Gone in 60 seconds: MacBook security flaw exposed
A couple of friendly neighborhood hackers, Jon "Johnny Cache" Ellch and David Maynor have come up with a hack they claim takes 60 seconds and opens up any MacBook completely to their whims over a wireless connection. Supposedly the flaw, which they don't actually specify, is due to some faults in the device drivers which allow the wireless card to communicated with the OS. The flaw isn't unique to the MacBook, a few PC laptops have a similar vulnerability, but the pair of hackers have decided to pick on the MacBook due to the "Mac user base aura of smugness on security." So the next time Justin Long starts on that "Hello, I'm a Mac" shtick, you can always let him know of a certain 60 second vulnerability and change the channel before he gets too smarmy.



















Reader Comments (Page 1 of 2)
james @ Aug 3rd 2006 10:38AM
here come the spoof's
jared @ Aug 3rd 2006 10:40AM
I think the vulndev community beats all others hands-down in the "aura of smugness" category.
That said, glad these cats are out there making my future drivers safer. Respek.
koppite1 @ Aug 3rd 2006 10:41AM
I understand an external wireless card had to be used, so in all probability they've shown themselves up in their desperation to make "smug" Mac users eat their words
Jrgen @ Aug 3rd 2006 10:43AM
Important to note that this is with a third-party USB network card, and driver.
Jeff @ Aug 3rd 2006 10:47AM
Yeah and meanwhile, Apple just yesterday released 26 patches for OSX to close "critical" security vulnerabilities. They obviously missed a few.
I think it's about time for Mac users (and I'm one of them - I'm typing this on a dual-G5) to get over their security smugness.
n8diggity @ Aug 3rd 2006 10:48AM
I just watched the video showing the exploitation- I didn't feel they were targeting macs as much as the 3rd party wireless adapter.
http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html
Dmills @ Aug 3rd 2006 10:48AM
Mac users, smug alert ^^^^
bc @ Aug 3rd 2006 10:52AM
What they fail to say is that its not the airport card but a 3rd party wireless adaptor. How many people would use one if they already have a built in airport?
blahblah @ Aug 3rd 2006 10:54AM
So that dude has his own movie now eh? Tasteless overexposure alert...
Craig Dunham @ Aug 3rd 2006 10:54AM
Why is everyone accepting that these claims are true? Where's the proof? At least show us a video of the proof of concept. I am a Mac user, and I'm not stupid enough to think that we will never be hit with hackers or viruses, but if this is anything like the stories of a virus that spread a few months back, it's simply someone looking for their 15 minutes of fame. Those prior claims of a virus via a hole in iChat were ridiculous. You had to accept a chat from someone you didn't likely know, accept a file transfer from this person, unstuff the file, ignore the security warning further by entering your admin password and then install the virus yourself. That's not a virus, that's a stupid user.
Show me the proof of this, and then I can at least gauge the validity of the claim.
Craig Dunham
Cameron @ Aug 3rd 2006 10:56AM
Umm... why would one need a third party wireless card when they come built in?
I mean, I guess you could need them at a location where the signal is low, but then you add that into the mix: person who knows how to do this attack + third party wireless card.....
korey @ Aug 3rd 2006 10:56AM
anyone seen the mac windows linux spoof of this yet its hilarious pure mac geek comedy or u hate windows
Thataboy @ Aug 3rd 2006 10:57AM
This disproves the common argument "Macs don't have viruses because the low market share means no one cares."
A successful Mac virus would be huge publicity and a big feather in the cap of any hacker. People are gunning for Macs (funny how every report about this 3rd party wireless exploit is headlined something like "MACBOOK FLAW! SUCK IT FANBOYS!" when the exploit affects PC laptops as well).
No operating system will be 100% immune, but the fact is there have been no Mac viruses out in the wild -- just proofs of concept. That is a VALID reason to feel smug. Sometimes one has a legitimate right to feel smug. Windows users have a valid reason to feel smug about the # of games for their OS (and they are VERY smug about it).
Dave Murdock @ Aug 3rd 2006 11:00AM
This article needs to get updated to make it clear, as the video is crystal clear (linked above), that there is no flaw in Mac OS X or MacBooks, a 3rd party USB wireless adapter is connected to the MacBook, and as others have said, that is where the issue is. A MacBook can not be hijacked in 60 seconds, you need this 3rd party hardware for the vulnerability.
Joshua @ Aug 3rd 2006 11:01AM
If I wrote my own driver for any third party device for any platform, I could leave a wide open gap in security. This is a "crappy hardware/driver" alert.
Nice sensationalist reporting Paul.
TheYoshi @ Aug 3rd 2006 11:03AM
This is super lame.. I don't even think it's possible to buy a mac without an airport card built in anymore, or just about any other laptop for that matter. Does this work on a dell with a built in 802.11 card?
While I certainly agree that this needs to be addressed it is in no way an earth shattering vulnerability.
Not only that to be honest the only time any vulnerability becomes all that destructive is when the exact steps to reproduce it become easily available and/or someone makes an app that takes advantage of them. Then your friendly neighborhood script kiddies make everyone's day quite bad... until that time though, not too much to worry about.
herenot @ Aug 3rd 2006 11:06AM
this is bullshit. it's a vunrablity caused when using a 3rd party wireless card. macbooks have apple's own wireless card installed. how many systems do you think this effects in the real world?
Frank @ Aug 3rd 2006 11:07AM
STORY UPDATE: this was possible using a 3rd-party wireless hardware, not with supplied wireless card.
http://digg.com/apple/Hijacking_a_Macbook_in_60_Seconds_story_misleading
Benson Leung @ Aug 3rd 2006 11:10AM
This isn't a Mac vulnerability as it is a dumbass driver developer vulnerability.
There's a lot of sensationalism going on here. Say it for what this is : a 3rd party driver vulnerability on a 3rd party USB wireless adaptor that likely no one will ever use because all Macbooks come with built in wireless adaptors that are not affected.
Jesse @ Aug 3rd 2006 11:13AM
was the built-in firewall turned on? And it's pretty lame that this is with a 3d-party usb dongle and driver, shite, man, the macbook has it's own built-in airport for gods sake..
Tom Strong @ Aug 3rd 2006 11:14AM
1 vulnerability vs 114000+. Hmmm...I'll choose the 1.
ultrapod @ Aug 3rd 2006 11:16AM
lame indeed. "look at me, i found a bug in a third party driver!! and now i'm going to OWN J00 because i have an inferiority complex!! ha! i am teh HAxx0R #1!"
"respek" nothing. these losers are attention whores at best.
Chris @ Aug 3rd 2006 11:16AM
114000 ... how many are still actually open and usable at this point... i havent had a virus on my machines in 3 months... and never have had one on my 2 vista test machines
Joshua @ Aug 3rd 2006 11:23AM
To Chris, who hasn't had a virus in 3 months...3 months is 1/12th the supposed life of a computer. So if you get 12 viruses during you time with your eMachine, and I get none during the life of my Mac...still looks pretty lopsided.
MarcelV @ Aug 3rd 2006 11:25AM
"how many are still actually open and usable at this point... i havent had a virus on my machines in 3 months... and never have had one on my 2 vista test machines".
All of them are useable. That you have not been infected does not mean there are no machines out there in the wild that still carry them. And 3 months? Good job. haven't had one since 4 years ago I moved back to OS/X.
Dave Zatz @ Aug 3rd 2006 11:27AM
Washington Post writer confirms MacBook stock wireless card/drivers are vulnerable:
http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html
Nic @ Aug 3rd 2006 11:33AM
The same presentation also brought up a number of vulnerabilities in Windows drivers for wireless cards. From the WashPost article: "the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS." The presenters admitted they concentrated on the Mac vulnerability in order to combat the smugness of Mac users.
jesse netherland @ Aug 3rd 2006 11:35AM
"Maynor said the MacBook used in the demonstration was not using the wireless gear that shipped with the computer."
http://abcnews.go.com/Technology/wireStory?id=2266507
I will go back to my aura of smugness
Kyle @ Aug 3rd 2006 11:41AM
I just wanna say that I think Engadget is doing a great job.
I hate it when I get on here and guys like Joshua feel the need to complain about the "reporting" style. I think we all need to remember that this is a blog, not the NY Times. If you don't like the way they write, leave. No one wants you here anyway...
Nice work Paul. There are some people who appreciate the work you guys do!
Andrew @ Aug 3rd 2006 11:52AM
Whether this is a true vulnerability or not, it is still not that smart to taunt the hackers by declaring how much safer the Mac is on TV commercials. I am an Apple user and lover, but lets be honest, no system is invulnerable to hacks. There are just a lot less people using Macs then PCs. I think it is much safer and much more secure than Windows because Apple does not use the "release first and we will patch the hell out of it later" approach, but there are still flaws in there somewhere.
jamie @ Aug 3rd 2006 11:52AM
move along guys, nothing to see here. If you actually read the original article you will see that it is card specific. Every mac user knows that macs come with built in wireless cards, so, you will get my attention when you connect using a more realistic scenario, i.e. airport card. Oh, by the way, it is not a mac flaw, its is a wireless card flaw that affect PCs too. But heh, you made me look.
z @ Aug 3rd 2006 11:53AM
I'm sure there are many security flaws on unnecessary, therefore very seldom used, redundant external devices one could use with his computer. It's natural for they are so seldom used. I guess we can expect a maximum of 1/100000 macbook user to use an external wifi card those days when he has a great one included, and therefore even less users having their machine hacked. Maybe a bit more for pcs that come in so many different flavors. The only who should care are the developers that can refine their oses. Or did I get this one wrong?
Brian @ Aug 3rd 2006 11:59AM
You know, I'm capable of being just as smug as the next Mac user. And it's true that I enjoy the new series of Apple commercials as much as the next Mac geek.
But where a bunch of you guys apparently see people boasting of the "perfect security" of the Mac, I see no such thing. I see promotion of the better security of a Mac. No one I know...especially no one with any sense, claims their Mac is perfectly secure. Just more secure.
A lot more, sure. But still.
And if what I'm seeing is true...if these guys had to employ a 3rd-party card and driver to make this work, and had to have the networking configured to the promiscuous "connect automatically to any available wireless network" setting then, well...props to them for working hard to make the drivers more secure, but I'm not taking this as any big threat to my users.
Joshua @ Aug 3rd 2006 11:59AM
Fact: someone was able to gain user level access on a Mac using a 3rd party card/driver, by changing the default settings, and the Unix shell.
Deception: mentioning none of those in the article.
Kyle, that is where my "sensationalism" claim came from.
Neo-Fight.tv @ Aug 3rd 2006 12:06PM
Finding the Mac ads a little unbalanced?
Here's a new series called "The other side"
http://www.youtube.com/watch?v=i_kJPxhOd8U
Best,
Benjamin
jiltedcitizen @ Aug 3rd 2006 12:10PM
Wow the mac fanatics come out. Hmm lests read thw whole quote
Maynor said the MacBook used in the demonstration was not using the wireless gear that shipped with the computer.
"We did that so we're not singling out Apple," Maynor said.
They didn't way the Apple internal card was not affected either way. It could still be.
db @ Aug 3rd 2006 12:15PM
I work for the company Maynor works for, that video was shot in the conference room. The vulnerability is real, and it hasn't been publically disclosed for obvious reasons. The reason it was video taped was so it could at least be displayed at Defcon -- obviously running that exploit over the air in a room with all kinds of laptops connected via wifi and sniffers would be a bad thing.
Maynor states in the video the flaw isn't Apple-specific, but at the time of shooting he was about 10/10 on wireless card manufacturers being vulnerable. It's a remote root exploit.
db @ Aug 3rd 2006 12:16PM
As a follow up, the Airport card built in IS vulnerable.
Bjorn Olsson @ Aug 3rd 2006 12:17PM
So, in order to attack a MacBook you need to:
1: Find a victim that uses a 3rd party USB-based wireless card, Mac or Windows.
2:Get within wireless range of said victim.
Not saying it could not happen, but I can't say I am shaking in my boots.
matt @ Aug 3rd 2006 12:18PM
This exploit does work with airport. As was previously posted: http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html
It's true that Mac OS X has better security features then windows, but the truth is that the weakest point has and always will be the user, and I'm afraid Macs are the bottom of the barrel in that regard.
PEZ @ Aug 3rd 2006 12:19PM
HAHAHAHAHAHA MAX SUCK! HAHAHAHAHA.
Just kidding. Im only serious.
Jeffrey M Foster @ Aug 3rd 2006 12:44PM
i like the sensational title: "MacBook security flaw exposed"
Even though the flaw is certainly NOT specific to the macbook, but to apparently "10 out of 10 wireless cards tested" the only way it's NEWS if it effects a mac.
Security holes in PCs have been old news for decades. I think Mac users are doing pretty well (and deserve a little smugness) if you have to find a Mac security flaw to be somebody these days. ...Meanwhile some kid creates a new worm that takes out 10,000 PCs, and no one ever even hears about it.
:P
Peter @ Aug 3rd 2006 12:52PM
"As a follow up, the Airport card built in IS vulnerable."
Then why not do the "demo" with the built-in card?
dave @ Aug 3rd 2006 12:53PM
Someone manually hacking into your computer is not the same as a computer virus.
arthur barnhouse @ Aug 3rd 2006 1:04PM
"As a follow up, the Airport card built in IS vulnerable."
Bullshit. The movie clearly states that the flaw isn't built into the macbook. He says that as he's plugging in the third-party card.
Dan @ Aug 3rd 2006 1:16PM
For all of you smug (sorry, couldn't resist) Mac users claiming this is only a 3rd party USB exploit, it turns out that it isn't. They used the USB adapter because Apple reps requested that they not demo the exploit using Apple's built in wireless. The hackers say that the built in is just as vulnerable.
Matt @ Aug 3rd 2006 1:20PM
There is a video, but there's no actual proof. For all we know, he could be using a modified version of SSH.
Of course, I suspect that he isn't, and that it's probably real.
jiltedcitizen @ Aug 3rd 2006 1:20PM
Do all the Apple fanboi's here realize that Apple out sources things like the wifi card? Or you just like complaining when someone says something bad about your OS of choice?
xxdesmus @ Aug 3rd 2006 1:23PM
"Then why not do the "demo" with the built-in card?"
It shown on a 3rd party card at Apple's request. They pressured these guys to now show that all current Macs are vulnerable to this attack until Apple can get a patch out...that being said, yes, All current Macs are vulnerable to this attack so says the author.
Mattster @ Aug 3rd 2006 1:23PM
As for the ads, it was reported in the WSJ that consumers in test audiences strongly disliked the smug nature of the mac dude, while they enjoyed the likable pudgy accountant looking guy. As a result, Apple will be tweaking future ads.
No point appealing solely to those that already own your product...