The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Programmers Claim to Find Common Vulnerability in Mac, Windows Laptops

Programmers Claim to Find Common Vulnerability in Mac, Windows Laptops

by , 11:20 AM EDT, August 3rd, 2006

Jon "Johnny Cache" Ellch and David Maynor on Wednesday at the Black Hat 2006 conference in Las Vegas demonstrated a common wireless security flaw in Windows and Mac laptops. During their presentation, a video of which is on Brian Krebs' blog on the Washington Post Web site, they wirelessly connected a MacBook to a Dell and used the latter to take over control of the former. Mr. Maynor noted, however, that the flaw he exploited is a third party one that affects both Windows and Mac laptops; it is not inherent to Mac OS X.

Mr. Maynor told Mr. Krebs that they opted for a video version of their demonstration "because of the possibility that someone in the audience could intercept the traffic sent to a potentially live target and deconstruct the attack -- possibly to use the exploit in the wild against other MacBook users," the columnist wrote.

Mr. Maynor and Mr. Ellch said that the exploit doesn't require the laptop in question to be connected to a network. It simply has to have its wireless card turned on. In the video, Mr. Maynor turned the Dell laptop into a computer-to-computer wireless access point and then connected the MacBook to it via a third-party wireless card, not Apple's AirPort Extreme technology, although he told Mr. Krebs that the flaw exists there, too. He then took over the Mac, creating and deleting files on the desktop to show that he had access to it.

While Mr. Maynor was bothered by what he called the "Mac user base aura of smugness on security," he told Mr. Krebs that they hadn't set out to pick on Macs specifically. He said that he and Mr. Ellch have been in contact with Apple, Microsoft and third party wireless card vendors on fixes for the problem. He told Mr. Krebs that "had leaned on [them] pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet."

Recent TMO Headlines - Updated January 17th

Fri, 3:43 PM
FTC Oculus Probe Examines Meta for Potential Anticompetitive Practices
Fri, 3:35 PM
Netflix Price in 2022 Rises For Customers in US, Canada
Fri, 3:21 PM
Information Hell – TMO Daily Observations 2022-01-14
Fri, 3:03 PM
TSMC Quarterly Profits Rose to 6 Billion in Q42021
Fri, 2:40 PM
Hackers Scam Blockchain City Group 'CityDAO' and Stole Funds
Fri, 2:10 PM
Update to 'LEGO Star Wars: Castaways' Brings Hair Colors, Microfighters
Fri, 1:37 PM
Apple TV+: Making 'The Tragedy of Macbeth'
Fri, 1:14 PM
Environmentally-friendly Mobile Game 'Clean the Sea' Out Now
Fri, 12:09 PM
Apple TV+ Earns Six Writers Guild Award Nominations
Fri, 11:40 AM
Teen Hacker Finds Way to Control Teslas Remotely
Fri, 11:21 AM
Apple Headset Faces Possible Delays Due to Overheating
Fri, 10:57 AM
Russian Authorities Arrest Members of REvil Ransomware Group
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Daily Observations
  • TMO on Twitter!