- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Security researchers David Maynor and Jon Ellch performed a digital drive-by Wednesday at the Black Hat USA conference. Their target: an Apple MacBook.
The two researchers have found ways to seize control of laptop computers by manipulating buggy code in wireless device drivers. In a videotaped demonstration at the conference, Manor showed how to use sophisticated hacking tools to add and remove files on a Wi-Fi enabled MacBook, manipulating the system from an adjacent laptop computer.
Wireless devices are designed to be constantly sniffing for new networks, and this can lead to security problems, especially if their driver software is buggy.
This can often happen as vendors rush to implement the complex wireless standards, said Ellch, a student at the U.S. Naval postgraduate school in Monterey, California. "A lot of hardware manufacturers have to ship stuff quickly," he said. "One of the things that gets sacrificed in the speed game is security."
Apple is not the only vendor to have problems with its wireless drivers, said Maynor, who is a researcher with SecureWorks. By exploiting bugs in four different wireless cards, the researchers found ways to seize control of laptops running Windows and Linux as well, they said.
"Don't think that just because we're attacking Apple that the flaw itself is in Apple," Maynor said. "We wanted to do some other demos and they weren't panning out."
However, Maynor said that the researchers knew that if they showed their demonstration on a Mac OS X system -- generally considered to be a very secure platform -- that show attendees would take their findings seriously.
The idea of poking a hole in Apple's current advertising campaign, which smugly boasts that Mac OS X is more secure than Windows, also appears to have been a factor. "I've got to be honest, those Mac commercials they just jump right out at you," Maynor told attendees during his presentation.
The researchers are now working with Apple to fix the problems, which may involve both operating system and driver patches, according to Maynor. Apple declined to comment for this story.
The Black Hat demonstration came just days after Intel issued patches for wireless driver flaws that could lead to the same problems that the researchers demonstrated in Las Vegas.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment