|
|
Wirelessly Hacking a Macbook
|
|
|
|
Fresh-Faced Recruit
Join Date: Aug 2006
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2002
Location: Washington, DC
Status:
Offline
|
|
"Now, don't think, however, just because we're attacking an Apple, that the flaw itself is in Apple--we're actually using a third party wireless card."
|
"One ticket to Washington, please. I have a date with destiny."
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status:
Offline
|
|
Originally Posted by SpaceMonkey
"Now, don't think, however, just because we're attacking an Apple, that the flaw itself is in Apple--we're actually using a third party wireless card."
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.
I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.
(emphasis mine, source)
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jun 2003
Location: Newport News, VA USA
Status:
Offline
|
|
Only allow your Mac to join specific networks.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 2004
Status:
Offline
|
|
Yeah maybe you just didn't realize or clearly read THE HACK. IT WORKS WITH ALL AHTROS BASED wifi cards.
FIRST they DID NOT USE THE BUILT IN WIRELESS IN A POWERBOOK OR MAC. THEY HAD TO USE A 3RD PARTY CARD. THE HACK ONLY WORKS IF YOU USE A 3RD PARTY CARD.
Only PC users, use 3rd party wireless cards, seriously the hack was pointless...
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
Well, according to the guys that made the video, it works with the internal card as well. Of course, we only have their word for it since they didn't demonstrate it, but since I don't know one way or another, I'm not going to assume they're lying.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2002
Location: Washington, DC
Status:
Offline
|
|
Originally Posted by mduell
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.
I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.
(emphasis mine, source)
So, as a vendor worried about ticking off Apple, they promised Apple that they would downplay the Mac vulnerability angle, yet they still blabbed about it to...a reporter? Yeah, ok, that sounds likely.
|
"One ticket to Washington, please. I have a date with destiny."
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status:
Offline
|
|
Originally Posted by SpaceMonkey
So, as a vendor worried about ticking off Apple, they promised Apple that they would downplay the Mac vulnerability angle, yet they still blabbed about it to...a reporter? Yeah, ok, that sounds likely.
It seems to have worked out well for Apple, since plenty of people think their Macs aren't vulnerable.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2005
Status:
Offline
|
|
Originally Posted by mduell
It seems to have worked out well for Apple, since plenty of people think their Macs aren't vulnerable.
Indeed. Have you noticed the outright denouncing and denial of this exploit among the Mac community? I have, and it's pathetic.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Nov 2000
Location: Toronto, Ontario
Status:
Offline
|
|
Originally Posted by Tomchu
Indeed. Have you noticed the outright denouncing and denial of this exploit among the Mac community? I have, and it's pathetic.
I find it more pathetic that some take this so called "reporting" (i.e: hearsay) as proof that all Macs with Airport cards are vulnerable. Until someone concretely demonstrates this and shows all of the steps necessary to do so, I won't believe that this vulnerability affects anything other than what it was demonstrated to do so.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Feb 2000
Location: Washington, DC
Status:
Offline
|
|
Originally Posted by Tomchu
Indeed. Have you noticed the outright denouncing and denial of this exploit among the Mac community? I have, and it's pathetic.
I think many of them feel targeted.
I'm tired of their being a general OS independent (Windows and OS X, etc.) flaw... and Slashdot saying "the Mac is vulnerable!!!"
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Macs have NEVER been "invulnerable." They've been left alone by the majority of hackers because they can cause more trouble by attacking the larger Windows population (and Microsoft hasn't made their task harder by much, either). But the feeling of invulnerability the Mac community has has always been erroneous. Bad habits, thoughtless surfing, and otherwise poor security practices on the part of Mac users WILL cause them grief, sooner or later. This is just an example of how it's getting to be sooner.
Still, if the AirPort card/driver system IS vulnerable to this exploit, why didn't they demonstrate that too? Was it pressure from Apple, or boasting on the hacker's part?
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Apr 2001
Status:
Offline
|
|
This exploit is real and very serious.
What was not highlighted by the press though was that this vulnerability affects almost ALL wireless drivers, including those for Windows/Linux systems.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2001
Status:
Offline
|
|
Originally Posted by wadesworld
This exploit is real and very serious.
What was not highlighted by the press though was that this vulnerability affects almost ALL wireless drivers, including those for Windows/Linux systems.
Yeah but there's something really fishy. WHY, if the vulnerability affects the built-in wireless, did they use a 3rd party card for this purpose? Given that pretty much every portable Apple ships comes with built-in wireless? Very, very fishy.
And it really hasn't been verified yet, save this video.
Not saying it's impossible, but it's strange. And sure, not joining unknown wireless points would be a good (and sufficient) preventative measure.
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Oct 2005
Status:
Offline
|
|
who cares about this? i mean really whats the major siignificance of illustratinig this?
wow it got hacked so what.
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Originally Posted by Javizun
who cares about this? i mean really whats the major siignificance of illustratinig this?
wow it got hacked so what.
Would you say "so what" if your computer were the next target? And everything personal on it was subject to theft? And someone else could use it to do illegal things-like send kiddie porn to a server, or organize a terrorist attack? No, it's important IF it's real and confirmed by third parties.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Jul 2006
Status:
Offline
|
|
Originally Posted by ghporter
Macs have NEVER been "invulnerable." They've been left alone by the majority of hackers because they can cause more trouble by attacking the larger Windows population (and Microsoft hasn't made their task harder by much, either). But the feeling of invulnerability the Mac community has has always been erroneous. Bad habits, thoughtless surfing, and otherwise poor security practices on the part of Mac users WILL cause them grief, sooner or later. This is just an example of how it's getting to be sooner.
Still, if the AirPort card/driver system IS vulnerable to this exploit, why didn't they demonstrate that too? Was it pressure from Apple, or boasting on the hacker's part?
Do you really believe that hackers are leaving the Mac alone simply because they are a small portion of the consumer PC market? I've heard this argument for quite some time now, and, frankly, it loses when we see how much coverage a hacker gets for even mentioning a Mac, let alone releasing malware for one. The fact is, people who do this sort of thing usually have a specific goal in mind, and that's gaining a little bit of fame. Right now, writing a piece of malware for Windows does very little for that. The same is not true for the Mac. Write a Mac virus, worm, etc. of one kind or another, and you get exactly what you are looking for.
The fact that the Mac has a small market share has little, if anything anymore, to do with the fact that writing malware is not as easy as it is on Windows. Yes, Windows is a larger target, and that counts for something, but it doesn't explain the fact that there is not a single piece of malware in the wild for the Mac. I would certainly expect the malware to be less, yes, but nonexistent...that's harder to swallow.
|
Dennis R. Metzcher
MyMacBlog.com: My experiences with the Mac OS, a switcher's point of view. With a new Mac tip each week day.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|