Less wireless FUD
In an attempt to clarify some of the FUD from the recent wireless exploit demo, and react to what he terms “hate mail,” Washington Post reporter Brain Krebs has posted his full interview with the researchers who showed only a video of that exploit at the recent Black Hat conference. Mr. Krebs was in the room for the actual exploit, and had a tape recorder running.
The full interview is very interesting, and provides significant additional details. Assuming we believe Mr. Krebs (and at this point there’s no reason not to), it seems highly likely that the exploit is possible against at least the MacBook’s built-in AirPort (wireless) card and driver for Mac OS X 10.4.7 (or some version very close to that anyway). It’s even possible without connecting the Mac to the bogus wireless access point created to implement the exploit. On the other hand, the exploit is very, very difficult to pull off, and would require quite a lot of work on someone’s part, even if the researchers provided their research and code (which they admit is really only intended for a test/demo environment) to someone else.
In the interview it’s also made clear that Apple has been contacted about this problem, so hopefully there will be a fix forthcoming soon, well before anyone goes to all the work and risk needed to exploit the flaw (assuming of course the flaw really exists). One problem however, and a root cause of the flaw, is that Apple seems to not write even the internal AirPort card driver itself, but gets that driver from a third party. This approach is problematic both because the third party’s reliability criteria may not be as strict as Apple’s and because there’s another level of indirection involved in the process, which makes getting any fix to market take longer. In the future, hopefully Apple will consider writing its own drivers, for both the AirPort card and other system components that could exhibit similar problems (the Ethernet card for instance).
Thursday, August 17, 2006