[steve626]

According to this video

http://news.com.com/1606-2_3-6101573.html?tag=ne.vid

someone was able to hack into and totally control a Macbook via a wireless access point from a PC.

I don't understand how this is possible if the firewall is on and if the ports on the Mac are shut down. Or even if a few were open. The person says that they did not use a buffer overflow technique.

The claim is that this takeover of the Macbook is possible even when the Macbook does not voluntarily connect to the wireless access point, but in the video the Macbook user does indeed appear to voluntarily connect. The moral of the story is to configure your Mac to *not* connect to any but "trusted" networks. (I suppose a random wireless signal picked up in a Starbucks would not necessarily be trusted.) I am a bit dubious of the claims of the video, however.

[mduell]

This is an issue well before the firewall. They're using a flaw in the driver to remotely privilege escallate and run arbitrary code.

I believe the video. Apple's public statements lend credence to it.

[CharlesS]

I guess this makes yet another reason that you shouldn't connect to every random wireless router you see in the AirPort menu.

[nerd]

Did I read this wrong? I thought you didn't have to be connected to a base station at all for this to work?

[steve626]

Originally Posted by CharlesS

I guess this makes yet another reason that you shouldn't connect to every random wireless router you see in the AirPort menu.

Well, once when we visited my in-laws, who are elderly and have no computer and no internet connection, my daughter brought my laptop along and turned it on. The laptop immediately saw several wireless routers, no doubt in my in-laws' neighbors' condos where people probably just connected their computers to a router using no security. Sure enough she was able to just "connect" into someone else's open wireless network with no name and no password and went on to AIM-ing her friends happily, as she does at home.

So you are saying, just arrange the hacking setup in a densely populated condo or apartment, broadcast a wireless access point, and then you can hack any computer that tries to tie into the "free signal?" Or better yet, set up in or near a Starbucks and take over all the laptops that are inside?

[CaptainHaddock]

The demonstration, shown only on a video and not in person, using a third-party wi-fi card rather than Apple's, was very likely rigged.

Read a very interesting analysis here.

[CharlesS]

Originally Posted by steve626

Well, once when we visited my in-laws, who are elderly and have no computer and no internet connection, my daughter brought my laptop along and turned it on. The laptop immediately saw several wireless routers, no doubt in my in-laws' neighbors' condos where people probably just connected their computers to a router using no security. Sure enough she was able to just "connect" into someone else's open wireless network with no name and no password and went on to AIM-ing her friends happily, as she does at home.

So you are saying, just arrange the hacking setup in a densely populated condo or apartment, broadcast a wireless access point, and then you can hack any computer that tries to tie into the "free signal?" Or better yet, set up in or near a Starbucks and take over all the laptops that are inside?

Well, that's what the video made it look like, at least.

Of course, if CaptainHaddock's link is correct, then it'd be a moot point. I wonder if anyone's tried to duplicate this yet.

[Tomchu]

They said that the exploit works exactly the same with the stock WiFi Apple hardware (made by Atheros in the MacBook/MacBook Pro).

[TETENAL]

Originally Posted by Tomchu

They said that the exploit works exactly the same with the stock WiFi Apple hardware (made by Atheros in the MacBook/MacBook Pro).

Then why didn't they just use that?

[steve626]

Originally Posted by CharlesS

I guess this makes yet another reason that you shouldn't connect to every random wireless router you see in the AirPort menu.

The other thing about this is that the people who made the video *claim* that this attack would work even if the hacked into computer (a Macbook in this case) didn't "join" the wireless network.

If that is true (and on Macfixit, August 4 article, this claim was derided as false or at a minimum undemonstrated), then presumably you could just turn on your laptop somewhere, and even if you didn't join the offending network that was offered, you could still have your computer taken over.

To me, the video raises concerns but *proves* nothing. I think a better "validation" would be to issue a challenge for people to bring both Mac and PC laptops to a given location and see if they can be taken over when the "victim" is not cooperating.

Those of us with laptops can frequently "see" multiple networks or access points, most of which we never try to join. At my house, I see about ~ 3 such networks from neighbors. At a nearby hotel where my company often hosts meetings, I can "see" networks from a Starbucks across the street plus two additional ones from nearby hotels. According to this video, any of these networks could take over your laptop. It sounds a bit far fetched to me. I'm waiting for better proof before I pay more attention to this (although I do faithfully continue to back up my computers regularly).

[Tee]

Originally Posted by TETENAL

Then why didn't they just use that?

http://blog.washingtonpost.com/secur...book_post.html

[CaptainHaddock]

Talk is cheap. That blog post and $2 will buy you a hot dog.

[TheMacMan]

Let's think about this. If the claim is that you don't have to join the network, why is it then that at the beginning of the video the hacker had to remember the IP address of the machine being attacked? so, if you have a Starbucks near you, and you don't join their network, how will the attacker find your internal IP address? When you Join, depending on whether you have chosen DHCP(auto assighment of your IP) or putting you IP in manually, they will then have access to your machine. The other thing is, in order to make connection with another computer on the network, it has to be part of the IP block meaning if you're internal IP address starts with 192.168.x.x so would their's. If you had a 10.10.10.x, so they would also, otherwise they would not have acces to your machine. while I think what they demonstrated is ligtimate, the conidtions they demonstrated it under have to be exactly right, which will not be the case for most of us.

[Tomchu]

Falsely believing that the exploit is bunk and will not affect you is the worst possible thing to do with regard to computer security.

If the exploit exists on the network media level, as opposed to a TCP/IP level, then they're correct when they say that the computer doesn't have to join a network in order to be taken over. Not having an IP address is not the be-all, end-all of connectivity. Your wireless card is constantly listening and communicating with access points, even when you haven't joined a network.

[Angus_D]

They're putting their necks on the line by announcing this so publicly. If it's bull, then their reputations are going to be severely dented. I say it's probably a serious issue.