their WindowsPC is running so "slowly".

I just resent being called smug.

I also resent blackhatters who are new to the OS X game getting all rightous. Where were they the last 5 years? They're part of the REASON "mac users are so smug about security".

I did not intend to call you smug; I apologize if you took it that way... I was responding to your assessment of how "hackers" view Mac Users/The Mac Community.

I think that there are actually a good deal of people with A Clue™ (in general) that don't understand much about OS X security. I was speaking with hyperbole--I think a lot of people who do have this clue thing think that it's somewhat hard to write viruses for OS X... Apple certainly advertises it horrendously these days.

As for blaming BlackHatters for our ignorance about security issues, I think that you need to get that clue thing for saying that. And as for smug OS X newcomers, you would do well to remember that OS X is MOSTLY *nix at the base. You don't have to be a hardened OS X developer to futz around in it.

 

[bigmc6000]

Hackers = scum of earth

Hackers rank up there with drug dealers as the scum of the earth. Pathetic, cocky wastes of human life. And no - there's no way you can convince me otherwise and I know I'm not in the minority on this one.

Side Note: Of course I'm talking about the ones who release their stuff into the wild and don't just notify the software company about the problem and keep it to themselves (those are good people and should be commended - it's the other ones that are a waste of flesh)

 

[edoates]

Well... but at least it's not Apple's fault, because they didn't produce the driver. Therefore it's actually not a concern of Apple's but of the driver's producer's.

On the other hand Apple did include it into it's OS seemingly without testing it thorougly, and that is, of course, a concern of Apple's. So they will have to work together to get rid of that - and I'm sure they will - and I may be smug again.

EDIT: Bzzzt to me for my prior comments about it being Apple's issue; apparently, the vulnerability is caused by a third party card driver. Does anyone know if that's apple's driver or the third party card driver which must be installed by the user?

 

[guzhogi]

This is kinda creepy. It's good they're trying to fix the problem, but it sucks that there is a problem. I work in an elementary school as its computer tech and the district is going to give me & the techs @ the other schools in the district a MacBook to administer tests and stuff. If someone hacked into my MacBook, they can get a lot of info on both all the kids as well as the faculty.

 

[gauchogolfer]

The video is now posted on the Washington Post blog to see how they go about it. I'm watching it now. They do seem to stress that it's not an Apple vulnerability, but an 802.11 driver issue. Anyways, let's see what they can do.


1,000th post, sweet.

EDIT: Holy crap, that was pretty convincing to a relative amateur like me. They seemed to basically do whatever they wanted to the system. Was there something underhanded here that I didn't catch that would make this unusable in reality, or is there valid concern based on this demo?

 

[Demoman]

Do you know what a computer without drivers is? A paperweight. The OS is not a single monolithic thing; it's made up of many components. The notion of what is "written into the OS" is more complicated than you seem to think, and it's childish to dismiss a vulnerability because it's in a driver.



Actually it's the smug attitude of so many Mac owners that makes them such satisfying targets. You reap what you sow. I've been using Macs since 1984 (and PCs about as long) and Mac users get on my nerves sometimes.

"Make believe" Mac supporters get on my nerves ALL the time. I doubt many of the readers here need to be schooled about the services device drivers provide. When I read the post you criticized, my impression was the author was simply stating that Apple did not write the driver. You seem to want to focus the blame on Apple. So, what is your agenda? Are you just here to bust on Apple?

 

[gekko513]

EDIT: Holy crap, that was pretty convincing to a relative amateur like me. They seemed to basically do whatever they wanted to the system. Was there something underhanded here that I didn't catch that would make this unusable in reality, or is there valid concern based on this demo?

I haven't seen the video. But if the description of the vulnerability says "seize control" or "aribtrary code execution", it's the real thing. They can do whatever they want, although sometimes restricted by the privileges of the user that the compromised process is running as.

 

[Anawrahta]

Hackers rank up there with drug dealers as the scum of the earth. Pathetic, cocky wastes of human life. And no - there's no way you can convince me otherwise and I know I'm not in the minority on this one.

Side Note: Of course I'm talking about the ones who release their stuff into the wild and don't just notify the software company about the problem and keep it to themselves (those are good people and should be commended - it's the other ones that are a waste of flesh)

I agree....but wouldn't it be better to say, malicious hackers? I think that most hackers are good people and just like to tinker with things. Of course there's always going to be some bad apples.

 

[gauchogolfer]

I haven't seen the video. But if the description of the vulnerability says "seize control" or "aribtrary code execution", it's the real thing. They can do whatever they want, although sometimes restricted by the privileges of the user that the compromised process is running as.

Here's the link to the main blog page, with video: link

What do you think?

 

[gekko513]

I agree....but wouldn't it be better to say, malicious hackers? I think that most hackers are good people and just like to tinker with things. Of course there's always going to be some bad apples.

Yeah, hacking is just taking something and tinkering with it to make it do something that it's not really designed to do, isn't it? This can sometimes be useful and fun, but can obviously also be done for malicious purposes, and that's sometimes referred to as "cracking" and the ones who do it as "crackers".

Here's the link to the main blog page, with video: link

What do you think?

Wait a second. They use a 3rd party wireless card, and he said in the end that "the flaw is not in the Apple operating system as we used 3rd party hardware". I'd say that's quite different from the impression I got from reading the macrumors headline here. A default MacBook using the built in Airport isn't vulnerable as far as I can tell.

He also said that the exploit isn't as trivial as a generic buffer overflow. Now, to exploit a generic buffer overflow, you need to have a certain level of l337ness to begin with, so that means you don't have to worry about your neighbour braking into your wireless network, just yet. Unless someone releases premade tools to do the exploitation, I'd say that normal people and small businesses don't have to worry at the moment.

 

[Zadillo]

Wait a second. They use a 3rd party wireless card, and he said in the end that "the flaw is not in the Apple operating system as we used 3rd party hardware". I'd say that's quite different from the impression I got from reading the macrumors headline here. A default MacBook using the built in Airport isn't vulnerable as far as I can tell.

Yeah, I'm curious about that too. I have to admit, I didn't even know you could use a third party wireless card with a Mac. It does seem kind of misleading, cause I just can't imagine how many people are even out there with MacBooks that are using this third party wireless card.

Is this at least a driver that is built into OS X anyway, or is it something you would also have to install along with the third party wireless card?

It does seem pretty misleading to me, because I think the way this story is being presented is that Apple is basically shipping MacBooks that could be exploited right out of the box, and that doesn't sound like it's actually the case.

-Zadillo

 

[Analog Kid]

Wait a second. They use a 3rd party wireless card, and he said in the end that "the flaw is not in the Apple operating system as we used 3rd party hardware". I'd say that's quite different from the impression I got from reading the macrumors headline here. A default MacBook using the built in Airport isn't vulnerable as far as I can tell.

He also said that the exploit isn't as trivial as a generic buffer overflow. Now, to exploit a generic buffer overflow, you need to have a certain level of l337ness to begin with, so that means you don't have to worry about your neighbour braking into your wireless network, just yet. Unless someone releases premade tools to do the exploitation, I'd say that normal people and small businesses don't have to worry at the moment.

Can't get the video to play right now, but the text sounds like Atheros writes the drivers for the built in Airport.

Sounds like a protocol bug to me if it works on different platforms and different vendors.

 

[nagromme]

Mass attacks--viruses/worms/etc.--are by far the most likely threat to encounter, but you can also be individually attacked, or tricked by someone's WiFi trap. Mac owners too should keep that in mind. Just because we are so safe from viruses doesn't mean security is ever 100%.

And the people doing this demo seem to have been responsible about it--telling Apple and the other affected companies the details, but NOT telling the public.

So... good catch!

 

[gekko513]

Can't get the video to play right now, but the text sounds like Atheros writes the drivers for the built in Airport.

Sounds like a protocol bug to me if it works on different platforms and different vendors.

Hm, perhaps, the article is a bit vague on the subject.

Apple -- like many computer manufacturers -- outsources the development of its wireless device drivers to third parties. In Apple's case, the developer in question is Atheros, a company that devises drivers for a number of different wireless cards, each designed with drivers specific to the operating systems on which they will be used.

You're right, they make it sound like Atheros also writes the drivers for the built in Airport, but it doesn't say so specifically.

OS X ships with lots of default drivers for third party hardware, external wireless cards too, I'd imagine, and those could be the one we're talking about here.

Isn't the internal wireless device made by Intel? It's not sure Apple and Intel needs the help from Atheros to get drivers for that.

But even what the article says, I don't see why the demo would use a 3rd party wireless card if they could just as well have attacked the built in Airport.

 

[Analog Kid]

Wow! It's really disturbing how many people are so quick to call this an unfair attack on Apple-- and how quickly the argument on this board gets labeled as "apologists" against "bashers".

What's next? The code was written at Apple, but by a contractor? The guy who wrote that code has only been with the company for a year? None of the other coders like the guy responsible for that one, so it doesn't count?

Look: I don't care who wrote what code-- if it makes my machine vulnerable then it's bad. It's not whether Apple wrote it, or whether or not they tested sufficiently (which is nuts because most stuff like this needs to be designed properly-- it's nearly impossible to test all the possible vectors)-- it's that my Mac isn't secure.

Or someone else's, as I don't have a Macbook, but you get the idea...

When Apple started advertising its security, we knew this would start to happen. If you tell someone they can't, they'll want to prove they can. The question isn't whether vulnerabilities turn up, because they certainly will, it's how Apple handles it from here. Are they upfront and quick to respond, or do they forward you to Symantec?

 

[Analog Kid]

Isn't the internal wireless device made by Intel? It's not sure Apple and Intel needs the help from Atheros to get drivers for that.

But even what the article says, I don't see why the demo would use a 3rd party wireless card if they could just as well have attacked the built in Airport.

Sorry to ask such basic questions, but I can't get the video to play through our firewall... Do they explicitly show an external WiFi card plugged into the slot?

 

[WildCowboy]

Sorry to ask such basic questions, but I can't get the video to play through our firewall... Do they explicitly show an external WiFi card plugged into the slot?

Yes...he holds it up and then sticks it into the slot.

 

[Analog Kid]

Yes...he holds it up and then sticks it into the slot.

Interesting... I was about to edit my last post that Apple's site doesn't claim the Macbook has any slots... I can't see any in the Macbook QTVR images either.

 

[thestaton]

So lets see, I just bought a new mac book however I really don't like the built in antenna for some unknown reason and I go to walmart and buy an external card not made by apple. I then go the airport, where I'm hacked and my life is ruined there is no going back. Riiiiiiiiight.

What a crock, the odds of someone getting hacked is about .1% or less. What gets headlines? A Mac getting hacked not windows who cares. These guys are tools, and I love the links to the ads & the ad in the video they make you watch. Nice touch, way to make money off of Apples good name.

 

[ezekielrage_99]

Saw that one coming. I cringe everytime I see an Apple security commercial. It's like spitting in the hackers face.

I think everyone did it was just a matter of time until there was a wireless exploit. I personally think with the uptake of more Apple systems and the perception of better security on Apple systems many people see this as a challange to break a Mac (ala Hack a Mac).

Either way it still isn't as bad as Windows