Hijacking a Macbook in 60 Seconds or Less, or maybe not
Yesterday there was a story about hacking a MacBook remotely by manipulating its wireless drivers that Slashdot picked up today. I was dubious, so I found the video. As I expected the story is a little misleading. The demonstration video that the articles mention starts with the researcher adding a third-party USB card that looks a lot like a USR805422 to his MacBook. Coincidentally I bought one of these last weekend at the TRW Swapmeet - the card is either broken (possible, given its price and purchase location) or it doesn't work in a MacBook without special drivers that you'd also have to install and configure before the attack could occur.
It doesn't surprise me at all that someone who is able to install hardware and drivers into a computer is able to subsequently compromise that computer. The video is a useful cautionary tale for the very small number of users like myself who sometimes want two wireless network interfaces on their laptops. It's also a useful demonstration that OSX's drivers apparently don't run in unprivileged userspace, but then again neither does Linux, BSD, Windows, or OS9. Just like the story where OSX was hacked earlier this year (by someone who was given an account on the target system) it's easy to leave out crucial details from a story.
If you want to keep your system secure, regardless of which operating system you use, don't give evil people accounts on your system or install untrusted third party hardware, drivers, or applications.
Update: Then again...
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.
I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.
...
Again, the whole point of this story was not to pick on Macs, but to point to a security issue that affects multiple operating systems and one that is long overdue for some serious code review by the companies that OEMs rely upon to produce this software.
This sounds pretty weird as well. I'm not entirely sure how well Maynor and Ellch are protecting Apple by emphasizing that the same problem exists in native Apple drivers but not demonstrating it.
It doesn't surprise me at all that someone who is able to install hardware and drivers into a computer is able to subsequently compromise that computer. The video is a useful cautionary tale for the very small number of users like myself who sometimes want two wireless network interfaces on their laptops. It's also a useful demonstration that OSX's drivers apparently don't run in unprivileged userspace, but then again neither does Linux, BSD, Windows, or OS9. Just like the story where OSX was hacked earlier this year (by someone who was given an account on the target system) it's easy to leave out crucial details from a story.
If you want to keep your system secure, regardless of which operating system you use, don't give evil people accounts on your system or install untrusted third party hardware, drivers, or applications.
Update: Then again...
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.
I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.
...
Again, the whole point of this story was not to pick on Macs, but to point to a security issue that affects multiple operating systems and one that is long overdue for some serious code review by the companies that OEMs rely upon to produce this software.
This sounds pretty weird as well. I'm not entirely sure how well Maynor and Ellch are protecting Apple by emphasizing that the same problem exists in native Apple drivers but not demonstrating it.