As TMO says, and the video points out, but the linked article handily glosses over, is that this requires a MacBook with a third party wireless card. Ignoring the fact that the MacBook has built-in wireless, how would you even connect a third party wireless card to the MacBook? Unlike the MacBook Pro, it has no ExpressCard slot.

So, if you've got a USB wireless adapter dangling off your MacBook, you may be vulnerable? Reported, those two users (one of whom we saw in this video) are very concerned.

From the article:

"...via a third-party wireless card, not Apple's AirPort Extreme technology, although he told Mr. Krebs that the flaw exists there, too."

Quote

mrhooks wrote:
From the article:

"...via a third-party wireless card, not Apple's AirPort Extreme technology, although he told Mr. Krebs that the flaw exists there, too."

If the flaw exists there, too, wouldn't it make a more compelling demonstration to attack the built-in card?

Quote

mrhooks wrote:
From the article:

"...via a third-party wireless card, not Apple's AirPort Extreme technology, although he told Mr. Krebs that the flaw exists there, too."

The question remains then, why not used the built-in AirPort extreme technology? It'd give us "smug" Mac users a bit more to chew on.

Another key point that the progenitors of this 'attack' seem to gloss over is that, for it to work, the Windows PC has to be set up with an ad-hoc (computer to computer) network, and the user of the Mac appears to have to INTENTIONALLY JOIN the network, before the Windows PC can gain control.

So, unless I am missing some details, this is the equivalent of a hacker walking over to you, and saying 'Excuse me. I know I am a total stranger, but would you mind connecting this Ethernet cable to your computer, while I connect it to mine? Trust me, I just like the way it looks."

Also, if you read between the lines, where the article says 'that the Macbook doesn't need to be connected to an existing wireless network', you may be able to infer that this means it won't work IF the Macbook is connected to an existing wireless network. This is the case, because you can't really join more than one wireless network, at once, with one wireless adapter.

This is just another example of somebody trying to be first in line to show a serious security hole in Mac OS X (or Macs, in general) that isn't predicated on the Mac user being a complete idiot. Once again, they failed. I bet they also didn't show how this works, to the audience, so that the details of the 'attack' couldn't be picked appart by the audience, and shown to be little more than a hoax.

In closing, I once again admit that Macs are not perfect, and that we Mac users may one day need to be more readily vigilant against network-based bad-mojo. But, today just isn't yet that day.

The more I read about this (how sad it is that this gets this much attention, and that I bother reading it), the more I think this is merely a hoax. Not just a contrived situation, involving third party cards (which were magically inserted where into this MacBook?), joining an ad hoc network, etc. But a complete hoax.

They like had a program that merely sshd to the machine (using key pairs to bypass password prompts) and ran commands that way.

They were (supposedly, anyway) USB wireless adapters.

For one, the computers were not in ad-hoc mode, he specifically stated that the Dell was running in Access Point mode (yes I know you Windows folk think the only way two computers can be directly connected is Ad-Hoc mode). Secondly, they state that the computers do not need to be connected to the same network, it would appear that they did that in order to lessen the steps, so they could highlight the actual security flaw, and fit it in a 60 second video. Lack of refutation on Apples part leads me to believe them. Finally, it sounds like they used a external card, so that people would overreact (like they are doing now), oversimplify the situation, and blame it on Apples Airport drivers. AS THEY STATED, this exploit is available across platforms. I imagine they chose a Macbook in the demonstration because a) it's UNIX therefore a shell is available which allows them to show off what they are doing in a 60 second video b) it's the native OS of the hardware, had they chosen Linux on PC hardware, people would have written it off as a quirky Linux bug. c) look at the publicity now that so many spiteful folks are happily touting this as proof that "a Macs got security problems too!" Again - they specifically state this is available across platforms. Lets not selectively believe them, ok?

What they stated was that the Mac didn't have to be connected in order to be hacked. As mentioned by another poster, if the Mac is already connected to an AP, this hack won't work, casue you can't connect wirelessly to a Mac that already has a wireless connection.

What the authors mean (and should have said) is that this is a hack that, in order to be sucessful, the attacker must convince the Mac user that the attacking machine is a proper AP. It also depends upon the Mac being confirgured to AUTOMATICALLY connect to an open AP. However, this was never explicitly stated, as the authors never discussed the wireless networking settings in use on the target.

In fact the video was very poorly narrated. He did not explain the manner in which the connection was made, did not explain that their hack was supposed to be from a disguised AP, and never claimed, nor demonstrated, whether the hack was intended to elevate user priviliges on the target.

It isn't hard to take over a target machine once you are connected to it via a network, but the real gold is in gaining elevated privileges so you really do OWN the box. that means you demonstrate an admin or root level task to prove it.

They did NOT demonstrate any such thing! Why not? Perhaps because they didn't succeed? Usually, it takes an exploit of a specific vulnerability to gain elevated privileges, and this was supposed to be demoing such a vulnerability. To fail to demo root or admin level elevation is a failure of the first magnitude in such a demo as this.

Any script kiddie can get user level permissions in an ssh session, which is what that demo was. He created files ON THE DESKTOP and then deleted them, proving that he had user level permissions. He even mamed one file "password" - probably to suggest that seeing a "secret password" was possible - but the file he read was a TEXT FILE, and was NOT encrypted. Sensationalism, pure and simple.

Yeah, this did demo a supposed vulnerability, but they did NOT demonstrate a high level, dangerous vulnerability. They demoed that it is possible to connect to a laptop that is set to automatically connect to an open AP and get user level prilileges. Big Whoop. Didn';t demo root or admin elevation, which would have been the point, huh?

Doncha think most users would notice files appearing and disappearing from their desktop? What real use is such a hack without elevated privileges?

And if you want to prove that the Mac drivers are also vulnerable, demonstrate it. Can you really imaginge Black Hatters caving into Apple pressure to NOT demo that?

Ha! Didn't think so...

Yeah, I guess they did choose the Mac for good reason, and I think that reason was mostly for publicity reasons.

And they did get their publicity, didn't they?

For those of you that think this was a Windows PC it was NOT. It was a Linux system running a custom kernel. I'm a network engineer and I can tell you what they are doing is possible. I can't say that it isn't a hoax but it is very possible. IMHO they are using ,as the attacking wireless card, a card that has an aetheros chipset which allows for going into RFMON mode which allows them to receive raw data from the wireless bands and not actively participate. I know this works, I have used it. They are using a modified Kernel that will allow them to send a raw data injection to any wireless device around be it connected or not. If any of you have heard of Kismac, you should know of Kismet. This program is used to see wireless APs and clients that have their SSID to not broadcast. Normally, you can't see clients for those of you that use MacStumbler you would know this. The thing was that it is not just Mac as he was not trying to pick on them. Next, I would like to address the tale of this not being a problem as he only had User Access. Privilege escalation as it is known in the security world is by far one of the easier things to do. Therefore since he has the ability to create files etc.. He should also be able to upload a Root Kit, don't associate this with the Sony deal, a real Root Kit is a collection of an attackers most important tools that he uploads to a victims computer to use remotely. The interview in question is posted entirely here. http://blog.washingtonpost.com/securityfix/2006/08/the_macbook_wireless_exploit_i.html

To let you know I am a Mac fan and my next laptop will be the MacBook Pro. I also am a Gnu/Linux guy as well so I will dual boot. I think that this just needs to be seen from a non-partial side.

Too bad (for you) that the blackhat "hack" appears to be not quite truthful and the Mac in a standard config is not vulnerable.

Secureworks has even admitted that the Apple driver isn't vulnerable on their website.

Read the arcticle again , it's any platforms, any computers.