Interesting People mailing list archives
more on Breaking into a laptop via Wi-Fi
From: David Farber <dave () farber net>
Date: Fri, 4 Aug 2006 18:43:38 -0400
Begin forwarded message: From: "Karl J. Smith" <karl () karl com> Date: August 4, 2006 5:59:50 PM EDT To: dave () farber net Subject: Re: [IP] more on Breaking into a laptop via Wi-Fi >>If they could have actually exploited this using a stock MacBook with stock Apple WiFi, why didn't they? Pressure from Apple. From: http://arstechnica.com/journals/apple.ars/2006/8/2/4856*Update: *A reader wrote to tell me that there was a followup article posted by the original author. The hack was done on a MacBook with a third-party wireless card and not the built-in Apple Airport card. The hack was originally going to happen on the MacBook's Airport card but apparently Apple put a bit of "pressure" on the presenters and they decided it was in their best interest to go along with Apple's "suggestion." It is important to note that despite this, according to the duo, the exploit works the same way on the built-in Airport card.
See also: http://blog.washingtonpost.com/securityfix/2006/08/ followup_to_macbook_post.html
David Farber wrote:
Begin forwarded message: From: Roger Weeks <rjw () mcn org> Date: August 4, 2006 3:32:35 PM EDT To: dave () farber net Subject: Re: [IP] more on Breaking into a laptop via Wi-FiIt's my understanding that this demonstration was made using an Atheros wireless card, which is the same wireless chipset used in the MacBook. It's also my understanding that the demonstration was made using the default wireless drivers in the MacBook that ship with Mac OS X 10.4.Why they chose to use an external Atheros-based wireless card rather than the internal card is a mystery to me.-- Roger J. Weeks Systems & Network Administrator Mendocino Community Network On Aug 4, 2006, at 12:09 PM, David Farber wrote:Begin forwarded message: From: Glenn Tenney CISSM CISM <gt_IP060804 () think org> Date: August 4, 2006 2:45:18 PM EDT To: David Farber <dave () farber net> Subject: Re: [IP] Breaking into a laptop via Wi-Fi On Fri, Aug 04, 2006 at 02:13:11PM -0400, David Farber wrote:Maynor, along with researcher Jon "Johnny Cache" Ellch, showed a video of a successful attack on an Apple Computer MacBook. However, the attack is possible also on other computers, both laptops and desktops, and not just MacBooks, the researchers said.In some of the news I've seen on this the headlines make it seem that this is a MacBook vulnerability when instead, they chose to use a third-party WiFi card in a MacBook because, as they say inhttp://blog.washingtonpost.com/securityfix/2006/08/ hijacking_a_macbook_in_60_seco_1.html"Maynor said the two have found at least two similar flaws in devicedrivers for wireless cards either designed for or embedded in machinesrunning the Windows OS. Still, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the "Mac user base aura of smugness on security." " and, in http://abcnews.go.com/Technology/wireStory?id=2266507 "Maynor said the MacBook used in the demonstration was not using the wireless gear that shipped with the computer." In other words: They did this by plugging in a non-Apple WiFi card into a MacBook (that comes with Apple's WiFi card) and acknowledge that the problem exists on Windows machines too -- and chose to do iton the MacBook just to show that in a roundabout way they could attacka Mac... with non-Apple hardware. I think that, if true (and I don't have reason to doubt it), I'd be even more worried about plugging in a WiFi card to a Windows machine than I would for plugging in a WiFi card into a MacBook (I don't know anyone who does that). If they could have actually exploited this using a stock MacBook with stock Apple WiFi, why didn't they? --Glenn Tenney CISSP CISM ------------------------------------- You are subscribed as rjw () mcn org To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/ interesting-people/------------------------------------- You are subscribed as karl () karl com To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/interesting- people/
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Breaking into a laptop via Wi-Fi David Farber (Aug 04)
- <Possible follow-ups>
- more on Breaking into a laptop via Wi-Fi David Farber (Aug 04)