An attacker could gain complete control over a laptop by sending malformed network traffic to a vulnerable computer, David Maynor, a senior researcher at security service provider SecureWorks, said in a presentation at the Black Hat security event. Maynor, along with researcher Jon ‘Johnny Cache’ Ellch, showed a video of a successful attack on an Apple Computer MacBook. However, the attack is possible also on other computers, both laptops and desktops, and not just MacBooks, the researchers said. The recent security fixes issued by Intel are not related to this issue.
Should we be simplifying wireless to make security more attainable with fewer driver upgrades? Driver updates can be a very very nasty thing on any system if not done correctly (beware the drivers on Windows update
). So, I’d imagine that due to the complexities and importance of reliable drivers it’d be better to make the devices simple to a fault rather than complex to a fault.
What’s worse, people sniffing your packets or scanning your hard drive after they exploit your wireless driver? And how long is the typical cycle to get updated drivers installed (typical user)?
An alterior motive would be the hope that simpler and more secure devices would allow for better free drivers.
From
http://www.securityfocus.com/brief/271
“Systems running OpenBSD are unlikely to be affected based on that open-source group’s refusal to use “binary blobs” in their device drivers, and their subsequent reverse engineering of numerous WiFi chipsets to provide open-source alternatives to manufacturer’s device drivers.”
Does anyone know where example code is posted to do this? I’m interested.
Does anyone know where example code is posted to do this? I’m interested.
AFAIK they have specifically withheld the code. In fact, they opted to use a video instead of doing it live to avoid anyone in the audience from sniffing out their technique.
Of course, that could just be for dramatic effect. They’ve apparently been in contact with the manufacturers, so if this is really the case, it would probably be a bit irresponsible to release exploit code this early into it.
This is just an example of a 0day exploit.It’s naive to think this is the only one:-)
Does this issue affect the built in wireless of the Macbook?
Does this issue affect the built in wireless of the Macbook?
Not sure, they used a third-party card in the Mac, they wanted to demonstrate that the driver flaws were platform agnostic. They weren’t specifically singling out the Mac as being insecure itself, that was just showmanship.
The researchers have stated that the built-in wifi of the MacBook is vulnerable to this exploit.
Interesting.
I wonder why they chose to put a card in the macbook when all macbooks already have wireless built in. Certainly that would show that every macbook is affected.
Still. The exploit from what I understand requires the attacker to look like a base station. I think the Mac always asks before joining a network you haven’t joined before.
Obviously it needs to be fixed though!
Doubt it or else id assume he wouldnt have used a 3rd party card …
The exploit will work with the standard Airport cards. Apparently, the hackers were pressured by Apple reps, not to show Airport in their demonstration.
http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macb…
So does everyone use the same code for the drivers?
So why doesn’t Novell want proprietary drivers?
Your answer is right here. This is one of the huge problems with proprietary drivers. Open source drivers aren’t dependant on waiting for a manufacturers patch for their drivers, and many old cards will probably not receive patches, which again isn’t a concern with open source drivers.
“Open source drivers aren’t dependant on waiting for a manufacturers patch for their drivers”
Additionally, as anyone who has used Windows for any period of time knows, many many hardware vendor drivers are total junk.
“That 99% of the community thinks that there computers can never be penetrated thus the majority of Max users have no virus or firewall protection. Well hate to say it but welcome to the real world.”
Well said:-)