Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Wireless Macbook Security Exploit?

kcmac said:
This guy is just sour that he ain't in Vegas.
Click to expand...

this guy is not in vegas because his exploit has as much holes as this story.

i just wasted 20 minutes of my life reading the blog, watching the video. and dare i say, reading this thread?

ok. got to get back to work. catch you guys later.
 
gekko513 said:
It's a usb wireless card, I presume. He holds it up, flicks out the (usb) connector and plugs it into the left side of the Macbook. While he sticks in the card he says: "...we're using 3rd party hardware..."

I hope you're not referring to me when you say "people are so quick to call this an unfair attack on Apple". :confused:
Click to expand...
Not referring to you at all, Gekko. You're adding the kind of informed discussion I look forward to here. And thanks for helping the "blind" and cluing me in on what was going on.

I'm finally out from behind the firewall and watched the video, which I have to say is very well done.

The title of the demo is "Device Drivers: Don't build a house on shaky ground." They are drawing attention to a serious problem and most people here are missing the point because all the blood rushed to their heads when they saw the Mac logo.

They clearly say this is not Apple's problem, it's because of buggy code in a 3rd party driver. They're using the Mac for a reason here-- they are specifically making the point that it doesn't matter how much trust you put into your OS vendor, you can get hosed by any poorly made USB thingy that you stick in the side.

Take that home with you-- Apple may have a more secure OS but all of that can go out the window with a bad peripheral. This could just as easily have been a video camera that had a malicious file loaded onto it and a bad driver. Or, it could have been a printer with a bad print driver and a bad Bluetooth implementation that let an attacker pass through the printer into your machine.

They didn't run this demo live because they didn't want anyone in the audience to sniff the traffic and release it into the wild. Very responsible to the verge of being paranoid.

If there is a problem here it with the Washington Post who didn't clearly explain the problem. Maybe they didn't understand it themselves...


Drivers are an achilles heel of any OS. They give direct access to the kernel and bypass any security the OS can try to provide. They almost have to do that if you're going to allow 3rd party hardware to work with the machine. It was also a poorly written driver that allowed the DVD encryption to be cracked-- the vendor left the keychain available in plaintext.

This is a very difficult problem to solve. MS has talked about only allowing "signed drivers" to be run-- meaning that MS has to approve anything before it's loaded and that caused a developer outcry because it made MS the gatekeeper of all new hardware.

One way to minimize the exposure is to rely on a small number of standard interfaces. Less interfaces mean less points of entry that need to be tested. Apple does this very well-- almost out of necessity. Ever notice how every new piece of hardware comes with a disc you need to install under Windows but just seems to work with your Mac? It's because Apple connects through a standard interface (say, Mass Storage, or Digital Camera) and the vendor tries to get fancy for Windows and roll their own. They do it for windows because they think it's worth the effort to "differentiate" themselves in that crowded market while Mac users can see that those bells or whistles aren't necessary.

The point of the video is to show that the bells and whistles can also be dangerous.
 
dejo said:
But wait! Doesn't Apple's miniscule market-share mean that hackers won't target Macs because there is nothing to be gained? Better off targeting the 95% of Windows-running machines out there? I think this story proves again that the "security through obscurity" argument is just a myth. :)
Click to expand...

I wasn't disputing the fact that Apple doesn't have it's share of problems with security. Everyone is sick of hearing Windows problems so as soon as a problems arises with Apple, Linux, UNIX, etc everyone jumps on it.
 
Analog Kid said:
...The title of the demo is "Device Drivers: Don't build a house on shaky ground." They are drawing attention to a serious problem and most people here are missing the point because all the blood rushed to their heads when they saw the Mac logo.

They clearly say this is not Apple's problem, it's because of buggy code in a 3rd party driver. They're using the Mac for a reason here-- they are specifically making the point that it doesn't matter how much trust you put into your OS vendor, you can get hosed by any poorly made USB thingy that you stick in the side.
Click to expand...

I totally agree with you and I blame the Washington Post for the initial insanity. The headline and article made it sound as if the MacBook was the problem and not the third-party device driver. Obviously, there is a security hole that needs to be addressed by vendors like Apple, but this isn't an Apple hardware problem.

I may have be initially too dismissive of the article, but that's because of the sudden yellow tint to all the articles regarding Macintosh security. The tech-press is ready to wet themselves the moment a Macintosh hole is discovered and far too many people, offended by the Get A Mac commercials, have their long knives sharpened and are just waiting for the opportunity to use them. Some were so quick on the draw I suspect they merely read the headline.
 
any idea who the 3rd party vendor was? perhaps the hate mail should start flying there way!
 
thestaton said:
any idea who the 3rd party vendor was? perhaps the hate mail should start flying there way!
Click to expand...
That's the rub, isn't it. My first instinct was that they should have named the vendor by name so we know not to buy their products and all could see the smoking ruins of their company and heed the warning: write good software.

Then I realized why they didn't release the name... It's the same problem as for OS vendors-- if you release the details of the attack before it's patched then users pay the price.

That's the publicity vs security debate in a nutshell, methinks.
 
Instead of the headline reading macbook hacked in 60 seconds it should of read x vendor welcome to your lawsuit we promise it wont last 60 seconds!
 
bloodycape said:
Is this just the only for the Macbook, or is the macbook pro also affected?
Click to expand...

Seems like the pro would be affected too. But I have no idea why you would want to use a SECOND wireless card on a pro. The one built-in seems like it would be enough. :rolleyes:

In other words, this attention-craving hacker decided to use a Mac to demonstrate an exploit that is far more threatening to a PC. The chances of a Macbook user a) buying a 3rd party wireless card and b) hooking it up to a Macbook are slim and none.

Now if this exploit was demonstrated using the internal wireless, it would be a whole different level of seriousness.

And don't even get me started on wifi security... :D
 
maybe i miss understood that but there using a 3rd party wireless card, so not the one in the macbook?

also there on the same network as he has setup the ip's already....
 
As many others have pointed out, this isn't the event it's being made out to be. The fact it's a macbook is pretty much an irrelevance.
 
hulugu said:
I totally agree with you and I blame the Washington Post for the initial insanity. The headline and article made it sound as if the MacBook was the problem and not the third-party device driver. Obviously, there is a security hole that needs to be addressed by vendors like Apple, but this isn't an Apple hardware problem.

I may have beeen initially too dismissive of the article, but that's because of the sudden yellow tint to all the articles regarding Macintosh security. The tech-press is ready to wet themselves the moment a Macintosh hole is discovered and far too many people, offended by the Get A Mac commercials, have their long knives sharpened and are just waiting for the opportunity to use them. Some were so quick on the draw I suspect they merely read the headline.
Click to expand...

The problem is that it was also from a third party device driver from something that almost ZERO people will use with MacBooks ... a USB to wireless adapter. Further, the driver for the third party device had to be installed "PRIOR" to the hack and then also had to access the wireless access point via the terminal ... who does that? And how many people just have the terminal open?
 
macidiot said:
In other words, this attention-craving hacker decided to use a Mac to demonstrate an exploit that is far more threatening to a PC. The chances of a Macbook user a) buying a 3rd party wireless card and b) hooking it up to a Macbook are slim and none.
Click to expand...

+++

Quoted for truth.

This is the key to this story, and I'm very disappointed in the media for completely missing this. The 3rd party peripheral being used was not secure, and *ANY* computer using this device could be compromised...even a Mac. But they really should point out that Mac's don't need these devices, so it's really a hypothetical demonstration.

Mac OS X has become the Everest of hacking challenges... these guys just took a helicopter to the top rather than climbing. But eventually, malware that affects OS X will start to create some issues... however, regardless of market-share, the design characteristics of OS X will keep malware from ever becoming the issue it is for Windows.

Cheers
 
baloney

1) Using USB Wlan card.
2) Connects the Mac to the Dell using similar card (can you say self written drivers?) using already set up IPs and settings.
3) Attacks the Mac (how do we know he just doesn't have Windows sharing on and log into existing account on the Mac?).
4) Had they used two Dells', who'd go see their video? Using Macbook gave them maximum exposure and hits.

Cheap publicity stunt!
 
I have to agree with the last post as that's immediately what I thought last night- different devices have different drivers, he supposedly exploited a bug in the drivers for the external wifi card plugged into the macbook- first of all, who wrote those drivers? second of all, this fails to mention *ever* that apple's airport extreme card/drivers has such a bug to be dealt with-- merely that a mac using such an external card is vulnerable.

and ultimately, he never does load up the Sharing preferences to prove that shell/afs/smb/etc aren't running.
 
Okay, I mostly agree with the comments that this is being overblown because the AE card inside the Mac is not being used. But....

Two things:

1) I re-iterate my comment much earlier that this does point to a long-term problem that has to do with the fact that there is no real non-discoverable mode available in most implementations of the Wi-Fi client driver, as there is with Bluetooth devices and with Wi-Fi host drivers in routers (why? because I'm pretentious! :p ).

2) I don't completely understand this business of an external card being used. Can anyone help me out? So an external card was used in OS X, correct? Don't most OS X external cards that do work, work based off the driver that is shipped with OS X and not with a driver provided separately by the card vendor? Installing drivers in OS X is very rare. Does the unnamed external card use the same OS X driver used for the AE card, or does it use a different one? If it uses the same one, it's not clear that the driver in OS X is completely safe.

Not panicking here...but this seems like an opportunity to improve computer security for us all...
 
I did a quick google search. Seems to me that USB wlan cards NEED to have their own drivers.

And of course the USB wlan sticks a cheap and it followes that the drivers were also developed cheap. Cheap and quality don't mix.
 
mkrishnan said:
2) I don't completely understand this business of an external card being used. Can anyone help me out? So an external card was used in OS X, correct? Don't most OS X external cards that do work, work based off the driver that is shipped with OS X and not with a driver provided separately by the card vendor? Installing drivers in OS X is very rare. Does the unnamed external card use the same OS X driver used for the AE card, or does it use a different one? If it uses the same one, it's not clear that the driver in OS X is completely safe.
Click to expand...

99.9999% of MacBook and MacBook Pro users don't have an external wireless card. The only reason why you would have an external card is either a meeting of a very clever salesman and an exceedingly stupid customer, who never realised that he doesn't need an external card, or a MacBook with a broken wireless card that is more expensive to repair than buying an external one. But then I think all MacBooks in existence should still be under warranty, so that shouldn't happen.

So why did they use an external wireless card? The only reasonable explanation is that whatever they did doesn't work with the built-in airport.

What I think that happened: They found a wireless card with USB connector that will make wireless connections even when it is not explicitely told to do so. Next, they prepared a Macintosh to allow remote login, which is dangerous if you are connected to any network. Remember, it was their Macintosh, and anyone can make their Macintosh as vulnerable as they like if they know how to. And these two things combined are enough.

No danger for anyone without an external wireless card, and no danger for anyone who hasn't messed around with their Macintosh and made it vulnerable.
 
gnasher729 said:
So why did they use an external wireless card? The only reasonable explanation is that whatever they did doesn't work with the built-in airport.
Click to expand...

Yes, this had certainly occurred to me, and I think it's a fair guess. But I don't think I'd gallop off to "this is a total non-issue" from here. That's all I'm saying. Again, not panicked, but I think this should be pursued in the long term. There is a valid point in that the "seeking a network" activity of wifi cards in general offers a potential vector for exploits.
 
Why a tape?

I think they are using the "we don't want this to get out into the wild" thing as a scam. If you do it in person people might actually ask questions like 1) Why not use the built in wireless card? ('cause we're not good enough to hack that) 2) What are the security settings on the Mac? (everything open and enabled, making it childs play to "hack" in 3) Why would anyone ever use a USB external wifi-card with a MacBook? (They wouldn't - this is about as hypothetical a "hacK" as there ahs ever been).

It's really funny to see earlier in the thread how some of the hacker friends were claiming victory about how the Mac is vulnerable and Mac users are just smug blah blah blah. Strangely, there aren't any posts like that after it was discovered about the 3rd party card and all of the other inconsistencies. This smells just like that "Hack a Mac" contest. Lets make this thing as easy to crack as possible and see if someone can do it - DUH!
 
Airport not affected

From http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html
quote
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported. end quote

Watch what you connect to!
 
qualleyiv said:
Hey guys, allow me to redirect the conversation here because I think you're all missing the point a little bit:

OK, so I just watched the video and all I can say is that the video demo IN NO WAY proves that they've done what they say they can do. First, the BIGGEST thing in this exploit was that this hack was supposed to work without having to connect the hacked machine to any network, yet the first thing they did in the demo was CONNECT the Mac to the Dell!!! Not to mention that they attached a third-party network adaptor (if that was even what it was). Even then, all they got was a shell for the current user.

That doesn't even start to get to the issue of what the video actually showed--which was VERY LITTLE. Just watch it, where is the proof that they even actually did the things which they claimed? I could have made that video EASILY. When I first read the report, I thought the video was going to be one of something that was done LIVE! Hardly...
Click to expand...

Indeed, the question of whether this hack actually works is called into question, but I doubt they'd go through the stuff just to fool us. What they were getting at is the Mac just has to have it's airport card connected. A computer will connect to any network it detects that has the same SSID. So if the mac had connected to the network belkin54g sometime in the past, they can spoof the SSID on the Dell to be a belkin54g, thereby allowing them to hack the mac, so to speak.

However, the video does lack a little bit of detail, mainly, was a third computer outside the room using a Mac with Apple Remote Desktop.
 
I totally believe that

Passante said:
From http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html
quote
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported. end quote

Watch what you connect to!
Click to expand...


NOT! Are you serious??? - some guy writes in his blog that Apple was leaning heavily on him not to point out the problems with apples drives. Wow - it's on the internet it must be true. Oh wait - it that were right I'd have a true video iPod, a PB G5, an iPhone, and a 12 GB Nano in my ownership right now.

Give me a break - it's a blog for crying out loud - it's about as accurate as MacOSRumors.

Also, as pointed out on page 3 (I think) - the latest security update fixes this vulnerability - even tho it's still a 3rd party USB driver and I don't believe for 1 second that he used a 3rd party card out of respect for apple's wishes...
 
I used to build a lot of fences for livestock farms. No matter how well we thought we built the fence, the only way to make sure the pigs couldn't get out was to put the pigs in...

And that's my feelings about computer security. At least these guys are going public with their findings. Now it's time for the computer savy public to put them through their paces.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back