[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Hacker finally publishes notorious Apple Wi-Fi attack


By Robert McMillan
IDG News Service
September 18, 2007

More than a year after claiming to have found a way to take over a 
Macintosh computer using a flaw in the system's wireless card, David 
Maynor has published details of his exploit.

The details were included in a paper published in the September issue of 
Uninformed.org, an online hacking magazine. The lengthy paper describes 
how to run unauthorized software on a Macintosh by taking advantage of a 
flaw in Apple's AirPort wireless drivers.

Apple patched the bug in September 21 without crediting Maynor for 
discovering the problem. Instead, Apple's engineers found the bug during 
an internal audit, the company said.

Maynor and researcher Jon Ellch first described this type of problem 
during an August 2006 presentation at the Black Hat security conference 
in Las Vegas. He was widely criticized by the Apple community for 
failing to back up his claims with technical details and for presenting 
a video demonstration that used a third-party wireless card instead of 
the one that ships with the Mac.

On Tuesday, Maynor said that at the time of the Black Hat demonstration, 
he had found similar wireless bugs in a number of wireless cards, 
including Apple's AirPort and that he had been told to use the 
third-party card in the video because it was deemed "the least offensive 
to people."

So why publish the Mac hack now?

Maynor said that he had been under a nondisclosure agreement, which had 
previously prevented him from publishing details of the hack. The 
security researcher wouldn't say who his NDA was with, but that 
agreement is no longer in force, allowing him to talk about the exploit. 
"I published it now because I can publish it now," he said.

By going public with the information, Maynor hopes to help other Apple 
researchers with new documentation on things like Wi-Fi debugging and 
the Mac OS X kernel core dumping facility. "There's a lot of interesting 
information in the paper that, if you're doing vulnerability research on 
Apple, you'd find useful."

Maynor will soon publish a second paper on Uniformed.org explaining how 
to write software that will run on a compromised system, he said.

As for his detractors, who will say that this disclosure comes too late, 
Maynor says he just doesn't care what they think. "Let them tear me 
apart all they want but at the end of the day the technical merit of the 
paper will stand on its own."

CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com