Apple: No Evidence Provided to Back Up Wireless Security Threat
by , 1:25 PM EDT, August 18th, 2006
Lynn Fox, Apple's director of public relations, this week responded to SecureWorks' recent claims that there is a vulnerability in wireless networking shared by Mac and Windows laptops. Ms. Fox told Macworld: "Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is. To the contrary, the SecureWorks demonstration used a third party USB 802.11 device -- not the 802.11 hardware in the Mac -- a device which uses a different chip and different software drivers than those on the Mac.
"Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."
As TMO reported on Aug. 3, SecureWorks researchers David Maynor and Jon "Johnny Cache" Ellch used the Black Hat 2006 conference in Las Vegas to release a video demonstrating a MacBook being compromised through a flaw that they said was common to the Mac and Windows operating systems. While Mr. Maynor claimed that the flaw existed in Mac OS X, he used a third-party wireless device and driver to demonstrate the exploit because Apple "had leaned on them" to not use the MacBook's built-in AirPort Extreme technology.
Macworld noted that the SecureWorks Web site has since been updated with this disclaimer: "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver -- not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."
Observer Comments
"SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we [Apple} ship."
"As part of a responsible disclosure policy, we [SecureWorks] are not disclosing the name of the third-party wireless device driver until a patch is available."
And how is Apple or anyone supposed to write a patch if SecureWorks doesn't give the manufacturers data on the exploit?
I'm becoming more and more dubious about the BlackHat demo. Not that what SecureWorks showed is not possible, just I'm doubting their particular demonstration of it. It's beginning to look like they are trying to publicize themselves and their company more than alert the community to a danger.
More importantly, who cares? The MacBook comes with Apple's Wi-fi card, not some third party card. Accordingly, not many users are going to be using a third party solution.
It is highly doubtful the alledged hack works on OSX using Apple's hardware and drivers. If it did, the Black Hat folks would have given Apple information concerning the hack since it alledges to have given the third parties the informaiton.
Is it really an Apple designed card with Apple drivers or some third party system that was integrated into Apple's motherboard? I don't know the answer to that but the latter is more common. It's why MacBook Pros come with ATI Mobility Radeon X1600 graphics rather than an Apple graphics card.
Quotegeoduck wrote:
Is it really an Apple designed card with Apple drivers or some third party system that was integrated into Apple's motherboard? I don't know the answer to that but the latter is more common. It's why MacBook Pros come with ATI Mobility Radeon X1600 graphics rather than an Apple graphics card.
I think we can assume that Apple knows what they're putting in their machines. Come on, even the *processor* is third-party. They're in control of what goes in and, since they offer a reasonable (if not large) amount of upgradeability, you can be 99% sure that anything that Apple puts into one of their computers would be as good--or better--than anything they'd be making themselves. (Come on, they're not a graphics card company! Or a WIFI card manufacturer! Or a processor developer!)
The vulnerability here would be in the driver itself. So the key to this is determining the source of the driver. I would not be surprised if they used a 3rd party card which had an open source driver available and engineered the flaw into that driver themselves to simulate a flaw that someone else already discovered in a windows driver or the windows kernel or wherever it is that the windows flaw exists. This is of course assuming that the video they showed wasn't all staged to begin with.
Even if they didn't create the driver themselves, you don't take a kernel extension written by a 3rd party and then tell the world that the kernel itself has a fundamental flaw. If you do that then you are lying. Especially people who are so "knowledgeable" about the internals of operating systems.
Fri Aug 18, 2006 6:33 pm Subject: Secureworks admitted they lied!
Fri Aug 18, 2006 10:46 pm Subject: The truth will come out
I think we'll find out, soon, that they didn't exploit any driver or any WiFi card, from Apple or any third party. The whole thing will be shown to be a parlor trick. Look at the video. They get access to UNIX shell, yet claim the same hack would work on Windows. Note also that the shell looks slightly different than a normal shell script (they turned of any prompt, which is a trivial thing to do), in an attempt to make it look like they didn't just ssh from one machine to another.
Which is exactly what, it will be shown, they did. So they had two computers on the same wireless network, and used one to ssh to the other? Say it isn't so! Oh wait, that's called normal behavior. They could have connected an Ethernet cable and done the same thing, but that wouldn't make for nearly as good of a show.
Mark my words: SecureWorks found no flaw whatsoever.
Sat Aug 19, 2006 12:06 pm Subject: It doesn't matter
It doesn't matter if there was a real exploit or not, a lot of people will only believe what they first heard. Months from now you will be in a conversation with some Dell user and they will mention the Mac's WiFi weakness. It is just like the OSX virus/worm/malware that hit the news now and then.
Recent Headlines - Updated January 8th
- Wed, 6:20 PM
- Macworld Expo 2009 - Ecamm Introduces World’s First Bluetooth Webcam
- 6:16 PM
- News - Verbatim Announces Speaker Keyboard, Store ‘n’ Go Micro USB Drive
- 6:09 PM
- Photo Gallery - Photo Gallery: Macworld 2009 Day 2
- 3:24 PM
- Just a Thought - First Time Macworld Impression
- 12:16 PM
- News - EMC Issues Beta of Retrospect 8.0 Backup Software
- 12:04 PM
- News - REAL Server 2009 to Ship Next Month
- 11:40 AM
- News - Livescribe to Bring Pulse Smartpen Software to Mac
- 10:58 AM
- Hot Forum Topic - Reader Reactions: Apple’s Macworld Expo Keynote
- 10:39 AM
- News - Verbatim, Lexar Introduce New Flash Storage Options
- 10:20 AM
- Editorial - Don’t shoot the messenger: Content, Not Delivery Marred Apple’s Last Keynote
- 9:51 AM
- News - LaCie Releases 2big Quadra External Hard Drive Line
- 9:29 AM
- News - Microsoft’s Mac Business Unit Reveals Upcoming Office Improvements
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
MacPro Memory 667Mhz With Apple Spec Heat Sink - 2GB $62 / 4GB $80 / 8GB $158. Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: Upgrade a MacBook to 4GB RAM for $99! Add a 320G MacBook Hard Drive for $73! MacBook Pro 17" 8GB Kits Available Now! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
