MacBooks Get Hacked Within 60 Seconds
August 4, 2006 12:46 PM
comment(s) - last by
Security experts say poor driver design leaves doors wide open
Two security researchers from Black Hat this week revealed a method in which
a MacBook can be broken into and taken control of
. In fact, the intrusion method is at such a low level that even firewalls and anti-virus applications can't help. Based on flaws in wireless network driver design, Apple's line of MacBooks -- and MacBook Pros -- allows an attacker to remotely bypass the security of the laptop and the operating system.
Jon Ellch and David Maynor from Black Hat say that drivers for Apple's notebooks are developed not in house, but outside using contracted development companies. Ellch says that often times, these development people are under so much pressure from higher management to get working drivers so that companies can rush our products to market. Under circumstances like this, drivers for devices such as wireless network processors enter "the wild" in an untested state.
However, Mayner said that "we're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something." Mayner cites that many of Apple's commercials claim that Macs don't suffer from the same security vulnerabilities that PCs do but in fact, they do.
The team at Black Hat demonstrated that they could circumvent the Wi-Fi security and OS level security in a MacBook and within just 60 seconds, were able to take complete control of the machine. Black Hat demonstrated the technique through a pre-recorded video to prevent anyone from intercepting the wireless network traffic to deconstruct the attack and release it elsewhere. Black Hat said that it has been in contact with both Apple and Microsoft, because the vulnerability exists on both sides.
This article is over a month old, voting and posting comments is disabled
RE: from the article...
8/4/2006 1:01:21 PM
and yet, I still cannot find whether it says they were in Windows or Mac OS X when the hack is done. Which is it?
RE: from the article...
8/4/2006 1:10:05 PM
Ars and /. both report that the Macbook was exploited while running OSX - but since the exploit is cross-platform*, it really doesn't matter.
*Since the card is based on an Atheros chipset, and the OpenBSD (ported to Free) Atheros drivers are blob-free and audited, I doubt it is vulnerable. But given Open's track record, is anyone surprised? :P
"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner
Report: AT&T Eyeing $40B DirecTV Purchase
May 1, 2014, 8:00 AM
WebOS Class Action Settlement Costs HP $57 Million
April 1, 2014, 10:22 AM
IBM Workers Strike Over Terms of Deal That Will Have Them Working for Lenovo
March 6, 2014, 9:29 AM
Google Picking Up Artificial Intelligence Company "DeepMind" for $400 Million
January 27, 2014, 9:25 AM
Quick Note: Qualcomm Grabs up Palm, IPAQ, and Bitfone Patent Portfolio from HP
January 24, 2014, 9:18 AM
Verizon Buys Intel Media OnCue Cloud TV assets
January 21, 2014, 10:26 AM
Most Popular Articles
Dell Announces "World's Thinnest" Tablet: The Venue 8 7000 Series
September 11, 2014, 8:51 AM
Quick Note: Buy an Xbox One Sept 7-13, Get a Free Game
September 4, 2014, 10:42 AM
Apple Announces Its Smartwatch: The $349 Apple Watch
September 9, 2014, 2:09 PM
T-Mobile Launches Un-carrier 7.0, Beefs Up Wi-Fi Calling
September 11, 2014, 2:56 PM
Russian Hackers Compile List of 10+ Million Stolen Gmail, Yandex, Mailru
September 11, 2014, 11:41 AM
Latest Blog Posts
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information