Slashdot Mirror

← Back to Stories (view on slashdot.org)

MacBook Wi-Fi Hijack Details Finally Released

Posted by Zonk on from the strange-tale-of-patch-10.4.8 dept.

Wick3d Gam3s writes "Hacker David Maynor attempted to put the strange tale of the Macbook Wifi hack to rest, and offered an apology for mistakes made. All this and a live demo of the takeover exploit was made at a Black Hat DC event yesterday. Maynor promised to release e-mail exchanges, crash/panic logs and exploit code in an effort to clear his tarnished name. Said Maynor: 'I screwed up a bit [at last year's Black Hat in Las Vegas]. I probably shouldn't have used an Apple machine in the video demo and I definitely should not have discussed it a journalist ahead of time ... I made mistakes, I screwed up. You can blame me for a lot of things but don't say we didn't find this and give all the information to Apple.'"

4 of 82 comments (clear)

  1. Re:Crash? I thought the original claim was... by AchiIIe · · Score: 5, Interesting

    That is correct, the original video was faked... They prob were close but did not want to wait.
    Here is a video I made debunking their proof: http://video.google.com/videoplay?docid=1468187717 11399295&hl=en
    My guess is that they got a buffer overflow but had not yet found the correct location in memory to write their shellcode. They still have not...

    --
    Nature journal lied in Britannica vs Wikipedia Ask to retrac
  2. Re:Crash? I thought the original claim was... by CaymanIslandCarpedie · · Score: 5, Informative

    Not taking any sides here, but here is what he has said about this (and other issues) from his blog

    I thought you said it was a hijack yet you only showed a DoS.
    Yup, I showed a crash. I didn't feel the need to do the do the entire hijack for two reasons: Apple already confirmed that this vulnerability leads to remote code execution (they said so in the advisory here). Everybody that was running a sniffer during my talk now has a copy of the DoS code. The demo had two parts. I showed the crash happening on a 10.4.6 machine since it didn't have any of the airport patches. I then rebooted into 10.4.8 and the crash no longer happened. I did this to prove that the Airport patches issued on Sept 21st, 2006 fixed the problem I was demoing. The only real change to airport code was the security fixes that were issued.

    You just reversed the patches and found what you then showed on stage.
    I find this to be a funny argument. If I have the skills to reverse the patches and do a binary difference analysis of them, why couldn't I use those same skills to find the bugs in the first place (they weren't hard to find). This argument also doesn't take into account the fact that I showed that the first crash of the exploit occurred on Jul 15th, 2006, or emails to Apple helping them build a wifi auditing box (A linux machine with madwifi patched with LORCON) and pointed them to a vulnerability that was fixed in their patches (a problem with overly long SSIDs). The picture below is from the day I bought the Macbook, July 15th 2006. This crash occurred because I was fuzzing other devices and the Macbook crashed before I got to run the initial setup.

    --
    "reality has a well-known liberal bias" - Steven Colbert
  3. Re:Proof in the pudding by TPIRman · · Score: 5, Insightful

    This is the same bullshit please-connect-the-dots-for-me reasoning that Maynor has come up with all along. The question at issue is not whether there was a bug that allowed remote code execution. Yes, Apple has said as much. The question is whether Maynor had actually discovered such a bug. So far he has done nothing to dissuade objective observers that he's anything but an attention-grabbing fraud.

    Doesn't it strike you as the least bit shifty that Maynor, eager to clear his name and prove that he was right, suddenly doesn't "feel the need" to demo the hijack he originally claimed? Oh, but don't worry, he could hijack the MacBook if he really wanted to! According to Maynor, Apple has been lying and covering up through this whole ordeal, but now we are supposed to essentially take Apple's word for it that his crash demo = hijack. Please.

    Let's apply Occam's Razor here. Did Maynor fail to demo a hijack -- despite the fact that it would restore at least some his credibility -- because he thought it was just as convincing to piece together circumstantial evidence from Apple press releases? Or did he fail to demo a hijack because he can't? Are we supposed to believe that after all this time and humiliation, Maynor really doesn't "feel the need" to back up his inflammatory words? I don't buy it, and I don't see how any rational observer can.

    As the GP said, the proof is in the pudding -- all we've got here is a box that says "pudding mix, really!" and a promise from Maynor. Same as before. The guy is a charlatan.

  4. Re:The important point: by veganboyjosh · · Score: 5, Funny

    Theory and practice are two completely different things.


    not in theory.