: Mac Hacked!


Deep Blue
Aug 5th, 2006, 01:07 AM
http://www.theage.com.au/news/wireless--broadband/security-flaw-in-wireless-computers-exposed/2006/08/03/1154198254214.html

Derrick
Aug 5th, 2006, 01:17 AM
Does anyone think this sentence from the article makes any difference?

"The MacBook used in the demonstration was not using the wireless gear that shipped with the computer. Instead, they used a third-party wireless card that they declined to name."

SoyMac
Aug 5th, 2006, 01:26 AM
More questions than answers:

"If they’re willing to say that the built-in driver is exploitable, why are they not willing to prove it?"
http://daringfireball.net/2006/08/krebs_followup

tedj
Aug 5th, 2006, 01:34 AM
The MacBook used in the demonstration was not using the wireless gear that shipped with the computer. Instead, they used a third-party wireless card that they declined to name.

Which one, I wonder...(some usb wireless)? Not that it makes much difference, since the actual hardware had little to do with the actual hack....

The computer need not be connected to the internet to be infected. All that's required is that it have certain wireless devices installed and that those devices be turned on.

On the other hand, I imagine this is the most important part. On the ppc, at least, the apple cards are active, while other cards can be both passive and active, no? (depending upon how much is publically known about the chipset) Perhaps that allows the OS using a passive card to be compromised in a way the only-active card wouldn't? I'm thinking of how kismac handles wireless hacking FROM the mac OS, which is very difficult without the appropriate card...

I have no idea what I am talking about, really...

tedj
Aug 5th, 2006, 01:41 AM
http://daringfireball.net/2006/08/krebs_followup


Yeah, pretty good questions there, as usual. Definitely brings up that non-defined issue of apple vs. non-apple wireless card(s)...

apple4life
Aug 5th, 2006, 01:47 AM
*yawn*...

NBiBooker
Aug 5th, 2006, 07:56 AM
As I've said before, I think this one is a non-starter issue.

Atroz
Aug 5th, 2006, 11:44 AM
Does anyone think this sentence from the article makes any difference?

"The MacBook used in the demonstration was not using the wireless gear that shipped with the computer. Instead, they used a third-party wireless card that they declined to name."


ABSOLUTELY. It doesn't mean that the Apple hardware is not vulnerable, but there was something unique about that additional hardware. e.g. a different brand.

This appears to be a firmware or other low level driver issue and is OS agnostic. I.e. works on Windows and Linux too. Now, I expect the exploit requires OS specific software, but the vulnerabilty is the same on all systems.

What we need to know is which chipset it was. It is very interesting that Intel released an update for their chipsets.

EDIT: There's a posting over on Ars Technica that says the vulnerability is also in the Airport drivers, but implies Apple put pressure on the hackers not to use them in the demo. http://arstechnica.com/journals/apple.ars/2006/8/2/4856

Kosh
Aug 5th, 2006, 02:50 PM
For more reading we had another thread here https://www.ehmac.ca/showthread.php?t=43111

SoyMac
Aug 18th, 2006, 02:38 PM
Holy Geez! :eek:

SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacking’
:rolleyes:
http://macdailynews.com/index.php/weblog/comments/10603/

Well, there's the answer: FRAUD.
I hope Apple sues them to infinity.

NBiBooker
Aug 18th, 2006, 02:42 PM
Sweet justice

markceltic
Aug 18th, 2006, 09:31 PM
That or it's that karma thing Steve mentions every now & again.