Less Than a Minute to Hijack a MacBook's Wireless

Kadin2048 writes "As reported by Ars Technica and the Washington Post, two hackers have found an exploitable vulnerability in the wireless drivers used by Apple's MacBook. Machines are vulnerable if they have wireless enabled and are set to connect to any available wireless network, fairly close to their default state, and the exploit allows an attacker to gain "total access" -— apparently a remote root. Although the demo, performed via video at the BlackHat conference, takes aim at what one of the hackers calls the "Mac userbase aura of smugness on security," Windows users shouldn't get too smug themselves: according to the Post article, "the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS." Ultimately, it may be the attacks against embedded devices which are the most threatening, since those devices are the hardest to upgrade. Currently there have not been any reports of this vulnerability 'in the wild.'" According to this story at ITwire.com, they were able to exploit Linux and Windows machines, too. (Thanks to Josh Fink.)

Third party wireless card?

[snackdog]

In the video he uses a third party wireless card. Are other cards, such as the built-in card, similarly vulnerable?

Re:Smug Mac users?

[rahrens]

First of all, can the hostility. This is not about yer manhood.

Second, this really isn't Apple's fault. It is the fault of their vendor that made the card and wrote the software driver for it. One of the main arguments of the "Windows fanboys" is that driver issues are not Microsoft's fault and that environment richness is one reason why they shouldn't be totally blamed for instability.

Well guess what? So that particular bug finally bit Apple. Do ya know what we'll do? Take our new wireless Mighty Mice and go to the Airport menu on the menubar and turn Airport off when we're not using it. Apple will undoubtedly issue an update to fix it any second now...

And in response to another comment made in another earlier post - Mac OS X does not enable root by default. These guys were very imprecise as to what they mean by total control. They also don't explain what they mean by "not quite default settings". So how IS the target Mac configured? Did they change the default from "ask permission before logging into open network" to "login automatically?" That makes a difference! Plus, the current user may not be logged in as an admin. Do they mean they can get admin rights even if the current user isn't? Or do they mean they can get total control of the machine under current user privileges? They really don't explain, leading me to conclude that they aren't that familiar with OS X, or aren't concerned with details, just grandstanding for headlines.

Yes, this IS a serious issue, but I'd like a few more details of how the target was configured and just what they mean regarding gained privileges, given that root is NOT even activated by default in OS X.

Security is your responsibility

[Bullfish]

Now that all the bashers have had their fun, can we acknowledge that there is no such thing as a 100% secure computer of any sort as long as it is connected to a public network. I know it is not as fun, and takes the joy out of OS/hardware parochialism but it is true. As well, the behaviour of goofy users is neither Bill's, nor Steve's nor Linus's fault and there is not much they can do about it.

I have run windows machines since 3.1 and DOS before that and never had problem. On the other hand I have shown people (relatives, friends etc) how to secure and maintain their machines and the next week I find them back to doing their own self-defeating behaviours.

Someone found an exploit. Whoop-de-do. There will always be exploits found for all systems that people can screw with. There is almost always a way to secure against it. Almost always a large group of users ignores what is good for them and their machines and gets burned. Frankly, the platform matters less when it comes to these things than the user's behaviour.

Re:the Bottom Line

[ummit]

As long as you are connected to a network, you are not safe.

Sadly true, though it's just as true that as long as you're alive on planet Earth, you're not safe, either.

Get off this whole "my OS is more secure than your OS" crap.

But, um, some OS'es *are* more secure than others.

Realize that you are vulnerable and take the correct steps to protect yourself.

I'm curious to know what "correct steps" you have in mind.

If it's "use an antivirus scanner", that's a retarded or at least suboptimal strategy, because antivirus scanners are of course imperfect (they'll never make you perfectly safe, either), and at any rate all they do is patch over the fact that an OS that needs them has a fundamentally flawed security model.

If it's "disable all the services you're not using", that's a pretty retarded strategy, too, because they should have been turned off by default, and the advice should really be phrased "don't enable anything you're not using."

For me, one of the biggest "correct steps" is, "use OS'es that take security seriously and have a decent security model". So of course I don't use Microsoft OS'es. I'm sorry if that's an example of the "my OS is more secure than your OS" crap, but really: it's at least as valid a strategy as "use an antivirus scanner".