Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Apple Denies Wi-Fi Flaw, Researchers Confirm 267

Posted by Zonk
from the not-as-bad-as-it-seemed dept.
Glenn Fleishman writes "Apple tells Macworld.com that the Wi-Fi exploit demonstrated at Black Hat 2006 in a video doesn't show a flaw in their hardware or software. A third-party USB adapter with different chips and drivers was used, and Apple says the two researchers haven't provided Apple with code or a demonstration showing a working exploit on Apple equipment. The researchers added a note at their Web site confirming that only an unnamed third-party adapter was used. This doesn't mean the researchers have no flaw to show, but rather that their nose-thumbing at Apple users who were too secure in their security was misplaced, at least at present. The researcher's claim that they were providing information to Apple now seems off-base, too."
This discussion has been archived. No new comments can be posted.

Apple Denies Wi-Fi Flaw, Researchers Confirm

Comments Filter:
  • by A. Bosch (858654) <anonymous...bosch@@@gmail...com> on Friday August 18, 2006 @09:31AM (#15934471) Homepage
    So I can go back to being "smug" now about security on my mac?
    • Smug? No, you should Cower in Fear(TM) like The Rest of Them (TM).
    • Re:What a relief. (Score:5, Insightful)

      by Anonymous Coward on Friday August 18, 2006 @11:21AM (#15935419)
      Some how I think all this current bull shit about Mac users being "smug" about security is simple sour grapes. Linux users are similarly "smug" about security, but that is only if you define "smug" as simply stating the fact that there are certain things in place in the OS either by design or decision that make it inherently more secure out of the box. That in NO WAY means we should take any threat lightly, however stating the inherent higher security of these OS' is far from "smug" it is a simple fact. If no one likes it, then tough shit. I refuse to apologize or be meek about heightened security of my OS preference simply because windows users are pissed off because they are still struggling with exploits and viruses that should have been rendered impotent years ago.
    • Re: (Score:2, Funny)

      by CaptDeuce (84529)
      So I can go back to being "smug" now about security on my mac?

      Only if you continue to smell your own farts [wikipedia.org].

      • by hmccabe (465882)
        I had to put my mouse over your link to see if you linked to an article about what farts are.
  • by Doctor Memory (6336) on Friday August 18, 2006 @09:34AM (#15934495)
    And here I agreed that the Mac community was too complacent. I was hoping that this would be a rather benign wake-up call (given that it wasn't an exploit seen in the wild, and the hats were taking proper precautions to prevent it from becoming so). And now we see that they were just trying to leverage their exploit to make a (valid, but now diluted) point.
    • by kaan (88626) on Friday August 18, 2006 @10:08AM (#15934751)
      Furthermore, all this is going to do is bolster the view that Macs are invincible. ... Oh you say you found another new exploit or vulnerability? Psha! As if! Didn't you hear that the only "exploits" on Macs are total bullshit invented by a couple clowns who hate Steve Jobs? And dude, didn't you see that Apple commercial about "viruses"? The Mac didn't get sick at all! But the PC did!

      The thing that's more concerning to me is that the tech news and media start sounding like CNN. It seems like anybody can step up and make a loud claim about something controversial, and the news sites just spread it around. Most other tech security claims are held accountable for documenting details and specifics, and being up-front about things like, "well, this only happens while using a random 3rd party wireless card, which would admitedly happen almost never on a Mac since most have built-in wireless...".
  • by Anonymous Coward on Friday August 18, 2006 @09:38AM (#15934521)
    Security Fix [washingtonpost.com]:

    During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.

    • Re: (Score:3, Insightful)

      by Anonymous Coward
      Brian Krebs has been proven to be a fraud many times over when it comes to security. Take what he says with a large grain of salt... like maybe one the size of your house. As for the test, I'm surprised the rest of the Black Hat community didn't call Maynor and Ellch out and get them to do the exploit live. Probably because they can't....
      • Re: (Score:3, Insightful)

        by Sancho (17056)
        There's a really, really legitimate reason for not doing the demo live: they'd basically be releasing the exploit. After all, they were giving the talk to a large room full of people with notebooks, and if they started doing a demo, you know damn well that at least a fourth of them would start a wireless packet capture.
    • Re: (Score:3, Informative)

      by Anonymous Coward
      "During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that
  • by gnasher719 (869701) on Friday August 18, 2006 @09:41AM (#15934539)
    We were told that all Macs are vulnerable. And not only all Macs, but also all Linux machines, and all Windows machines. It seems this was not the case. Apparently there is no exploit at all against a bog standard Macbook with built-in wireless, and that covers about 99.999 percent. Using an external card was essential to the exploit, the claimed "pressure from Apple" was just made up. Remember, these guys _did_ claim that a Macintosh with built-in wireless adapter was vulnerable, and they didn't demonstrate that because of pressure from Apple! I didn't believe it then, nobody should have ever believed it without evidence, and now they have been caught with their lies.

    Shame on everyone who reported it without checking the facts.
    • Careful now... (Score:2, Insightful)

      by Savage-Rabbit (308260)

      Remember, these guys _did_ claim that a Macintosh with built-in wireless adapter was vulnerable, and they didn't demonstrate that because of pressure from Apple! I didn't believe it then, nobody should have ever believed it without evidence, and now they have been caught with their lies.

      I have done enough debugging work to know that there is always a chance somebody screws up and screws up badly... That goes for Apple just like anybody else (I'm one of their customers by the way). Just because these hackers

    • Re: (Score:3, Funny)

      by podperson (592944)
      Shame on everyone who reported it without checking the facts.

      Nah, they're just on to the next unchecked story. This is old "news" ... why beat a dead horse ... er ... try to unring a bell? We all know that the Macbook was hacked remotely, we found WMDs in Iraq, Saddam Hussein was directly involved in 9/11, and John Kerry inflicted wounds on himself to get a Purple Heart.

      Pretty much the only story that's ever been "corrected" successfully was George W. Bush's being AWOL from the National Guard. He was AWOL,
  • by Cyborg Ninja (954796) <cyborg_metroid@yahoo.co.jp> on Friday August 18, 2006 @09:42AM (#15934554)
    I'd like to know if the fact that a third-party driver was used was reported when the exploit came out, or if this senior researcher at SecureWorks withheld that information deliberately. He stated he doesn't want to reveal the name of the device for legal reasons, but I don't know if this is just an excuse to hide behind or not. It sounds like he set out with a purpose, that is to make Mac users feel less "smug" about security, rather than point out vulnerabilities to increase security in the long-run. Sort of like a scientific researcher who comes up with a conclusion and will do anything to reach it.
  • I told you so [slashdot.org]

    75% of people on Slashdot all tout the party line, "Don't believe everything you read in the mainstream media." It doesn't matter whether the discussion involves Iraq, Microsoft, SCO, Linux, IBM, the U.S. government, or CmdrTaco. If it's on CNN, don't believe it.

    Well, here I am, to tell you, be skeptical of regular Joes, as well.

    In this discussion [slashdot.org], the only people not agreeing with the article said things like, "it was a 3rd party card." The thing is, I don't understand why you would believe AN
  • by supabeast! (84658) on Friday August 18, 2006 @09:44AM (#15934569)
    So if this report is true it means that computer security professionals are grandstanding and misstating the facts to get attention and advance their own personal agendas. I am shocked that such a thing could happen! If we can't trust computer security nerds when they present at Black Hat, how can we trust them when they release proof-of-concept code, call it virus in the wild, and then try to sell us antivirus tools to remove it? How can we trust their products for *nix operating systems?

    My God - what if the computer security folks are often just full of shit?
  • by Anonymous Coward
    Researchers "confirm" the denial or "confirm" the flaw?

    ahhhh, not so confusing....the headline drew me in to read it for clarification...verrrry clever.
  • No Surprise (Score:5, Insightful)

    by ar (109152) on Friday August 18, 2006 @09:46AM (#15934590)
    Anyone who thought about it for more than a second or two would have realised that it was never going to be a vulnerability in the default MacBook Pro hardware or drivers. If it wasn't, why would they need to introduce a third-party wireless adapter at all?

    Frankly, the disclosure here was pretty amateurish. Surely they would have known that demoing the vulnerability on Apple hardware would have implicated Apple. In fact based on the "aura of smugness on security" comment it looks like they deliberately *chose* Apple hardware to be falsely implicated.

    Do these guys have *any* credibility left?
    • Re: (Score:3, Insightful)

      by gnasher719 (869701)
      '' Anyone who thought about it for more than a second or two would have realised that it was never going to be a vulnerability in the default MacBook Pro hardware or drivers. If it wasn't, why would they need to introduce a third-party wireless adapter at all? ''

      Remember that when the "researchers" were confronted with this very reasonable argument, they claimed that they didn't demonstrate their "exploit" with the standard hardware because (as they claimed) "Apple had leaned on them". At that time I though
      • by Weedlekin (836313)
        Yeah. it's like having MS lean on your three-man software company by buying it for a few million greenies. Oh, woe is me, Micro$soft have used anti-competitive tactics on my poor little company, I'll now have to spend time crying into my cocktail on a beach in Barbados instead of writing C++ and answering phones. Ba$tards!
  • by Nijika (525558) on Friday August 18, 2006 @09:51AM (#15934621) Homepage Journal
    I have found this amazing security flaw in OSX. If you take a specially crafted driver, and you use a specially crafted peice of hardware and insert it into the system you want to compramise, you can then compramise it remotely!

    Gad Zukes!

    This is almost as good as the Debian exploit I found last year. I found that if you built a specially crafted PC, and then installed a specially crafted version of Debian, it would prompt you to set the root password during the install, leaving the system open to compramise by the person installing the OS.

    Next year's Black Hat conference, here I come!

  • by b1t r0t (216468)

    In other news, Cisco can't reproduce the security flaw from last month's Black Hat conference. [csoonline.com.au]

    ...and now we've got some guy claiming to be Jon Benet's murderer when there are big holes in his story (claimed he took her home from school, but it was Christmas vacation, and there is little evidence that he was even in Boulder at the time)

    What we seem to have here is an epidemic of Attention-Whore-Itis.

  • by sjonke (457707) on Friday August 18, 2006 @10:03AM (#15934714) Journal
    1. Take your MacBook and sit it on table
          2. Log in to the MacBook with your username and password
          3. Turn on "Remote Login" in the "Sharing" system preferences pane if it isn't already on
          4. Select your wireless network from the menu in the menubar and enter the password
          5. Write down the IP address that you see in the TCP/IP tab of the airport settings on the MacBook. You'll need it later.
          6. Take a different computer of yours and connect to the same wireless network and enter the password
          7. Bring up a terminal and type in ssh://
          8. At the login prompt enter your username and password
          9. You're in baby, have a fuckin' field day!!!
    • Re: (Score:2, Funny)

      by Tarmas (954439)
      1. Take your MacBook and sit it on table
      2. Log in to the MacBook with your username and password
      3. Turn on "Remote Login" in the "Sharing" system preferences pane if it isn't already on
      4. Select your wireless network from the menu in the menubar and enter the password
      5. Write down the IP address that you see in the TCP/IP tab of the airport settings on the MacBook. You'll need it later.
      6. Take a different computer of yours and connect to the same wireless network and enter the password
      7. Bring up a te
  • by davidwr (791652) on Friday August 18, 2006 @10:10AM (#15934767) Homepage Journal
    Before you tar and feather someone publicly, make darn sure you don't leave the wrong impression or it will boomerang on you later.

    This is true in any industry.

    If these guys had made it CLEAR that they were using a NON-APPLE network device from the get-go we wouldn't be having this discussion today.

    What they should have said:
    "We found a wireless exploit in a major-brand wireless network device. We will be releasing the name and model number of the device after responsible notification to the vendors involved. The videotape you are watching shows this device connected to an Apple Macintosh. We have also tested a device containing the same chipset connected to a Windows-based PC and found similar problems."
  • Which is sadder? (Score:4, Insightful)

    by david.emery (127135) on Friday August 18, 2006 @10:13AM (#15934790)
    1. The inconsistent position of the original demonstration?
    2. The willingness of everyone to jump on an actual vulnerability in MacOS X (schadenfreude) ?
    3. People who believe that the only reason software is vulnerable is its market share?
    4. People who think that a company should be able to warrant/guarantee an OS regardless of what you do to the machine it's running on?

    Does /. have a polling mechanism? Can we actually vote on these?

            dave

    p.s. my Mini, that runs continuously 24 hours/day including web server, iTunes broadcast, etc, had a kernel panic yesterday. First time, too! I think it was because I was in the middle of LDAP client configuration and left the machine in an inconsistent state, i.e. -operator error-. No, OS X isn't perfect, but it's a damn site better than -any other OS- I've used on personal hardware. The only things I've used in almost 30 years in the business that have been more reliable are VAX/VMS, Ultrix and SunOS 4.0.3...
    • by dfghjk (711126)
      how can a user error produce a kernel panic without there being a flaw?

      I run all my machines 24/7, they share resources on networks, and my mini isn't any more robust than my XP systems. It locks up periodically just like everything else. What is interesting is how frequently it goes unresponsive for long periods of time. The color wheel is one of it's most familiar mouse pointers to me. Perhaps it's a dying harddrive, but, considering that it's on its second motherboard and second harddrive, I'd say my m
  • by Durandal64 (658649) on Friday August 18, 2006 @10:16AM (#15934819)
    These guys had a demonstrable bias against Apple's platform and users from the get-go. They specifically chose the MacBook because they didn't like Mac users' supposedly smug attitude about security, so they wanted to make a public example of a Mac getting 0wned. But oh wait, they used a third-party wireless device with a third-party driver, a setup that's about as common on Mac hardware as steaming shit in Antarctica. When asked why they chose this, they claimed that Apple had put pressure on them to not demonstrate the flaw with Apple hardware ... but to go ahead and tell everyone that the same flaw existed in Apple hardware anyway. Why Apple would ask them to do that is anyone's guess. This was a highly dubious claim at the least. It's not surprising at all that it turned out to be total bullshit.

    With the statements from Apple, the questionable reasons given by the researchers and their ire about the Mac community in general, I think the most probable conclusion is that these guys are full of shit. What I can't understand is why they'd risk their reputations on something seemingly so petty.
    • Re: (Score:2, Insightful)

      by dfghjk (711126)
      "It's not surprising at all that it turned out to be total bullshit."

      Apple made no statement denying the claims. All the said was that a 3rd party adapter was used and that no flaw in their product had been demonstrated to them. Both could be telling the truth and both could be lying. Nothing new here.

      "in general, I think the most probable conclusion is that these guys are full of shit."

      What stake do you, or anyone here, have in Apple being shown innocent here?

      "...their ire about the Mac community in gene
    • Re: (Score:2, Funny)

      Er... while I basically agree with what you wrote I'd like to note that if you want to be 100% sure that your shit will steam, antarctica probably is the place to go on this planet.

      ;)
  • by Microsift (223381) on Friday August 18, 2006 @10:18AM (#15934832)
    The headline's construction is confusing (paraphrasing) Apple Denies, Researchers Confirm. Since deny and confirm are antonyms, the headline implies that the two parties, Apple and the researchers are in disagreement, which is not the case.
  • by cyfer2000 (548592) on Friday August 18, 2006 @10:20AM (#15934849) Journal
    I have been wondering from the beginning, if they could insert an third party wireless card into my computer, why don't they insert a OS X boot DVD and enable root on my computer? Or simply grab my computer, they can gain TOTAL control of my computer much faster.
  • I guess that's not the publicity they were looking for....

    To bad
  • Well, Duh (Score:5, Funny)

    by MidKnight (19766) on Friday August 18, 2006 @10:27AM (#15934910)
    Anyone who did some passing research into the original posting [slashdot.org] could've seen that. As I said originally, these guys just did their demonstration on a Mac in order to get a publicity storm started. They certainly accomplished that, and probably raised the visibility of their security company as a result. Good for them, I guess.

    This is a very real exploit... just not one that the Mac is vulnerable to unless you're using 3rd party wireless hardware. And how many Mac users do you know that use 3rd party wireless hardware? Yeah, me either.
  • Another corked demo. So what's new about that?
  • I haven't read all of the posts, so my apologies to anyone who posted it first, but... Wouldn't it be smart of Apple to pay these guys a consulting fee to spend a few days with their networking geeks and see if A) they can replicate it on an Airport card, and B) if there's a way to patch the problem, if it exists, in the OS? The hackers get paid, Apple patches a potential security flaw... everybody wins.
  • by tsu doh nimh (609154) on Friday August 18, 2006 @03:21PM (#15937058)
    There is an update [washingtonpost.com] at the Washington Post's SecurityFix blog that includes this info about the back and forth between Apple and SecureWorks:

    "A number of news outlets and blogs have picked up on these various statements and clarifications, but nowhere have I seen this tidbit: Apple's Fox said that prior to the Black Hat demo, SecureWorks did contact Apple about a wireless flaw in FreeBSD, the open-source code upon which Apple's OS X operating system is based. In January, FreeBSD released a patch to fix the problem, which according to the accompanying advisory, related to a flaw in the way FreeBSD systems scanned for wireless networks that could be exploited to allow attackers to take complete control over the targeted machine.

    I looked through the last eight months of patches from Apple and could not find any evidence that it also shipped an update to correct this flaw. Fox said she would check with Apple and get back to me. Fox also said Apple staff were already aware of the flaw when SecureWorks contacted them about it prior to their Black Hat presentation, and that Apple had already determined that the wireless flaw addressed in the FreeBSD patch was not exploitable on any of the Mac products.

    "SecureWorks has not be able to exploit this for us," Fox said. "No one has been able to show us a way to exploit our internal [wireless] device drviers with that flaw."

Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche.

Working...