Wireless Macbook Security Exploit?

[gekko513]

Interesting... I was about to edit my last post that Apple's site doesn't claim the Macbook has any slots... I can't see any in the Macbook QTVR images either.

It's a usb wireless card, I presume. He holds it up, flicks out the (usb) connector and plugs it into the left side of the Macbook. While he sticks in the card he says:

Don't think, however, just because we're attacking an Apple, the flaw itself is in an Apple. We're actually using a 3rd party wireless card.

I hope you're not referring to me when you say "people are so quick to call this an unfair attack on Apple".

 

[WildCowboy]

Interesting... I was about to edit my last post that Apple's site doesn't claim the Macbook has any slots... I can't see any in the Macbook QTVR images either.

Sorry...it looks like it attaches by USB.

 

[Unspeaked]

Wait - so this guy ISN'T using AirPort extreme?

I haven't seen the video, but it sounds to me like he found some crappy third party card that's Mac compatible, which has a security problem, and deliberately decided to show this card's security problem on a Mac.

In other words - it's not an Apple issue, it's not an AirPort issue, it's not an OS X issue, it's not a MacBook issue - it's an issue with some weird USB Wireless card that could have been shown on any number of computers, but was recorded for the public in use on a MacBook.

Is that correct?

If I'm right, that's so lame...

 

[JAT]

Interesting... I was about to edit my last post that Apple's site doesn't claim the Macbook has any slots... I can't see any in the Macbook QTVR images either.

It's a USB wireless card.

Seriously, boys. This thread is an amazing pile. "You hate Apple." "No, I don't, you hate hackers." "It's Apple's fault." "It's Bob's fault." "You got your chocolate in my peanut butter!" Blah, blah blah....

It's just a typical security report. Get your panties out of a bunch and have a glass of water.

I will say, the Page 1 report is rather misleading, considering the video. MacRumors should probably modify that.

 

[Unspeaked]

It's just a typical security report. Get your panties out of a bunch and have a glass of water.

I think the issue here is that this story has been a big deal in the tech world all day (it was in the Post and had a front page story on CNet) and all of those stories make a big deal about it being an Apple vulnerability.

Then we see he's using a combination of hardware and software that I reckon not a single Mac user has installed, and it all seems a little, um, faux.

 

[mrblah]

so is a paperweight with drivers a computer?

how do you install drivers on a paperweight?

 

[noservice2001]

its capable of xp.... are we suprised it has flaws?

 

[Tommyg117]

bad news. I better tell my girlfriend. How many macbooks does this affect? All of them?

 

[gekko513]

bad news. I better tell my girlfriend. How many macbooks does this affect? All of them?

None, it would seem.

 

[kcmac]

Good lord people. Watch the video for crying out loud. Why would you stick a usb or firewire or whatever kind of card like this is into a MacBook? It already comes with a card for free right inside!

Now, what would have been more impressive, is if this guy would have attacked the MacBook straight up as ALL PEOPLE USING A MACBOOK WOULD BE USING IT.

Criminy. Is the world really this hung up on trying to blast a hole into Apple's products?

This guy is just sour that he ain't in Vegas.

 

[sonictonic]

How can a completely B.S. story like this make it on the front page?

Can someone explain that to me?

 

[johnny_g]

its already been fixed...

Well, they find a problem and Apple responds in less than a day! No matter whose fault it was, Apple's computers had an obscure security hole and I applaud them for fixing it... not sure why everyone is getting all defensive over this one. Apple has already fixed the problem with the latest OS X security update, and I would guess Microsoft has done the same thing:

The update to WebKit resolves an issue where a maliciously-crafted HTML document could cause a previously deallocated object to be accessed, leading to an application crash or arbitrary code execution.

Really seems like a non-event to me as Macbook users (I wouldn't be scared to claim 100% of them) use their internal airport cards, not the silly USB one that opened up a security hole before this seurity update existed.

I mean if you install ARD and give someone the password then they can have complete control over your computer maybe that should reach front page as the main headline.

 

[Yvan256]

Let's just wait to see how long it will take for Apple to supply an update to fix this problem. I'm betting it won't take long.

Edit: seems it's already fixed.

Edit 2: It's a USB wireless card hack? Oh wow, ALL THE MACBOOK USERS ARE IN DANGER! RUN AWAY!

Edit 3: in other news, putting your Macbook in the oven at 300 celcius for 5 hours WILL BURN IT! APPLE HARDWARE IS FLAWED!

 

[benthewraith]

Where exactly is this video?

 

[dejo]

I personally think with the uptake of more Apple systems and the perception of better security on Apple systems many people see this as a challange to break a Mac (ala Hack a Mac).

But wait! Doesn't Apple's miniscule market-share mean that hackers won't target Macs because there is nothing to be gained? Better off targeting the 95% of Windows-running machines out there? I think this story proves again that the "security through obscurity" argument is just a myth.

 

[WildCowboy]

Where exactly is this video?

Here.

 

[benthewraith]

Here.

I found it, though it was rather tricky. :S

This is shocking how? Who is going to use a third party usb key for wireless when the notebook has it built in? Meaning, yes, it can be done, but the circumstances are almost impossible.

Even then, it's difficult to prove due to things such as Remote Desktop, etc.

 

[bloodycape]

Is this just the only for the Macbook, or is the macbook pro also affected?

 

[Westside guy]

Some of you should consider getting a smug-ectomy - this looks like a proof of concept more than anything else. Depending on exactly where the point of vulnerability is (which is not totally clear, perhaps intentionally) down the road this could have implications for built-in airport cards as well.

A couple years ago a security researcher discovered an Internet Explorer exploit that took advantage of a jpeg vulnerability. For this exploit to work, a user had to drag the image from the browser and onto their desktop, so many people blew it off - I mean, who would be stupid enough to do that? Well, after a bit more time other hackers (please don't bother "correcting" that) figured out how to take advantage of this exploit with some specially crafted script that could leverage the vulnerability without actual user interaction required.

I would agree that, at this moment, it's not a problem most Mac users need to worry about. But blowing it off completely is sophomoric at best.

 

[hulugu]

Yeah, hacking is just taking something and tinkering with it to make it do something that it's not really designed to do, isn't it? This can sometimes be useful and fun, but can obviously also be done for malicious purposes, and that's sometimes referred to as "cracking" and the ones who do it as "crackers".



Wait a second. They use a 3rd party wireless card, and he said in the end that "the flaw is not in the Apple operating system as we used 3rd party hardware". I'd say that's quite different from the impression I got from reading the macrumors headline here. A default MacBook using the built in Airport isn't vulnerable as far as I can tell.

He also said that the exploit isn't as trivial as a generic buffer overflow. Now, to exploit a generic buffer overflow, you need to have a certain level of l337ness to begin with, so that means you don't have to worry about your neighbour braking into your wireless network, just yet. Unless someone releases premade tools to do the exploitation, I'd say that normal people and small businesses don't have to worry at the moment.

This appears to be a variation of another wireless attack in which you decoy the wireless network. In the old attack you could create your own wireless network that appeared as the one you'd expect. This attack uses similar principles.

The lesson here is: wireless networks are not secure. What bugs me most about this story is how it was presented as an Apple flaw, when really this is the fault of a buggy device driver and the OS. Windows and possibly Linux would fall under the same flaw.

Using wireless networks is inherently risky and if you're concerned about attacks, say in a financial or security environment, you don't use it.

Of course, all the people who pointed out how 'smug' Mac users are and how they deserved such an attack won't notice this particular situation and will merely cheer and clap in their glee that Apple hasn't built a Olympian-OS.

 

[qualleyiv]

You're missing the point!!!

Hey guys, allow me to redirect the conversation here because I think you're all missing the point a little bit:

OK, so I just watched the video and all I can say is that the video demo IN NO WAY proves that they've done what they say they can do. First, the BIGGEST thing in this exploit was that this hack was supposed to work without having to connect the hacked machine to any network, yet the first thing they did in the demo was CONNECT the Mac to the Dell!!! Not to mention that they attached a third-party network adaptor (if that was even what it was). Even then, all they got was a shell for the current user.

That doesn't even start to get to the issue of what the video actually showed--which was VERY LITTLE. Just watch it, where is the proof that they even actually did the things which they claimed? I could have made that video EASILY. When I first read the report, I thought the video was going to be one of something that was done LIVE! Hardly...

 

[wyatt23]

this was really nice to rant and rave about nothing. some frivilous fighting each other. some flaming. some misinformation. some information.

but mostly garbage that EVERYONE argues and over reacted about. once the fog settled, turns out to be less than a days worth of argrivation.

new rule: take all os x vulnerabilities with a grain of salt, [in some situations with a whole bag of salt]



someone call me once my macbook is ACTUALLY comprimised.

 

[xPismo]

...at this moment, it's not a problem most Mac users need to worry about. But blowing it off completely is sophomoric at best.

Yup. As others have said, this isn't an Apple specific problem, but its good to expose the flaws found and get them sorted. Nothing really to see here, move along.

Dang video keeps stalling on me. We much be flooding it with requests.

 

[gserrano]

David Maynor used a third party Wi-Fi card.

I just saw the video about the hack in cNet. David Maynor used a third party wireless card to do the hack. My question is Why did he used a third party card?

Why use a third party card while the Macbook has built-in wireless already. Can he hack the built-in wireless card? It looks like that he cannot hack the built-in card so he used a third party card. My other question is Who would buy a third party wireless card for the MacBook? By doing so, makes no sense. I would like him to show us a video hacking the Macbook using Macbooks airport card.

 

[Phil A.]

I think the point the video is trying to make is that buggy device drivers are a big hole into the OS (nothing earth shattering about that!). Presumably they did it against a Mac to get more publicity (and to be fair, if it had been a PC we'd have had people on here shouting about how insecure Windows is!), but the fact they used a 3rd party card raises lots of questions in my mind. The first is that it could be a single wireless card on the market that has such bad drivers that there are holes in all versions of their drivers. The second is that it is possible that they actually wrote the drivers themselves complete with holes they could "exploit". The thinking behind this suggestion is why on earth would any 3rd party manufacturer create a USB wireless card with Intel OSX drivers for it? (I don't think kernel device drivers can work under rosetta) - there wouldn't be a market for it at all. The other option is that the driver is the same one used for Airport, but in that case why not just exploit the Airport card?

IMO the message is a valid but simple one - your OS is only as secure as the device drivers it's using, but beyond that it's full of FUD