MacBook Wi-Fi Hack Details Released

Posted by:
Date: Monday, March 5th, 2007, 07:22
Category: News

macbookwhite.jpg
David Maynor, the hacker who unveiled a security hold in the Mac OS X 10.4.6 operating system and the MacBook laptop last summer, offered an apology for what he considered mistakes he had made and offered a live demonstration of the MacBook Wi-Fi vulnerability as a Black Hat DC event last month.
Maynor also offered to release e-mail exchanges, crash/panic logs, loose notes and the exploit code used in the hack, which allowed third party code to be run over the wireless connection, as a means of clearing is name.
Last summer, Maynor released a find that he had discovered a security hole in Mac OS X 10.4.6 and the then-current version of Apple’s AirPort drivers that would allow third party code to be run. The hack was proven to work, but became controversial when a third party wireless card and third party drivers were involved with the exploit. Maynor later brought up that Apple never credited him, his co-presenter Jon “Johnny Cache” Ellch or his previous employer, SecureWorks with the find according to an entry on ZDNet’s Zero Day security blog.
Click the jump for the full story…


macbookwhite.jpg
David Maynor, the hacker who unveiled a security hold in the Mac OS X 10.4.6 operating system and the MacBook laptop last summer, offered an apology for what he considered mistakes he had made and offered a live demonstration of the MacBook Wi-Fi vulnerability as a Black Hat DC event last month.
Maynor also offered to release e-mail exchanges, crash/panic logs, loose notes and the exploit code used in the hack, which allowed third party code to be run over the wireless connection, as a means of clearing is name.
Last summer, Maynor released a find that he had discovered a security hole in Mac OS X 10.4.6 and the then-current version of Apple’s AirPort drivers that would allow third party code to be run. The hack was proven to work, but became controversial when a third party wireless card and third party drivers were involved with the exploit. Maynor later brought up that Apple never credited him, his co-presenter Jon “Johnny Cache” Ellch or his previous employer, SecureWorks with the find according to an entry on ZDNet’s Zero Day security blog.
“I made mistakes, I screwed up. You can blame me for a lot of things but don’t say we didn’t find this and give all the information to Apple.
“They claimed we had nothing to do with their patches but I’ll release all the crash and panic logs that we gave to them. You can look at it and decide for yourself,” Maynor said. “I’ll give you crash/panic logs if you want.”
Apple has maintained that it was aware of the vulnerability prior to Maynor’s release of the exploit.
Since Maynor’s discovery, Apple has since changed security and AirPort code between the Mac OS X 10.4.6 and Mac OS X 10.4.8 operating system versions, thereby patching the reported bug. Maynor has presented his notes on the exploit on the Errata Security blog and has also released the slides from his Black Hat DC presentation.
A full roundup of the events, including legal pressure Apple may have exerted on Maynor and SecureWorks, is detailed in George Ou’s IT blog.
And folks, it’s just wireless security. Save the threats against against a person and his dog for when the paper boy delivers your weekend edition to the neighbor’s juniper shrub for the fourth straight time in a row.
If you have any comments either way about this issue, let us know.

Recent Posts