Hijacking a Macbook in 60 Seconds or Less, or maybe not

[tongodeon]

Yesterday there was a story about hacking a MacBook remotely by manipulating its wireless drivers that Slashdot picked up today. I was dubious, so I found the video. As I expected the story is a little misleading. The demonstration video that the articles mention starts with the researcher adding a third-party USB card that looks a lot like a

Comments

[rwx]

in related news, given a hammer, i can make a powerbook stop working.

--Corprew (or at least news at the same surprise level.)

[tongodeon]

I *was* dubious yesterday before the video surfaced because the claims of delivery and damage seemed extreme, alarmist, and nonspecific. I didn't say "I don't think such an exploit exists" then nor do I say that now, nor do I deny that their claims are improbable. I just thought that there was a lot of ambiguous space left open and people were filling that space in with worst-case scenarios.

Even after seeing the video it's still unclear how repeatable the exploit is. The main advantage of video is that it lets you show a completely controlled success instead of the hundreds of tests that didn't work or a single repeatable event in the field. That, coupled with dr_strych9's quasi-authoritative denials makes me still think something is fishy about this.

[tongodeon]

you were asking that people not give strangers access to their machine

That was referencing the last "OMG OSX IS DOOMED" exploit where someone managed to elevate an unprivileged user to root, but it was reported to appear that an outside attacker was able to get root without any assistance from the administrator of the machine. That's why I used a boolean 'or'.

If you want to keep your system secure, regardless of which operating system you use, don't give evil people accounts on your system or install untrusted third party hardware, drivers, or applications.

[wisn]

> I'm not entirely sure how well Maynor and Ellch are protecting Apple by emphasizing that the same problem exists in native Apple drivers but not demonstrating it.

Maybe they're protecting themselves from Apple.

[ikkyu2]

Yeah, they may not, for example, want their developer privileges yanked.

[tongodeon]

If they're in danger of getting their developer privileges yanked they've picked a pretty weird line to draw in the sand. Pick Apple hardware when any hardware will do, publicly accuse Apple drivers of being defective, publicly accuse Apple of attempting to suppress your accusations, but don't actually demonstrate your claims. You're telling me that Apple would have brought the hammer down if they'd actually *done* X but Apple's OK with them doing "everything up to and beyond"?

The whole scenario seems doubtful. Threatening corporations don't provide specific instructions and guidelines to guarantee the safety of the groups they threaten. They say vague things like "we've got a whole team of lawyers who do nothing all day but make lives miserable for people who malign our brand". No middle manager or junior lawyer wants to sign off on what sort of criticisms are acceptable or beyond reprisal when it blows up big enough that the higher-ups start hearing about it.

I can't find anything in the Apple Developer Terms and Conditions

[wisn]

> You're telling me that Apple would have brought the hammer down if they'd actually *done* X

That's plausible in the broad sense of, "A corporation may sue for defamation based on true allegations (eg, SLAPP)," but I have no recollection of Apple specifically doing this. Irrelevant but interesting: Notable litigation of Apple Computers.