The Mac Observer

Skip navigational links

Featured Article:

Apple: No Evidence Provided to Back Up Wireless Security Threat

by , 1:25 PM EDT, August 18th, 2006

Lynn Fox, Apple's director of public relations, this week responded to SecureWorks' recent claims that there is a vulnerability in wireless networking shared by Mac and Windows laptops. Ms. Fox told Macworld: "Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is. To the contrary, the SecureWorks demonstration used a third party USB 802.11 device -- not the 802.11 hardware in the Mac -- a device which uses a different chip and different software drivers than those on the Mac.

"Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."

As TMO reported on Aug. 3, SecureWorks researchers David Maynor and Jon "Johnny Cache" Ellch used the Black Hat 2006 conference in Las Vegas to release a video demonstrating a MacBook being compromised through a flaw that they said was common to the Mac and Windows operating systems. While Mr. Maynor claimed that the flaw existed in Mac OS X, he used a third-party wireless device and driver to demonstrate the exploit because Apple "had leaned on them" to not use the MacBook's built-in AirPort Extreme technology.

Macworld noted that the SecureWorks Web site has since been updated with this disclaimer: "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver -- not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."

Observer Comments

Show: Subjects Only | Full Comments
Close Name:geoduck Posts: 1922 Joined: 30 Dec 2003
Subject:

"SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we [Apple} ship."

"As part of a responsible disclosure policy, we [SecureWorks] are not disclosing the name of the third-party wireless device driver until a patch is available."

And how is Apple or anyone supposed to write a patch if SecureWorks doesn't give the manufacturers data on the exploit?

I'm becoming more and more dubious about the BlackHat demo. Not that what SecureWorks showed is not possible, just I'm doubting their particular demonstration of it. It's beginning to look like they are trying to publicize themselves and their company more than alert the community to a danger.

Close Name:Terrin Posts: 414 Joined: 29 Jan 2006
Subject:

More importantly, who cares? The MacBook comes with Apple's Wi-fi card, not some third party card. Accordingly, not many users are going to be using a third party solution.

It is highly doubtful the alledged hack works on OSX using Apple's hardware and drivers. If it did, the Black Hat folks would have given Apple information concerning the hack since it alledges to have given the third parties the informaiton.

Close Name:geoduck Posts: 1922 Joined: 30 Dec 2003
Subject:

Is it really an Apple designed card with Apple drivers or some third party system that was integrated into Apple's motherboard? I don't know the answer to that but the latter is more common. It's why MacBook Pros come with ATI Mobility Radeon X1600 graphics rather than an Apple graphics card.

Close Name:macmikey Posts: 22 Joined: 18 Feb 2005
Subject:

Quote
geoduck wrote:
Is it really an Apple designed card with Apple drivers or some third party system that was integrated into Apple's motherboard? I don't know the answer to that but the latter is more common. It's why MacBook Pros come with ATI Mobility Radeon X1600 graphics rather than an Apple graphics card.


I think we can assume that Apple knows what they're putting in their machines. Come on, even the *processor* is third-party. They're in control of what goes in and, since they offer a reasonable (if not large) amount of upgradeability, you can be 99% sure that anything that Apple puts into one of their computers would be as good--or better--than anything they'd be making themselves. (Come on, they're not a graphics card company! Or a WIFI card manufacturer! Or a processor developer!)

Close Name:Biff Posts: 1479 Joined: 08 Apr 2004
Subject:

The vulnerability here would be in the driver itself. So the key to this is determining the source of the driver. I would not be surprised if they used a 3rd party card which had an open source driver available and engineered the flaw into that driver themselves to simulate a flaw that someone else already discovered in a windows driver or the windows kernel or wherever it is that the windows flaw exists. This is of course assuming that the video they showed wasn't all staged to begin with.

Even if they didn't create the driver themselves, you don't take a kernel extension written by a 3rd party and then tell the world that the kernel itself has a fundamental flaw. If you do that then you are lying. Especially people who are so "knowledgeable" about the internals of operating systems.

Close Name:horvatic Posts: 102 Joined: 27 Jun 2003
Subject: Secureworks admitted they lied!

macnn.com and mdn have stories that say secureworks lied and there is no wireless threat as they modified a macpro to try and fool everyone into believing that they found an exploit.
THEY DID NOT!!

Close Name:jimothy Posts: 612 Joined: 04 Jun 2004
Subject: The truth will come out

I think we'll find out, soon, that they didn't exploit any driver or any WiFi card, from Apple or any third party. The whole thing will be shown to be a parlor trick. Look at the video. They get access to UNIX shell, yet claim the same hack would work on Windows. Note also that the shell looks slightly different than a normal shell script (they turned of any prompt, which is a trivial thing to do), in an attempt to make it look like they didn't just ssh from one machine to another.

Which is exactly what, it will be shown, they did. So they had two computers on the same wireless network, and used one to ssh to the other? Say it isn't so! Oh wait, that's called normal behavior. They could have connected an Ethernet cable and done the same thing, but that wouldn't make for nearly as good of a show.

Mark my words: SecureWorks found no flaw whatsoever.

Close Name:Edison Carter Posts: 228 Joined: 10 Aug 2006
Subject: It doesn't matter

It doesn't matter if there was a real exploit or not, a lot of people will only believe what they first heard. Months from now you will be in a conversation with some Dell user and they will mention the Mac's WiFi weakness. It is just like the OSX virus/worm/malware that hit the news now and then.

Comment on this Article


You cannot edit your comments.   You cannot delete your comments.
Log in | Register | Having Problems? Reset TMO Cookies & Try Again
Username:   Password:   Log me on automatically each visit   

You are not logged in, and this post will appear as "Guest." Log in with your username and password from the TMO forums. If you do not have a username, you can register here.
Please note that guests are limited to including a maximum of two URLs per post.


Post A Comment
  Subject


  Your Comments



Please enter the word exactly as you see it in the image above. Registered users aren't prompted for this. Having trouble reading the image get a new one.


Recent Headlines - Updated January 8th

Wed, 6:20 PM
Macworld Expo 2009 - Ecamm Introduces World’s First Bluetooth Webcam
6:16 PM
News - Verbatim Announces Speaker Keyboard, Store ‘n’ Go Micro USB Drive
6:09 PM
Photo Gallery - Photo Gallery: Macworld 2009 Day 2
3:24 PM
Just a Thought - First Time Macworld Impression
12:16 PM
News - EMC Issues Beta of Retrospect 8.0 Backup Software
12:04 PM
News - REAL Server 2009 to Ship Next Month
11:40 AM
News - Livescribe to Bring Pulse Smartpen Software to Mac
10:58 AM
Hot Forum Topic - Reader Reactions: Apple’s Macworld Expo Keynote
10:39 AM
News - Verbatim, Lexar Introduce New Flash Storage Options
10:20 AM
Editorial - Don’t shoot the messenger: Content, Not Delivery Marred Apple’s Last Keynote
9:51 AM
News - LaCie Releases 2big Quadra External Hard Drive Line
9:29 AM
News - Microsoft’s Mac Business Unit Reveals Upcoming Office Improvements

The Mac Observer Reader Specials