Jump to content

AttackBook... gone in 60 seconds.

Swad

By Swad

 Share

Not to get you MacBook owners alarmed or anything, but there’s a small chance that at any moment – maybe within the next 5 minutes - your laptop may suddenly become unresponsive and uncontrollable. Don’t be surprised if it starts doing odd things… very “hacker-like” things.

 

Well… ok… so you’re probably not at that much of a risk unless you’re camped out at the Black Hat security conference, chillin' 'til the break so you can grab some more free stuff. According to the Washington Post (now there's some underground cred), Jon "Johnny Cache" Ellch and David Maynor gave a presentation today showing how a MacBook could be compromised in a minute or less.

One of the dangers of this type of attack is that a machine running a vulnerable wireless device driver could be subverted just by being turned on. The wireless devices in most laptops -- and indeed the Macbook targeted in this example -- are by default constantly broadcasting their presence to any network within range, and most are configured to automatically connect to any available wireless network.

 

But according to Maynor and Ellch, this attack can be carried out whether or not a vulnerable targeted laptop connects with a local wireless network. It is, they said, enough for a vulnerable machine to have its wireless card active for such an attack to be successful. That's a trivial demand, given that most wireless devices embedded in laptops these days are switched on by default and are configured to continuously seek out available wireless networks.

These guys are no Mac fans, and especially wanted to poke fun at “smug” Mac users who think they needn’t worry about security. But alas, there appears to be no honor even amongst hackers.

Maynor said he and his colleague opted in favor of a videotaped demonstration versus a live one because of the possibility that someone in the audience could intercept the traffic sent to a potentially live target and deconstruct the attack -- possibly to use the exploit in the wild against other Macbook users.

Update: It seems that the Washington Post article may have been making the situation seem a little worse than it was - in fact, they weren't exploiting the AirPort card at all, but another wireless adapter. See this article for more on the topic.

 Share
Go to articles

User Feedback

Recommended Comments

ampTK

I think we will start to see things like that more often. I hope (and it seems this way) that Apple will stay on top of things, and fix problems promptly, and fix holes even if haven't surfaced. (unlike MS)

Link to comment
Share on other sites
codeman38

As it turns out, there was even more sensationalism at work here. In this story's comments on Digg, a user nicknamed 'DVRDude' linked to this AP story on the conference at ABCNews which reveals that they weren't even using the built-in AirPort hardware in the demonstration. :turbin:

 

Not, of course, that Mac users still don't need to stay vigilant, but this particular vulnerability seems to have been exaggerated just a bit...

Link to comment
Share on other sites
Swad

Good find, codeman. From that article:

 

"We did that so we're not singling out Apple," Maynor said.

 

That's something the Wash Post didn't comment on... in fact their blog entry made it seem like it really was to single out Apple.

 

Thanks for that and welcome to the forum!

Link to comment
Share on other sites
Franzy

Ok. Seems like you guys are new to this entire subject and some of your information is wrong.

 

I am currently working on this with a friend of mine, so here's how it works. The hack takes advantage of a common flaw found in every wireless driver for any card. Therefore, this will work on any computer with a wireless card. It is a very interesting project.

 

If you would like to try conducting it yourself, download the Linux hacking program, LORCON, start er' up, load the commands, and you too can hack wireless cards (without the laptop even being on the same network, it just has to be functional, turned on, and searching for nearby networks). If you need any help with this, or a copy of LORCON, just ask.

Link to comment
Share on other sites
Swad

Franzy-

 

What exactly is hacked? How is it that they're able to hijack a system with a driver exploit?

 

This is really interesting to me.

Link to comment
Share on other sites
Franzy
Franzy-

 

What exactly is hacked? How is it that they're able to hijack a system with a driver exploit?

 

This is really interesting to me.

 

Well Mash, the attack launched by the two researchers you read about was a demonstration to all in the computer industry of numerous wireless flaws. One of these flaws proved extraordinarily fatal to the card and computer itself. The flaw was probably caused by developers who are forced to rush their software for the card to get it working immediately. Whatever excuse there is, it allows anyone, with the right experience and knowledge of commands, to hijack a computer with an active wireless card. It doesn't even hav to be connected to the same wireless network, just active. Now, my friend and I are going into more depth, but the researchers used the well-known program, LORCON, to find this specific flaw. LORCON is a program that reveals many Wi-fi flaws. Its purely command based. Now, to my knowledge i would think that the 'flaw' in this case would be one deep within its drivers. We all know drivers are written to tell the hardware what job to do, how to do it, and identifty the device on the machine itself. Now it may be a bit hard to understand how you can hijack a computer not even on the network. Think of it this way. You've got a device, COMPLETELY unprotected thats constantly searching for networks. With no way to distinguish good things from bad, an attacker could use LORCON to intercept it and infultrate the computer itself. In response to this, i have heard Microsoft plans to try and fix this problem in the release of Windows Vista.

 

PS: despite what the misleading article titles may say, its not just a macbook thats getting hacked (something i've stated before somewhere)

 

to mash: Nice job on the forum reconstruction. I have something I would like to contribute to the site. I told munky and he found it interesting as well but said you were busy with the insanelymac project. Please PM me, I know you'll be interested.

Link to comment
Share on other sites
Pantalaimon

i found this, what one of the "hackers" said

 

"This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers. Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver - not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."

Link to comment
Share on other sites

×
×
  • Create New...