All the latest UK technology news, reviews and analysis
|
|
|
03 Aug 2006
A security researcher showed how an Apple MacBook can be compromised through poorly coded wireless drivers.
In a presentation at the Black Hat security conference in Las Vegas, David Maynor, senior researcher at SecureWorks, showed a video demonstration of how a MacBook could be hacked by a nearby Dell laptop.
The demonstration was done via video, rather than live, to prevent anyone in the audience capturing the method of the attack.
"Don't think, however, just because we're attacking an Apple that the flaw itself is in an Apple. We're actually using a third party wireless card," Maynor said.
For the demonstration, Maynor set up a fake access point on the Dell laptop for the Macbook to log on to. However, he stressed, for the attack to work, the victim's machine doesn't need to be associated or authenticated with an access point.
The attack exploits poorly coded device drivers on the Apple system.
After running a script on the Dell machine, Maynor had complete control of the MacBook and was able to read, create and delete files on the compromised system.
"Although we attacked an Apple, the flaw's not specific [to] the Apple operating system as we used third party hardware," Maynor commented.
"This type of flaw will by systemic across all operating systems and hardware and the only way to prevent it is proper testing."
The full video of the Apple MacBook hack is available on the Washington Post Security Fix blog.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
A leading global provider of critical information to...
Playstations and table football in the kitchen? Standard...
Systems Engineer - 2nd/3rd Line Support - Microsoft OS...
A leading global provider of critical information to...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Sheesh! Why does everyone miss this?
"We're actually using a third party wireless card" Why is that? Oh yeah, won't work with the PRE-INSTALLED card! They took this beautiful machine, opened it up (voiding the warantee), removed the $100+ Airport Card and replaced it with some off brand piece of crap that was only barely compatble with the drivers for the Airport card. These drivers were custom made to connect the Airport Card to OS X. This security flaw he just had to dmonstrate on a mac will not work on a mac that hasn't been internally misfigured. Grow up!
Posted by: John M Sage 16 Aug 2006
So mac is no more secure than anything else
What a shock! Apple will be forced to eat its words after claiming that it does not suffer security problems like other OS's. If Apple had the same installed base as windows they would find allot more flaws.
Posted by: Neil 04 Aug 2006
Wrong, you do have to join!
Please watch the video again, he clearly had to voluntarily join the hostile network. He can poll a machine that is seeking networks and even find out information about that wireless card but he could not have done ANYTHING unless the user actually engaged the network. Thanks for the generally unbiased review unlike other idiots although a more apt title would be "Computer hacked through wireless network" I know it doesn't carry the same weight but he is clear in the video that this is a universal wireless driver issue.
Posted by: Ed Crelin 04 Aug 2006
Is it Apple's fault?
Is the flaw in code written by Apple? >The attack exploits poorly coded device drivers on the Apple system. Or is the flaw in the 3rd party driver? If so, then why mention Apple? Every Apple now shipping comes with Apple brand wireless. It's an important distinction that the author leaves unmade. >"This type of flaw will by systemic across all operating systems and hardware and the only way to prevent it is proper testing." How will testing prevent anything? Fixing the code might help.
Posted by: Lee Campbell 03 Aug 2006
OS X or Windows
The story didn't say whether the MacBook was running OS X or Windows. And it didn't say who was responsible for the poorly written driver? Did the driver come from the Bootcamp CD? If the machine was running Windows and the driver was written by a third party, what have you proved? That a motivated computer could infect his own computer?
Posted by: get this get that 03 Aug 2006