An attacker could gain complete control over a laptop by sending malformed network traffic to a vulnerable computer, David Maynor, a senior researcher at security service provider SecureWorks, said in a presentation at the Black Hat security event. Maynor, along with researcher Jon 'Johnny Cache' Ellch, showed a video of a successful attack on an Apple Computer MacBook. However, the attack is possible also on other computers, both laptops and desktops, and not just MacBooks, the researchers said. The recent security fixes issued by Intel are not related to this issue.
Post a Comment
Member since:
2005-06-29
Should we be simplifying wireless to make security more attainable with fewer driver upgrades? Driver updates can be a very very nasty thing on any system if not done correctly (beware the drivers on Windows update 
). So, I'd imagine that due to the complexities and importance of reliable drivers it'd be better to make the devices simple to a fault rather than complex to a fault.
What's worse, people sniffing your packets or scanning your hard drive after they exploit your wireless driver? And how long is the typical cycle to get updated drivers installed (typical user)?
An alterior motive would be the hope that simpler and more secure devices would allow for better free drivers.
Member since:
2006-02-19
From
http://www.securityfocus.com/brief/271
"Systems running OpenBSD are unlikely to be affected based on that open-source group's refusal to use "binary blobs" in their device drivers, and their subsequent reverse engineering of numerous WiFi chipsets to provide open-source alternatives to manufacturer's device drivers."
Member since:
2005-09-03
Member since:2005-07-13
Does anyone know where example code is posted to do this? I'm interested.
AFAIK they have specifically withheld the code. In fact, they opted to use a video instead of doing it live to avoid anyone in the audience from sniffing out their technique.
Of course, that could just be for dramatic effect. They've apparently been in contact with the manufacturers, so if this is really the case, it would probably be a bit irresponsible to release exploit code this early into it.
Member since:2005-07-06
Member since:
2005-08-10
Member since:2005-07-13
Does this issue affect the built in wireless of the Macbook?
Not sure, they used a third-party card in the Mac, they wanted to demonstrate that the driver flaws were platform agnostic. They weren't specifically singling out the Mac as being insecure itself, that was just showmanship.
Member since:2005-07-06
Member since:2005-08-10
Interesting.
I wonder why they chose to put a card in the macbook when all macbooks already have wireless built in. Certainly that would show that every macbook is affected.
Still. The exploit from what I understand requires the attacker to look like a base station. I think the Mac always asks before joining a network you haven't joined before.
Obviously it needs to be fixed though!
Member since:2006-03-17
Member since:2006-06-24
The exploit will work with the standard Airport cards. Apparently, the hackers were pressured by Apple reps, not to show Airport in their demonstration.
http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macb...
So does everyone use the same code for the drivers?
Member since:
2006-01-25
So why doesn't Novell want proprietary drivers?
Your answer is right here. This is one of the huge problems with proprietary drivers. Open source drivers aren't dependant on waiting for a manufacturers patch for their drivers, and many old cards will probably not receive patches, which again isn't a concern with open source drivers.
Member since:
2005-08-18
Member since:
2005-07-06
