CrunchGear

Every article I saw on the exploit from day one made it clear that this was a hack of a third-party driver, that would work on any system. They said at the time that the only reason they used a Mac was because of the smugness of Mac users.

Why are you, and practically every other site on the web, now acting as though this was sold as something it wasn’t? The third-party driver can still be hacked on a Mac, right? There isn’t some special Apple security feature that keeps the exploit from working when it would work on a another company’s PC, is there?

This exploit is exactly what it was represented to be. Why turn around an spin it as a lie?

Eh, Mr. Lloyd: why would you use a third party driver on a Mac…?

If by “Day One” you mean this story:
http://blog.seattlepi.nwsource.com/microsoft/archives/105520.asp
Which was posted on “Day One”, feel free to point out where they mention third party drivers and cards being used. Or did you somehow miss this one?

Or maybe the CNET article here?
http://news.com.com/Breaking+into+a+laptop+via+Wi-Fi/2100-7349_3-6101523.html?tag=nl
Hmmm…can’t see any mention of them using a third party driver or card there either. But I guess CNET isn’t a major source of news.

Ok, maybe here, since this WAS the major article, as it was provocatively titled: Hijacking a MacBook in 60 seconds (although this was technically Day ZERO):
http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html

“The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s wireless “device driver”

Nope, nothing there either. It was not until subsequent posts and comments where the author clarified that 3rd party drivers and cards were used in this instance.

here? http://www.neowin.net/index.php?act=view&id=34394
or here? http://blogs.chron.com/techblog/archives/2006/08/smugness_thy_na.html
or this one? http://wifinetnews.com/archives/006815.html
or here? http://www.geeknewscentral.com/archives/006324.html

at least ABCnews got it right:
http://abcnews.go.com/Technology/wireStory?id=2266507 albeit in a brief one line note.

So if by “every article you saw on on the exploit from day one” you meant this one, then yeah.

Maybe we just read different articles.

oh, and one more thing…

for all we know, the MacBook, MacBookPro, PowerBook, iBook, and Apple Portable can all be hacked as (not)described by the two researchers. We don’t know for sure, and won’t until they release more data, and/or proof.

What do we know? The initial news reports of this issue were misleading, overhyped, and sensationalized, from the headlines to the stories to the comments. No one doubts wi-fi has some serious security issues; this story however, did nothing to shed real light on the issue. Yet.

Oh, and we also know that, at least “on day one”, not everyone reported clearly that 3rd party drivers or wireless cards were used in lieu of the MacBook’s native driver and internal card.

I attended both Defcon and Blackhat this year, and saw both instances of the Cache/Maynard talk.

And neither talk did they ever claim that their demo was anything other than an example of a third party card (and , consequently, driver) on Mac. Calling their effort ‘deceptive’ is not supported by the facts.

What is the case though is that numerous media reports of the initial evident were pretty friggin’ sensionalist (e.g., “Macbooks hacked!”, etc.).

What no one knows is whether there are real, live vulnerabilities in any Apple native drivers. Apple claims they haven’t gotten a report of any such vulnerability, but tech PR would never make a statement just to make security researchers look bad, right?

OMG DID ANYONE EVER REMEMBER WHEN THE GUY SAID IN THE VIDEO THIS IS NOT MAC SPECIFIC AND THAT THEY WERE USING THIRD PARTY HARDWARE!!!!!!!!!

Whered you get the inspiration to write this article hmm maybe from something people knew 3 weeks ago.

Mr. Koehntopp, for the same reason you would use a third party driver on any system. There is not some magical field that causes hardware to bind together through fairy magic as soon as it gets within 2′ of a Mac. OSX uses drivers just like Linux, BSD, or Windows. Just because Apple works hard to hide the fact that it is using drivers from the user, doesn’t mean it isn’t, and doesn’t mean Apple wrote the driver for every single piece of hardware supported by their OS.

This was a driver hack. If you use hardware that uses this driver (as far as I can tell regardless of OS) then you are vulnerable to this exploit. The whole point of the demonstration using a Mac, was to point out that Mac users do not have some special invulnerability field, just because there is an Apple on their case.

i cannot believe cruch gear made such a bad job of relaying … But here is the full story .

The hacker dudes said they were using a 3rd party driver vulnerability initially .. They also made the claim that such a vulnerability exists in *most* wireless devices. (wow ! that is a big jump )

Soon a followup in washington post said that the same vulnerability exists in the airport card .. wtf !( “During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yet” http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html

Now as it turns out (and Read the tuaw article at http://www.tuaw.com/2006/08/18/secureworks-admits-to-falsifying-macbook-wireless-hack/ ) they did not find a airport vulnerability and are not releasing the name of the vulnerable 3p driver used … For all we know the 3p driver hack was created using an open source driver and then *adding* a vulnerability there !

btw for all u winheads out there. the only wireless used by 99.99999% of mac users is airport … sure we dont have choice … But hey it works and works gr8 so who gives a f*** !

So let me get this straight, the Washington Post misreports the story, a bunch of sources just parrot the Washington post without seeing the demo themselves, or even bothering to watch the video, and so the guys who did it are a bunch of liars, even though they say up-front in the demonstration that this is a WiFi driver hack that is not OS dependent.

Got it, anything to be able to pretend that this was all a lie I suppose.

Oh, and Yuva Mani, you obviously don’t have much experience with Macs in a professional enviroment, because no, 99.99999% of them do not use Airports for WiFi, they use the same Linksys and Netgear hardware the PCs in the building are using.

L.M. Lloyd, I don’t know if Yuva Mani has any experience with Macs in a professional environment, but I do.

Airport is also the name for the internal Mac wireless cards as well not just the wi-fi router family, and as such, is probably used in most, if not all Macs, seeing as they come as standard equipment. Google “Airport Card”, or even better, just visit Apple’s Store and check out all the Notebooks. Yep, they come with Airport Extreme.

As someone with a lot of experience with Macs in a professional environment like you do, I’m surprised you don’t know that.

In case you haven’t heard, Apple makes more than just laptops. In fact, they have a professional desktop unit that, surprisingly enough, is one of the more popular Apple units for professional environments. Those units do not come with wireless standard, as is also true of many of the older Apple computers still in service.

Of course, maybe we just work in different “professional environments” because I don’t know anyone who does business purchasing of hardware at an Apple store.

I never said that the Airport wasn’t used “the most.” However, there is a big difference between “the most” and 99.99999% of the time.

I really find this whole “they lied, there is nothing wrong with the Mac, and even if there is, so what it won’t effect anyone, so who cares” line of argument distasteful, and childish.

It is a security flaw in a network card driver. I don’t care if there is only a single computer, or ten million computers effected, it is still a flaw. Had they done the same demonstration on a Dell notebook (which I believe at Defcon they did) no one would have said “well it doesn’t matter, because that isn’t the card Dell ships.” No, it would have been, and was, taken as another security exploit to look out for. However, they dare to violate a sacrosanct Mac, and suddenly they are a bunch of liars, because a mainstream paper did a bad job of reporting the story, and a bunch of other lazy reporters filed a story about the story, instead of doing any research.

Once again, the whole point of demonstrating the exploit on a Mac was to illustrate that there wasn’t some special feature of OSX that made it any more secure from this exploit than Linux or Windows, or any other OS. To squabble over what the likelihood is of the particular chipset involved being in a Mac is quite simply a rationalization to try and pretend that the exploit doesn’t exist on the Mac. For all I know, there isn’t any computer by any manufacturer that actually ships with this chipset, that doesn’t change the fact that it is a possible exploit.

There are plenty of possible, and quite common, scenarios where for one reason or another, someone uses a different network adapter than what shipped with their system, regardless of what logo is on the case. That is where an exploit like this becomes relevant to any computer user.

To me there is just one issue: Is the MacBook, as shipped by Apple, hijackable in 60 seconds, or isn’t it? If it is, thats a real problem for me and other MacBook users, not to mention Apple.

Unless you purposely install whatever 3rd party driver they attacked, no, the MacBook is not hackable using this exploit. I doubt that driver applies to the stock airport card, so you probably would also have to get that specific usb 802.11 adapter. (I assume its not the airport because the linux-on-apple projects have had trouble getting access to code needed to support the airport internal cards)

-RS