The Black Hat Wi-Fi Exploit

Joe Barr writes to tell us that while many have heard that an Apple was exploited in order to install a rootkit at the recent BlackHat security conference, most people don't know the details of how it works. This is no mistake, it seems that the researchers who demonstrated the flaw were intentionally vague. Some theorize that this is in response to the real or perceived threat of legal action similar to the situation with previous Blackhat presenter, Michael Lynn.

Equal opportunity sploit

[wolfdvh]

I heard the presentation when it was repeated at DefCon and what was not vague was this exploit was at the card driver level below the OS, which is why it would work against any OS. They said they chose to demonstrate it on Apple rather than Windows because they thought if they'd used Windows, people would say "Of course, it's Windows, what did you expect." so by demonstrating it on a more "secure" (Mac) OS people would realize it was not just a Windows thing. Unfortunatly, now everybody just thinks its a Mac thing.

Bottom line, assuming the demo is not a hoax, it will work against *nix, Windows, and Mac equally.

Re:Flogging a dead Story

[pchan-]

Yes, you're exactly right. There's nothing to this story at all. ...Oh wait. What's this on Bugtraq? Let me paste the headline for you:

Intel PRO/Wireless Network Connection Drivers Remote Code Execution Vulnerabilities . Look at that, a remotely exploitable security hole in the Wifi driver. Anyone using one of these things is vulnerable if they have not upgraded their Wifi drivers, regardless of OS. This was disclosed by the vendor (Intel).

Intel PRO/Wireless Network Connection drivers are prone to multiple remote code-execution vulnerabilities.

An attacker within range of a vulnerable Wi-Fi station can trigger these issues to corrupt memory to execute code with kernel-level privileges.

A successful attack can result in a complete compromise of the affected computer.

I guess you were right. No facts, just theories.