Wireless FUD
A number of reports today are highlighting how a MacBook was broken into over a wireless network at the BlackHat conference in Las Vegas. In a classic example of “Fear, Uncertainly and Doubt” reporting, the circumstances of the “break in” are essentially left to the reader’s imagination. Here are some details.
The researchers, John Ellch and David Maynor, presented, not a live demo, but a video tape (which can be seen here for instance), of a MacBook being taken over by using another computer masquerading as a wireless access point. The bogus access point sends mal-formed data in such a way that a vulnerability is exploited and shell-level access to the Mac is granted to the “attacking computer” (the pseudo-access point). Although the video looks legit, a video rather than a live demo certainly raises some initial questions.
More important, however, is that specific statements and actions by the researchers are not being emphasized in the reporting.  In particular:
  1. (1) The researchers make it clear that they feel the vulnerability exists in both Windows and Mac OS machines. Why they chose a Mac for the demo is the subject of much discussion right now. Some claim it is related to Apple’s latest commercials.
That’s right, even though every Mac these days comes with AirPort-based wireless Internet access built in, and almost no one adds on such a card, the demo required the addition of third-party hardware and software. It seems highly likely the researchers simply found a flaw in the third party’s driver, which could be exploited on either the Mac or Windows, and used that flaw to break into the machine. It’s sort of like being able to put a time bomb inside a safe, setting that bomb off, and then saying “look how insecure the safe was.”
Additional reports are surfacing claiming the researchers believe such a flaw exists with the built-in AirPort card and drivers, and if so, it’s something much more serious to worry about. But, in this case, why all the FUD introduced by the use of a third-party card? Show us a real problem!
An additional question is: are the demo, and the flaw itself, Intel-specific?  Does the choice of the MacBook indicate that maybe Apple’s move to Intel has introduced some additional vulnerabilities, as some have speculated?
More as this all gets figured out...
Thursday, August 3, 2006