Less Than a Minute to Hijack a MacBook's Wireless

Kadin2048 writes "As reported by Ars Technica and the Washington Post, two hackers have found an exploitable vulnerability in the wireless drivers used by Apple's MacBook. Machines are vulnerable if they have wireless enabled and are set to connect to any available wireless network, fairly close to their default state, and the exploit allows an attacker to gain "total access" -— apparently a remote root. Although the demo, performed via video at the BlackHat conference, takes aim at what one of the hackers calls the "Mac userbase aura of smugness on security," Windows users shouldn't get too smug themselves: according to the Post article, "the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS." Ultimately, it may be the attacks against embedded devices which are the most threatening, since those devices are the hardest to upgrade. Currently there have not been any reports of this vulnerability 'in the wild.'" According to this story at ITwire.com, they were able to exploit Linux and Windows machines, too. (Thanks to Josh Fink.)

Mac Users

[Ramble]

And in the background we hear 1000 Mac users screaming in horror...

Re:Mac Users

[cbiltcliffe]

What, you mean all of them? Come on! I'm sure a few of them wouldn't have read this story!

(For the humour challenged among you, this is a joke. I know there are a lot more than 1000 Mac users. Only stupid mods mod jokes as trolls and flamebait.)

Re:Mac Users

[marklark]

According to John Gruber of Daring Fireball [daringfireball.net], the affected MacBook was seen to be using a 3rd party wireless card. MacBooks (Pro or not) have wireless built in these days. This is a non-story. And this will probably be fixed soon by Apple for others.

Next?

Re:Mac Users

[Uncertain Bohr]

The title of the article is misleading: the macbook was not hacked using its normal built-in wireless adapter and its Apple drivers. The video (http://www.washingtonpost.com/wp-dyn/content/vid e o/2006/08/02/VI2006080201424.html) of the exploit *clearly* shows and explains that they are using an *external* third party wireless adapter which comes with its own wireless driver. This driver is the culpit and is succeptible to the exploit. The wireless adapter they demoes is widly used with PC laptop and the dri

Did anyone even look at it?

[Trillan]

You don't even have to read the article this time, just look at the site. This vulnerability requires use of an aftermarket wireless card. Who is going to use an aftermarket wireless card on a MacBook with that always comes with built-in wireless?

That's ridiculous

[Spy Handler]

My Powerbooks is safe. Apple is so much more secure than ^.#$ pwned u n00b wahaha

Re:That's ridiculous

[Ohreally_factor]

Dammit! I was hoping that the fact that I was still on a G4 PB would preserve my smugness! I guess this means I'm going to have to install an cat5 into the bathroom with a port next to the throne.

C'mon, don't tell me you've never taken your laptop to the "reading room".

Actually, your Powerbook probably IS safe!

[mrchaotica]

MacBooks use different wireless drivers (because they have Intel wireless chips). Your Powerbook has the old Airport card; unless there's also a similar flaw in it, it's safe.

Re:Actually, your Powerbook probably IS safe!

[larkost]

Actually.... they are not using the onboard WiFi for the attack at all. They are using an external WiFi adapter, and since they are using a MacBook (in the video it is a black computer with an Apple... that means a MacBook) that almost definitely means they are using a USB adapter.

So MacBooks are not normally venerable to this sort of attack: they went out of their way to introduce third-party hardware that opened the door to the attack. I am not saying that Apple should not work to close even that door, bu

Re:Actually, your Powerbook probably IS safe!

[larkost]

Of course... just after I post this becomes available (new to me anyways). So it looks like it only being a third-party driver exploit was a red herring: the built-in chipset is venerable, and Apple is aware of it and already working with the vendor for a solution. [washingtonpost.com]

Re:Actually, your Powerbook probably IS safe!

[mrchaotica]

Hey now, I didn't say that -- Macs are by no means perfect. My old iBook, for example, is much slower and heavier than it would have needed to be if it were an x86. My new iMac is flawed because it contains a TPM (my G5 iMac broke; this was the warranty replacement -- if I had had a choice, I probably wouldn't have bought it).

So yeah, Macs have flaws. It's just that security (compared to a Windows PC) isn't one of them.

Re:Actually, your Powerbook probably IS safe!

[elrous0]

Thank God, for a second there I thought my status symbol might be fading.

It was bad enough when all this "oil crisis" nonsense ruined my H2 Hummer for me. Overnight I became "guy who's supporting terrorism." It was so much better when I was just "guy with a small penis."

-Eric

Re:That's ridiculous

[Mister Whirly]

"How do you know exactly? Viruses, trojans, and rootkits should be undetectable."

With "undetectable rootkit detection software", duh....
Unless the rootkit has an "undetectable rootkit detection software" detector and tries to disable it, then you need "undetectable rootkit detection software detector detector software" to disable the rootkit's detector - no big deal..

Smug Mac users?

[Whiney Mac Fanboy]

takes aim at what one of the hackers calls the "Mac userbase aura of smugness on security,"

Expect to see plenty of post below, with this exact attitude. Many will begin by saying "This is not a virus" or noting you need proximity to take advantage of this flaw.

Re:Smug Mac users?

[TheRaven64]

Well, to be fair, this is not the default behaviour for OS X. It will prompt you before connecting to an untrusted WLAN.

It does, however, make me feel very smug as an OpenBSD user who has had to put up with Linux users telling me that running blobs in ring 0 is the 'pragmatic' thing to do.

Re:Smug Mac users?

[Whiney Mac Fanboy]

Well, to be fair, this is not the default behaviour for OS X. It will prompt you before connecting to an untrusted WLAN.

You don't need to connect to be exploited.

It does, however, make me feel very smug as an OpenBSD user who has had to put up with Linux users telling me that running blobs in ring 0 is the 'pragmatic' thing to do

Hmmmmn, while I agree that openBSDs security is superior to linux's in almost every way, I've never really understood the POV of someone who feels superior for using an O/S (Theo ha

Re:Smug Mac users?

[KingArthur10]

True, you don't need to be connected to the WAP, but you do need to be in automatic association mode, which it is not in by default unless it detects a trusted WAP.

Re:Smug Mac users?

[Shanep]

Hmmmmn, while I agree that openBSDs security is superior to linux's in almost every way, I've never really understood the POV of someone who feels superior for using an O/S (Theo has the right to be smug tho')

I think a little smugness could be allowed, when a lot of people just put up with the wrong way of doing things, or put up with being trodden on by vendors, when the vendors should be at OUR mercy when it comes to their success. A few people (the smug) demand things be done right, securely and openly a

Re:Smug Mac users?

[Billosaur]

Many will begin by saying "This is not a virus" or noting you need proximity to take advantage of this flaw.

Well, they would be saying that, if someone hadn't gone and corrupted their MacBooks via wireless exploit...

Marketing...

[Savage-Rabbit]

Expect to see plenty of post below, with this exact attitude. Many will begin by saying "This is not a virus" or noting you need proximity to take advantage of this flaw.

Don't exepct all Mac users to be as dumb as the Apple marketing people who started playing the "Macs are more secure than...." card without checking with the nerds in Apple's development division first. If they had bothered to do so they would probably have been told that is not a good idea. That whole Get a Mac [apple.com] ad campaign acutally makes m

Re:Smug Mac users?

[Durandal64]

Expect to see plenty of post below, with this exact attitude. Many will begin by saying "This is not a virus" or noting you need proximity to take advantage of this flaw.

Actually, they'll be pointing out that there the flaw is not in Mac OS X or even AirPort. It's in a third-party wireless card. And since MacBooks and MacBook Pros have AirPort built-in, what Mac user is going to buy a vulnerable card? The article was completely disingenuous, and the researchers were basically dickheads. Cool exploit, but

Re:Smug Mac users?

[rahrens]

First of all, can the hostility. This is not about yer manhood.

Second, this really isn't Apple's fault. It is the fault of their vendor that made the card and wrote the software driver for it. One of the main arguments of the "Windows fanboys" is that driver issues are not Microsoft's fault and that environment richness is one reason why they shouldn't be totally blamed for instability.

Well guess what? So that particular bug finally bit Apple. Do ya know what we'll do? Take our new wireless Mighty Mic

Re:Smug Mac users?

[elrous0]

this really isn't Apple's fault.

As much as I hear that phrase, Apple should make it their part of their logo.

-Eric

Re:Smug Mac users?

[Anonymous Coward]

Mac OS X does not enable root by default

Network drivers run in kernel mode, and an exploit in kernel mode gives full control of the system to the attacker. The privileges of any user processes running on the machine are neither here nor there.

Re:Smug Mac users?

[moyix]

I'm going to guess that this is a full-blown root compromise. There have been rumblings for several weeks now about new attacks against wireless drivers themselves, and this Blackhat presentation seems to be the public release of that research.

But...

[jo_ham]

Does this exploit run on Linu......

never mind.

Linux Wireless

[hyfe]

Does this exploit run on Linu......

Nobody knows, they couldn't get wireless up and running on it.

Requests for testing have been sent to the guy in California who were rumoured to have gotten it running though.

A Mac Exploit

[KodeSlut]

My reality has been shattered. Macintosh computers have been found to be less than perfect! Time to install WinXP.

In related news...

[Kranfer]

In related news, there is an article at ITWire about Intel admitting to a security flaw with their wireless technology as well. Check it out at http://www.vnunet.com/vnunet/news/2161539/intel-ad mits-centrino-wi [vnunet.com]

Uh

[Moby Cock]

takes aim at what one of the hackers calls the "Mac userbase aura of smugness on security

This exploit is OS independent. How is this in any way indicative of Mac user smugness? Are they so smug that they made Windows and Linux boxes explotable too?

Re:Uh

[TheRaven64]

R'ing TFA, I found that the chipset in question is an Atheros. As a Free- and OpenBSD user, this made me feel incredibly smug since, unlike Linux, the OpenBSD driver (now ported to FreeBSD) for Atheros cards is entirely blob-free (and has undergone the same security audit as the rest of OpenBSD) and so is almost certainly not vulnerable to this attack.

MOD PARENT UP!

[mrchaotica]

...and people still wonder why we say "open-source is better."

Re:Uh

[varmittang]

Don't be so smug yet, it still might be and exploit for your machine. I was talking to a wireless security guy a month ago about something like this, and he was telling me that every wireless card has an inbeaded driver for testing purposes before leaving the factory to insure it is working. Essentually this driver is still present after being shipped to whom ever is going to use it, and thus is still around when it makes its way into a computer. I was told that it is possible to invoke this drive since

Re:Uh

[TheRaven64]

was talking to a wireless security guy a month ago about something like this, and he was telling me that every wireless card has an inbeaded driver for testing purposes before leaving the factory to insure it is working

There are two possibilities here. If the testing driver is in the firmware, then it will still be present in OpenBSD. Since the firmware does not run on the host CPU, however, compromising it is only useful if you can then return something to the driver that will be executed, usually be exploiting a flaw in the driver causing it to execute arbitrary code in ring 0.

The other alternative is that this really is a driver you are talking about. In which case, it would not be present in OpenBSD, since the OpenBSD driver is a clean-room implementation and shares no code with the official driver.

And if OpenBSD has no problem and its the OS driver that needs replacing, then Apple will just take your OpenBSD driver and port it to their system, problem solved. That is why they went with BSD, they can borrow from any BSD that is out there.

I'm sorry, but that's not even remotely true. OS X uses IOKit for all device drivers, which is an Embedded C++ API. OpenBSD and FreeBSD use derivatives of the old BSD device API. It is possible to port device drivers between FreeBSD and OpenBSD relatively easily, because the API changes between the two have been small and incremental. If you try 'porting' a network driver from OpenBSD to OS X, then what you are really doing is using the OpenBSD driver as a substitute for real documentation and writing a driver from scratch. Doing this is likely to introduce bugs, since code (even good code) is a poor substitute for documentation.

Re:Uh

[TheRaven64]

There are a few blobs in the FreeBSD tree, although they do tend to port OpenBSD drivers and replace blobs with open drivers when possible. The ath_hal module in FreeBSD now is a port of the OpenBSD driver, and is a drop-in replacement for the blob.

Re:Uh

[TheRaven64]

As I explained above, no. OS X is not 'based off BSD,' it is based on OPENSTEP, which is based on Mach with a BSD subsystem and a BSD userland. The drivers are all handled by the IOKit layer, which is new for OS X. IOKit is a set of Embedded C++ libraries and is very different to other BSD driver APIs (for one thing it's Embedded C++ not C, but the structure is also very different). At best Apple could use the OpenBSD driver as a substitute for chipset documentation and write an IOKit driver from scratch; there is not likely to be very much code that can be shared between the two.

Re:Uh

[Billosaur]

This exploit is OS independent. How is this in any way indicative of Mac user smugness? Are they so smug that they made Windows and Linux boxes explotable too?

No, I think they're really talking about the attitude that some, I say some Mac users have that somehow their machines and OS are invulnerable, the computer equivalent of Fort Knox. I find that people who spend too much time bragging about something often get their comeuppance when someone else more fanatical decides to prove them wrong. Yes, Macs

Re:Uh

[Daniel Dvorkin]

Windows users are always accusing Mac users of smugness, but there's nobody more smug than a Windows user observing that one (1) particular security vulnerability has been found for Macs. This strikes me as akin to someone with AIDS being smug because some previously healthy person has caught a cold.

Re:Uh

[i_am_profiled]

This is exactly what the orignal smug comment was aimed at.

Should be modded +5 Shining Example.

Re:Uh

[PriceIke]

So the author spun it about Macs because of his aura of smugness on security. How refreshing.

Spin

[Kadin2048]

Well, the "spin" was really a result of the way the discoverers demonstated their findings.

The flaw was found in a number of wireless drivers; they purposely chose to demonstrate it (in their video, which I haven't been able to find on the web anywhere) using a MacBook, because of that "aura of smugness."

Apparently their biggest complaint is those Mac/PC Apple ads: "'We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one o

Re:Uh

[rahrens]

1. We claim that our "boxes" are superior because we believe that they are, and we put our money where our mouths are. "Windows fanboys" do too. Does that make YOU smug?

2. We claim that there are no (or few) exploits in the wild BECAUSE ITS TRUE!

3. We look down our noses (at least some of us do, not all) ... when citing features of the Mac OS, because a LOT of us really do know Windows! I support Windows machines for a living, so I am certainly aware of Windows features (and bugs - oh, sorry, THOSE are f

Re:Uh

[rahrens]

RTFA - it says that there are at least two cards in use in Windows boxes that sport the same issue. That means Windows specific drivers...duh.

Please ensure that brain is engaged before putting mouth (keyboard) in gear...

Third party wireless card?

[snackdog]

In the video he uses a third party wireless card. Are other cards, such as the built-in card, similarly vulnerable?

The built-in card IS vunerable

[everphilski]

check Security Fix [washingtonpost.com]:

During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.

Re:Third party wireless card?

[phaxkolumbo]

why would anyone use a third-party card?

Because someone is running a pirated version of OS X on a "beige" PC?

Re:Third party wireless card?

[skingers6894]

Come on moderators - that's at least smile worthy, not troll

Re:Third party wireless card?

[VValdo]

Since every Mac laptop comes with a built-in wireless card, why would anyone use a third-party card

Just off the top of my head:

• Older Powerbooks didn't come with a built-in wireless card. A 3rd-party PCMCIA card may have been a cheaper alternative at the time to the Airport card.
• Older Powerbooks were 802.11b. Someone may be using 802.11g 3rd-party cards for higher speed.
• Many early TiBooks got really terrible reception due to the Titanium enclosure and poor antenna placement. The solution typically sugg

Re:Third party wireless card?

[skingers6894]

I agree. The guy pulls out a macbook - ALL of which have a built in card. No one would be using a third party one. I guess the impact would not have been the same if he pulled out a four year old 'book and had to blow the dust off it first.

This is a driver vulnerability, not an apple one.

Next. /resume smugness .... ahhh my eyes, cigarette ..... burns

Yes, they are

[everphilski]

check my post just above yours [slashdot.org]. Post there and on several other news sites. A macbook by default is vulnurable, its just that Apple was wielding its "beat stick" and told them not to demo it on the internal wireless card.

No fix yet.

More disturbing

[Dachannien]

Even more disturbing, IMO, is the suggestion in the article that Microsoft will become the ultimate arbiter of device driver safety in Vista, by preventing device drivers from being loaded that they haven't checked out and approved.... because we all know that Microsoft are the experts when it comes to detecting and correcting software vulnerabilities.

Re:More disturbing

[Politburo]

I'm surprised that MS isn't including an option to install unsigned drivers, and I bet there will be a backdoor way to do this in Vista. The reason I believe this is that if you can only install MS-approved drivers, it sets up a ton of liability for MS if one of those drivers ruins something. Yeah, it says they're not liable in the EULA, but we'll see how that holds up in court.

Why did they need a 3rd party card?

[VTrain0]

If the flaws are in Apple's drivers, why did they need to plug a 3rd party card into the MacBook? What user would ever plug a 3rd party redundant wireless card into their computer? Presumably, if they could hack Apple's drivers they wouldn't need the other card. All this video shows is a 3rd party wireless card with crappy drivers.

Re:Why did they need a 3rd party card?

[Comboman]

What user would ever plug a 3rd party redundant wireless card into their computer?

Maybe to get 802.11a backward compatiblity? Or to upgrade to 802.11n when it becomes available? I realize upgrading the hardware is a foreign concept to most Mac users but there must be some out there do it instead of throwing away their old Mac and buying a new one.

Apple's wiress drivers are flawed too, read ...

[everphilski]

check Security Fix [washingtonpost.com]:

During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.

( Looks like Apple was wielding a big stick ... )

Re:Apple's wiress drivers are flawed too, read ...

[geekoid]

What, they has two guys in black shirts with messed up hair standing around to beat them up if they used the Mac card?

It makes no sense, and so it sounds like a load to me.

Also, the fact that they go through all this work to find one possible flaw means that Mac owners should still be smug.

No, I don't own a Mac.

Recent Intel Windows WLAN driver vulnerabilities

[frozenray]

Some of these look pretty serious, although there's not exploit circulating yet:

Intel information about affected drivers [intel.com]

Fixes can be found here [intel.com]

3rd party

[Tom]

One should probably mention that they exploited 3rd party drivers and not the ones that the MacBook actually uses.

And I was joking about this on a security mailing list yesterday. I mean, come on: 3rd party drivers that nobody is using anyways because the ones you get with the system are perfectly ok? What's next? Writing the exploitable drivers yourself?

Re:3rd party

[fatrat]

Read Brian Krebs' follow up

http://blog.washingtonpost.com/securityfix/2006/08 /followup_to_macbook_post.html [washingtonpost.com]

Apple 'leaned heavily' on the presenters to make them use a different card. The built in card *is* vulnerable.

Only with third party wireless card

[gnasher719]

Two important facts: Nobody has actually seen an active exploit; there is only a video available. Quite obviously anyone can hack into a Macintosh if it is prepared in the right way, for example by turning file sharing on and allowing everyone in the world access. More important, the video should a Macintosh notebook with an external wireless card. Now how many Macs have an external wireless card? For several years, all the notebooks have been shipping with built-in wireless connection, including the one in the video.

I would suspect that the problem is that a wireless connection can be created without knowledge of the user, and a user who has a Macintosh that was made vulnerable but should be safe because it has no network connection would unexpectedly be unsafe.

Re:Only with third party wireless card

[ZachPruckowski]

Steps to make yourself vulnerable:
1) Buy a 3rd party wireless card
2) Install faulty 3rd party drivers
3) Somehow bless 3rd party card so it's default instead of airport
4) Running as an admin, turn on airport, don't find any preferred networks, join a random one, which happens to be the hacker's.

In short, it's pretty hard to accidentally do this. Also auto-wireless-connect requires you to turn Airport on. It finds trusted/known networks first, and prompts if the network is not previously known. A

Say No to 'closed' drivers

[jkrise]

This actually proves the case for ONLY open source drivers on Linux, and integrated with the kernel. If the h/w vendor wants to support established protocols and differentiate on price and quality, fine. Else, Linux is better off without such dubious vendors spoiling the brand.

And BTW, there ought to be a simple method to avoid Loadable Kernel Modules, and stick with statically linked and built ones, for reasons of security.

Linux rather be Not Yet Ready for the desktop, rather than joining the Desktop bandw

Re:Say No to 'closed' drivers

[PigleT]

Static kernel, for *what* reasons of security? http://www.phrack.org/show.php?p=60&a=8 [phrack.org] is ages old.

> Linux rather be Not Yet Ready for the desktop, rather than joining the Desktop bandwagon, and becoming yet another Patch --> Update --> Service Pack --> Antivirus --> Unstable kind of a desktop OS.

Funny, I thought it's already a continual patch->update cycle without even being reliable on the desktop already.

Re:Say No to 'closed' drivers

[infolib]

Linux rather be Not Yet Ready for the desktop, rather than joining the Desktop bandwagon, and becoming yet another Patch --> Update --> Service Pack --> Antivirus --> Unstable kind of a desktop OS.

Hey this is Free Software! There's no "one" Linux. In this case Debian Stable and Linspire respectively tend towards either side of the choice you present. Granted, there are probably distros out there that are just as desktop-ready as Linspire but more secure, so you may not have to choose at all.

The ISC discussed this yesterday

[pbrammer]

Look for more information on the ISC Web site [sans.org]. Bottom line is this is not an OS issue, rather a "firmware/driver" issue.

Watch the video

[eturro]

The actual video is here [washingtonpost.com].

Macbook pros safe?

[pookemon]

In other news Apple have moved to make Macbook pros [dailytech.com] safer. ;)

It was an external USB Device

[messju]

Maybe It's worth mentioning that instead of the internal airport device they cracked an external USB Wireless Device attached to the MacBook which is IMHO not "fairly close to their default state". (Although that does not tell us anything about the security of the MacBook's airport)

the Bottom Line

[spykemail]

My God people do some research. These guys used a 3rd party card because they don't want to reveal what hardware is vulnerable. As for operating systems, the one (and only) reason they chose to use a Mac was for shock value. Windows and Linux are both vulnerable, though if there are any exploits you can bet good money they'll be on Windows and not Mac OSX or Linux.

This is disgusting. No matter how many stories you run about Mac OSX and how it "really isn't secure" two facts will remain:

1) It's more secure than Windows. There are both less flaws and less exploits. It doesn't matter why, it's still true and, most likely, it will remain true for a long time to come. It's difficult to prove which has less flaws because neither is open source, but I think all of you, no matter how devoted to Microsoft you are, know deep down what would happen if both systems went open source tomorrow. It's very easy to prove which has less exploits, and it makes no difference whether that's because of less flaws, a different user base, a smaller user base, or some combination of the three because the net effect is a safer OS. Even if you disagree with the statement that OS X has less flaws on the basis that you believe it is secretly harboring more crappy code than Windows my second argument still holds.

2) There are almost never any malicious programs of any kind spread among Mac OS X users, unless you count people sharing copies of Windows XP to be installed with BootCamp. This may change in the future, but I doubt it.

Re:the Bottom Line

[cirby]

These guys used a 3rd party card because they don't want to reveal what hardware is vulnerable. ...and then turned right around and said that Apple's hardware was vulnerable, anyway.

Sounds like they need to get their stories straight.

About half of the claims they make about this exploit aren't shown in the video, and much of the rest of the claims are exactly the opposite of what's actually shown ("any open wireless connection," yet they do a connection directly to the hacking computer, and we don't get to

Right

[sheldon]

I'm curious.

This "Fact" you say exists... What evidence do you have to support this fact?

Are you sure it's not merely your opinion?

Re:the Bottom Line

[brkello]

It's exactly this attitude that will burn you guys some day soon. I am not devoted to Microsoft...I am devoted to reality. Mac userbase has been too small to care about. It's beginning to get larger. As long as you are connected to a network, you are not safe. This is true of any OS. Get off this whole "my OS is more secure than your OS" crap. There is no totally secure OS. Realize that you are vulnerable and take the correct steps to protect yourself. Don't say "well, at least I a more secure than

Re:the Bottom Line

[ummit]

As long as you are connected to a network, you are not safe.

Sadly true, though it's just as true that as long as you're alive on planet Earth, you're not safe, either.

Get off this whole "my OS is more secure than your OS" crap.

But, um, some OS'es *are* more secure than others.

Realize that you are vulnerable and take the correct steps to protect yourself.

I'm curious to know what "correct steps" you have in mind.

If it's "use an antivirus scanner", that's a retarded or at least suboptimal strategy, because antivirus scanners are of course imperfect (they'll never make you perfectly safe, either), and at any rate all they do is patch over the fact that an OS that needs them has a fundamentally flawed security model.

If it's "disable all the services you're not using", that's a pretty retarded strategy, too, because they should have been turned off by default, and the advice should really be phrased "don't enable anything you're not using."

For me, one of the biggest "correct steps" is, "use OS'es that take security seriously and have a decent security model". So of course I don't use Microsoft OS'es. I'm sorry if that's an example of the "my OS is more secure than your OS" crap, but really: it's at least as valid a strategy as "use an antivirus scanner".

Re:the Bottom Line

[LMariachi]

the fact is Apple proved this week that OSX can be just as insecure as any XP machine

You have a unique understanding of the phrase "just as." So because someone somewhere can get away with punching Mike Tyson in the face, Tyson is "just as" vulnerable as Pee-Wee Herman?

What no FUD tag already?

[skinfitz]

FUD tag on this story in 3..2..1... oh no wait - this is it.slashdot.org not apple.slashdot.org - maybe it will pan out differently; - this Apple exploit was on the front page for starters which strangely never happens with exploits listed in the apple section for some reason...

The technique would work on all popular OSes

[Col. Kernel]

This is not a Mac/Windows/Linux/whatever issue. It is an OS architecture issue.

This exploit is yet another reason why drivers should be run in user space. I can't think of a popular OS that does this universally... Linux has nooks, which is not the same thing, and Vista is going to run some, but not all drivers as services instead of in the kernel. Network drivers have traditionally been run in kernel mode for the sake of performance... When is security going to trump performance as a design goal in the ma

And Apple scrapped Airport for Intel wireless,why?

[Dcnjoe60]

Maybe the switch to Intel wasn't such a good idea. It seems that while it has allowed me to run Windows on my Mac, it has exposed this abilitly to every Tom, Dick and Harry, too. And Apple scrapped Airport for the Intel wireless chipset why?

Well...

[8127972]

"Currently there have not been any reports of this vulnerability 'in the wild.'"

Now that its been posted on Slashdot, there will be by the end of the day.

I don't believe it.

[WhiteWolf666]

1. It was done on Video, not Live. Show me the code. I want to see this "OS independent" remotely exploit any Wireless card in Promiscuous AP mode.

I want to see this work on Linux, for that matter.

2. It requires your system to be setup to automatically associate with all non-password protected APs. This is not a default setting, either; and none of the Mac users I know run their systems on this setting.

People DO tend to run their systems on "Alert me to all unprotected wireless access points", but that's all.

I don't see why everyone is so willing to accept this vulnerability. Their talking about attacking Atheros drivers on Windows, Linux, and OS X, with at least three independent driver teams working on them, with the Linux one being opensource (Madwifi). Furthermore, I don't see how you would get the same three driver stacks to exhibit the same buffer overrun to root-level excutable code, particularly a locked down Linux.

It's not protecting anyone to hide this vulnerability. Releasing the information now would prove whether or not this is real, and would permit quick resolution to this problem, particularly for the MadWifi people.

Until there's more information, I don't believe it. Even if I did believe it, without any details there's no effective way for me to protect myself. If the attack requires associating with an AP, most systems are not vulnerable. If the attack simple requires scanning avaliable APs, then every system out there is vulnerable unless Wireless is entirely disabled. Either way, it's stupid not to release the details, and reeks of more "Mac's aren't safe! See! Buy Norton Antivirus for the Mac!".

Ha! I've done even better!

[Quiet_Desperation]

I disintegrated a car with my mind!

I have it on video!

Of course, I weakened the car's frame with a blowtorch... and the car was packed with explosives... and there was the whole "lit fuse" thing... but still! I disintegrated a car with my mind. Some anonymous guy with a video says so!

Security is your responsibility

[Bullfish]

Now that all the bashers have had their fun, can we acknowledge that there is no such thing as a 100% secure computer of any sort as long as it is connected to a public network. I know it is not as fun, and takes the joy out of OS/hardware parochialism but it is true. As well, the behaviour of goofy users is neither Bill's, nor Steve's nor Linus's fault and there is not much they can do about it.

I have run windows machines since 3.1 and DOS before that and never had problem. On the other hand I have shown people (relatives, friends etc) how to secure and maintain their machines and the next week I find them back to doing their own self-defeating behaviours.

Someone found an exploit. Whoop-de-do. There will always be exploits found for all systems that people can screw with. There is almost always a way to secure against it. Almost always a large group of users ignores what is good for them and their machines and gets burned. Frankly, the platform matters less when it comes to these things than the user's behaviour.

Wake me when it's trivial and about the mac.

[jpellino]

So these guys take a third party USB wireless card,
on a MacBook of unknown status,
connecting to a specially scripted AP,
and get owner privileges.

Cuz this happens any time you use a Mac.

Oh, and thanks guys for the admonition about proper testing. We'll have to write that one down.
And for pointing out that wireless means there are no wires and you can sit in other chairs.

Hysterical inability to quantify risk

[Catbeller]

Kids: PC's are owned through Windows. This is a fact. Own a PC, get hacked, this is the way it is.

Macs are so secure that A STORY about a third party wireless carded being hacked gets national-level coverage.

The PC owners rejoicing over the Mac's equivalence to their vulnerable platforms are being ridiculous. The quantifiable risk ratio between operating a Windows laptop and a MacBook is practically infinite, as there are no known virii for MacBooks, no known owning of MacBooks, no known security risks in operating a MacBook. At this point, hackers are well aware of a large installed userbase for Apple products, and certainly would attack them. If they could. Obviously they can't.

Silly people. Don't forget to run your virus and spyware checkers today. And back up your data, you never know when the bad guys will nail your hard drive in new and exciting ways through yet another buffer overflow in Windows.

Not Apple Wireless Hardware

[MidKnight]

Note that if you research the article a bit, you'll find that the "researchers" didn't hack the MacBook through the built-in wireless adaptor [go.com], they actually used a 3rd party wireless card plugged into it. They did it on a Mac just for the publicity storm they hoped it would generate (and lookie here, they were right).

So all the crap about "Oh oh, now your Mac is just as insecure as a Windows Box" is really, well, wrong.

And researchers deserves the double-quotes in my opinion; anyone with a nickname like "Jonny Cache" seems a bit silly to me in the first place.

Attacking the wrong people

[YAN3D]

These two "hackers" seem quite sheepish and frustrated. Why are they attacking the Mac user-base when it's not the users that are the problem?

One 'hacker' claims,

We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something,

Users? Why is he picking on users here? The people featured in these ads are ACTORS hired by the marketing and advertising departmens of Apple. Nothing at all to do with the user base.

"Mac userbase aura of smugness on security,"

I don't think the 'smugness aura' is generated by the user base. It's apple's marketing and PR that make claims of being secure and virus free. Do they really think that an average user would come up with something sercurity related on their own? No, they just regurgitate what they hear from these ads.

Maybe some day these guys will grow up socially and learn how to pick their battles. They are attacking the people that they should be trying to win over. They should instead of bringing the fight to the faceless corporations.

Re:How about warning the vendor.

[Snover]

You mean like this, from TFA?

Maynor said he and Ellch have been in contact with Apple, Microsoft and other companies responsible for vetting the device drivers that power the embedded or third-party wireless card devices meant for those systems, and that both companies are working with wireless card vendors and original equipment manufacturers (OEMs) to remedy the problems.

Also, christ, I'd say they're being pretty responsible about it.

Maynor said he and his colleague opted in favor of a videotaped demonstration versus a live one because of the possibility that someone in the audience could intercept the traffic sent to a potentially live target and deconstruct the attack -- possibly to use the exploit in the wild against other Macbook users.

Re:How about warning the vendor.

[Whiney Mac Fanboy]

They should have disclosed the vulunerability to Apple and give fair time to patch OS X before going public with it.

Seeing you can't be bothered reading tfa to find out that they haven't discolsed & gone to some trouble to ensure the vulnerability's details weren't leaked, I'll quote the relevant sections for you:

hile those device driver flaws are particular to the Macbook -- and presently not publicly disclosed

and:

Maynor said he and his colleague opted in favor of a videotaped demonstration versus a live one because of the possibility that someone in the audience could intercept the traffic sent to a potentially live target and deconstruct the attack -- possibly to use the exploit in the wild against other Macbook users.

One last quote for you (just 'cause its funny):

"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something,"

Re:How about warning the vendor.

[Aladrin]

'Not publicly disclosed' here means the exact details were not given. And I'll give you that they went through some trouble to make sure people couldn't hack his presentation and get the info they need.

But they WERE given a huge helping hand here... They now know that a vulnerability exists, that it's possible on 3 different platforms, and that that it deals with wireless drivers in 'connect to anything' mode. Wow. If I had just a bit more ambition and a tad more skill, I'd be looking for that myself to

Re:How about warning the vendor.

[Billosaur]

But they WERE given a huge helping hand here... They now know that a vulnerability exists, that it's possible on 3 different platforms, and that that it deals with wireless drivers in 'connect to anything' mode. Wow. If I had just a bit more ambition and a tad more skill, I'd be looking for that myself to have some fun with it. Anyone more skilled (and inclined) than me is already working on it. Expect to see results within a week from some blowhard that can't keep his mouth shut.

Well, this is not quite

Re:Misconceptions by users

[laffer1]

When Mac OS is no OpenBSD, but its comparable to every other operating system in terms of security. People don't use Macs for security, well the average ones anyway. There is a misconseption that they are more secure, but even if apple was the least secure OS (os9 anyone), they are still easy to use and full of features. Macs are about what you can do and not how can you do it. In this case, you can do a remote root exploit! The difference is that apple will patch it as soon as they can just as linux de

Re:Misconceptions by users

[Yvanhoe]

Well, this argument, being used toward Linux users or Mac users, has to stop. We all know that there has been flaws in linux kernel, Mac OS X and windows XP. They are known, thay are published and for most of them corrected. We all know there are more, waiting to be discovered.

BUT, and you'll notice this is a capital 'but', I have never seen a worm propagate across linux computers (I don't know for macs, I'm not a user of these). I mean, in the 98 era, windows computers were plagued with these. In the pre-SP1 era too. I have never seen a *single* self-propagating thingie for linux. The first one to do such a feat would get a lot of credit in the "scene" (if such a thing still exists). I, for one, believe that the security design of the OS is not stranger to this clean record.

Re:Misconceptions by users

[MichaelSmith]

I have never seen a *single* self-propagating thingie for linux

What about the SSL worm from a couple of years back? I had at least one linux server rooted by that at the time.

Re:Misconceptions by users

[Yvanhoe]

Ah! I knew I would learn new thing by making such a risky assumption :-) Well, now we can make statistics, there are 25% of linux servers out there and 3% of desktop machines (according to wikipedia, itself citing IDC). What portion of the pests do we get ?

Re:Misconceptions by users

[Poltras]

MySQL, Apache, SSL (including ssh) and many other products were prone to viruses (or virii) and many worms were released for those, infecting millions of servers (both *bsd and linux) in the past. Now the fact that you use your linux as a desktop does not mean any other use of the OS wasn't exploited. You're just firewalling correctly and not installing MySQL...

Re:Misconceptions by users

[i kan reed]

First, the very FIRST worm was a worm that propogated on a flaw in sendmail. Second, you must consider that a worm doesn't have to propogate on 10% of machines just once. every time it spreads, less than 10% of it's targets are acceptable. this has an exponential limitation on the spread of the worm, not a linear one. If you had chosen any type of problem other than worms, your statement would have been valid. (trojans, standard ride-along viruses, spyware, adware). those are valid things to point to,

Re:Driver vulnerabilities

[TheRaven64]

According to TFA, the chipset in question was from Atheros. They produce binary Windows drivers and Linux drivers which are partially open but contain a blob. The OpenBSD driver is reverse-engineered and 100% blob-free. The FreeBSD driver is a port of the OpenBSD driver[1]. It sounds like the same code was used in the driver on all platforms, which should make the OpenBSD driver safe, since it does not contain any Atheros code. It may contain other bugs, but hopefully their code auditing process will c

Re:Centrino. Feh.

[Nick Fury]

It's not Centrino. Centrino is the name given to Intel's package of Motherboard chipset + wireless chipset + Processor. The new Apple machines don't use an Intel wireless card. They use Intel's chipset and Processor but not their wireless card. This does not make them Centrino machines.

To be specific the new Macbooks/pros use a Atheros 5006x. This is in comparison to the powerbooks that use a broadcom based card. So Apple doesn't use Centrino.

Re:True? Or many want it to be true?

[infolib]

You may notice that one of the guys was in CS grad school. He's presenting results at a conference. His academic credibility is on the line.

Not actually demonstrating your methods while presenting them at a conference is pretty common in other disciplines where it's really hard to lug around an X-ray diffractometer or the New Guinea Urungwi tribe. In CS it's different, but I think the risk of interception is a pretty good excuse.

Re:True? Or many want it to be true?

[TheRaven64]

Not actually demonstrating your methods while presenting them at a conference is pretty common in other disciplines where it's really hard to lug around an X-ray diffractometer or the New Guinea Urungwi tribe. In CS it's different, but I think the risk of interception is a pretty good excuse.

Actually, it's not uncommon in CompSci conferences to only present rigged demos. Most conference papers, however, are peer-reviewd before they are accepted[1]. One common question on the review forms is whether a

Re:Third party device

[rahrens]

They used a third party card because they could show this vulnerability on an APPLE laptop!

Headlines...