RSS

MacBook Highly Vulnerable Via Wireless

David Utter
Staff Writer
2006-08-02

Insider Reports RSS Feed

Even if a MacBook's wireless card is powered on but not connected to a wireless network, it can be taken over by a malicious attacker.

MacBook Highly Vulnerable Via Wireless

A similar issue to that affecting Intel Centrino wireless drivers can affect the MacBook. The SANS Research Office noted in an email to federal agencies and other security industry contacts that a method of taking over a MacBook will be demonstrated today at the BlackHat Vegas conference.

As on the Centrino, the Mac's wireless vulnerability allows a remote exploitation to take place that circumvents the encryption, according to Alan Paller, director of research for SANS. "That means that sensitive data stored on laptops isn't protected even if it is encrypted," he said.

Washington Post security blogger Brian Krebs posted about the session this morning. He spoke with the two presenters, Jon "Johnny Cache" Ellch and David Maynor, about their pending presentation.

Maynor had some unkind words in Krebs's post about Apple and the widely held perception that the Mac is a "bulletproof" platform when it comes to security:

Still, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the "Mac user base aura of smugness on security."

"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," Maynor said.

"The main problem here is that device drivers are a funny mix of stuff put together by hardware and software developers, and these guys are often under the gun to produce the code that will power products that the manufacturer is often in a hurry to get to market."

SANS considers the Mac angle an important one for several reasons:

This is a big story for several reasons. First it shoots a pretty big hole in the "bulletproof" image Apple is trying to project (notice the words Maynor used in the Krebs interview).

Second, it isn't just about Macs. The vulnerabilities apparently can also be found in Centrino-based laptops as well.

Third, by nature, attackers (aka security researchers) are swarm organisms. That means they will see Maynor's work as a beacon to follow toward a new cache of useful vulnerabilities. And finally, the really bad guys are already using these flaws (and are frustrated that Maynor is making them public).

---
Tags: BlackHat, Apple, Mac, Wireless, Security

Add to

Del.icio.us |

Digg |

Yahoo! My Web |

Furl

Get all the updates in RSS:

About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials