[Infowarrior] - Mac Wi-Fi hijack demonstrated

Richard Forno rforno at infowarrior.org
Wed Feb 28 22:56:01 EST 2007 

Mac Wi-Fi hijack demonstrated
February 28, 2007 4:10 PM PST
http://news.com.com/2061-10789_3-6163285.html?part=rss&tag=2547-1_3-0-20&sub
j=news

ARLINGTON, Va.--Is the book on the Mac Wi-Fi hijack saga finally being
closed?

David Maynor, chief technology officer at Errata Security, at the Black Hat
DC event here on Wednesday broke the months-long silence on a controversial
Mac hack. He also said he plans to publicly release computer code used in
that attack.

The controversy started at the Black Hat Briefings conference last summer in
Las Vegas. There, Maynor and fellow security researcher Jon "Johnny Cache"
Ellch showed how a MacBook could be hacked by sending malformed network
traffic to it. (Click here to see the video.)

The presentation caused a storm of criticism from the Mac community and
Apple criticized Maynor and Ellch for saying Macs were insecure. The Mac
maker even tried to pressure Maynor into posting a blog on the site of his
then-employer SecureWorks stating that Macs were not flawed, he said.

Nearly two months later, however, Apple released Mac OS X 10.4.8, which
fixed the problem demonstrated at Black Hat, Maynor said Wednesday.

"The vulnerability that was being exploited was now patched," Maynor said.
"Apple released some security patches to address stuff I actually pointed
them to and they claimed had nothing to do with me."

Shortly after Apple issued its patches, Maynor and Ellch were slated to open
the book on Apple at the ToorCon hacker event in San Diego. That
presentation was pulled because Apple threatened to sue SecureWorks, Maynor
said.

Maynor did offer an apology.

"I screwed up a little bit," he said. There was a lot of confusion around
the Mac hack because the original presentation used a third party Wi-Fi
card. However, Maynor and Ellch had in fact also found flaws in Apple's own
hardware, he said.

Maynor demonstrated a Mac Wi-Fi hack on stage on Wednesday. His MacBook
running Mac OS X 10.4.6 crashed while scanning for a wireless network and
coming across rogue code Maynor was pushing out from a Toshiba laptop. While
the attack he demonstrated only caused a crash, it could also be used to run
code on the Mac, he said.

Apple fixed that particular problem in September with Mac OS X 10.4.8,
Maynor said.

"I did provide the information on vulnerabilities in Apple products, I
provided them with code and they were given packet captures," he said.

In the future, Maynor said he won't work with Apple. "I do not feel
comfortable keeping relations with the company and will not report future
findings to them," he said.

An Apple representative could not immediately comment on Maynor's
presentation.

More information about the Infowarrior mailing list