FlyerTalk Forums - View Single Post - The "Mac user base aura of smugness on security." - Hijacking a Macbook in 60 seconds
Thread: The "Mac user base aura of smugness on security." - Hijacking a Macbook in 60 seconds
View Single Post
Old Aug 8, 2006 | 7:36 am
  #15  
dtsm
 
Join Date: Jun 2005
Location: Tri-State Area
Posts: 4,728
Jury is still out
It looks like the jury is still out re whether this some-called defect was an intentional set up. Read on:



Wireless Driver Hack Could Target Macs and Windows
--------------------------------------------------
by Glenn Fleishman <[email protected]>

A potentially serious exploit of Mac OS X's wireless networking hardware
drivers has had a very limited demonstration[13]. The exploit, which
apparently relies on a flaw at the lowest level of the drivers'
interaction with Mac OS X's kernel, has not yet been independently
confirmed, nor has Apple released a statement on the matter. The flaw,
if proven, could allow an attacker to gain root access privileges via
Wi-Fi.

[13]<http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html#comments>

Researchers Jon Ellch and David Maynor found the flaw in Apple's
Intel-based Macs running Mac OS X and in PCs running Windows XP using
certain Wi-Fi adapters, and presented their findings at the Black Hat
USA 2006 Briefings[14] last week. They declined to show the exploit live
to avoid giving out details that could be turned into a security threat
in the wild.

[14]<http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Ellch>

The researchers maintain that the flaw can affect any Wi-Fi equipped
computer as noted above, regardless of whether the computer is actively
connected or connecting to a network, and the exploit does not involve a
rogue access point - one that attempts to fake an identity to get a
connection from a client.

The videotape[15] that the researchers showed didn't demonstrate that.
The researchers connected what appears to be a covered-up USB device to
a MacBook, which is then connected to a network running on a Linux
computer. They then show files being manipulated on the desktop but no
other attack being carried out.

[15]<http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html>

There is lively discussion at the Washington Post's Security Fix
blog[16] about whether this is just a rigged demo or a real event,
although beware the personal abuse directed at the blog's writer, Brian
Krebs. (Many are taking this attack against a MacBook personally.
Surprise, surprise.)

[16]<http://blog.washingtonpost.com/securityfix>

According to two experts TidBITS has heard from, the videotape is
inconclusive and could be either a staged stunt or a real exploit. Jim
Thompson, a veteran Wi-Fi engineer and security expert, is dubious, and
he explains why in great technical detail[17]. Security expert Rich
Mogull[18], research vice president at Gartner, said that the exploit is
credible and that it's possible that similar exploits on multiple
platforms developed independently are already in the wild. Mogull has
seen reports that a similar exploit may have been used at a recent
conference that he declined to identify for security reasons. The
researchers who presented at Black Hat are taking significant
precautions to prevent their particular research from getting out of
their grasp, he said.

[17]<http://www.smallworks.com/archives/00000455.htm>
[18]<http://www.gartner.com/AnalystBiography?authorId=18722>

Lending credence to this potential flaw was the release by Intel in July
of driver updates[19] for three of their Centrino wireless products.
Notes for the release label the patch for their oldest adapter (an
802.11b-only model) as having an exploit that could allow a "malformed
frame," a packet-like chunk, to allow a hacker to gain control of a
machine. Two newer adapters seem to have a severe, but less frightening
flaw. Mogull said that these Intel patches show that this kind of
exploit is not an unknown issue.

[19]<http://support.intel.com/support/wireless/wlan/sb/CS-023065.htm>

As noted, there is no confirmation of this exploit from anyone who has
seen the actual attack carried out in person, no separate validation of
the attack from third parties using different equipment and the same
approach, and no public response from Apple, Intel, or Microsoft,
despite the firmware patches from Intel. There is also no identified
attack of this sort in the wild.

At the moment, our suggestion is not to worry. The likelihood of this
flaw being exposed, becoming widespread, and threatening your particular
machine over the period of time it might take Apple to issue a patch is
extremely remote. The exploit also appears to be limited to Intel-based
computers at the moment, making it even less of a concern for many Mac
users.

We'll update this story as details become available, but if Apple
releases a security update that describes a fix for a malformed frame
and you travel around with your MacBook or MacBook Pro, you should
consider installing it as soon as is practical.
dtsm is offline  
Reply