Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Breaking into a laptop via Wi-Fi

From: David Farber <dave () farber net>
Date: Fri, 4 Aug 2006 15:09:00 -0400


Begin forwarded message:

From: Glenn Tenney CISSM CISM <gt_IP060804 () think org>
Date: August 4, 2006 2:45:18 PM EDT
To: David Farber <dave () farber net>
Subject: Re: [IP] Breaking into a laptop via Wi-Fi

On Fri, Aug 04, 2006 at 02:13:11PM -0400, David Farber wrote:

Maynor, along with researcher Jon "Johnny Cache" Ellch, showed a
video of a successful attack on an Apple Computer MacBook. However,
the attack is possible also on other computers, both laptops and
desktops, and not just MacBooks, the researchers said.


In some of the news I've seen on this the headlines make
it seem that this is a MacBook vulnerability when instead,
they chose to use a third-party WiFi card in a MacBook because,
as they say in
http://blog.washingtonpost.com/securityfix/2006/08/ hijacking_a_macbook_in_60_seco_1.html 

"Maynor said the two have found at least two similar flaws in device
drivers for wireless cards either designed for or embedded in machines
running the Windows OS. Still, the presenters said they ultimately
decided to run the demo against a Mac due to what Maynor called the
"Mac user base aura of smugness on security." "

and, in http://abcnews.go.com/Technology/wireStory?id=2266507

"Maynor said the MacBook used in the demonstration was not using the
wireless gear that shipped with the computer."

In other words: They did this by plugging in a non-Apple WiFi card
into a MacBook (that comes with Apple's WiFi card) and acknowledge
that the problem exists on Windows machines too -- and chose to do it
on the MacBook just to show that in a roundabout way they could attack
a Mac... with non-Apple hardware.

I think that, if true (and I don't have reason to doubt it), I'd be
even more worried about plugging in a WiFi card to a Windows machine
than I would for plugging in a WiFi card into a MacBook (I don't know
anyone who does that).

If they could have actually exploited this using a stock MacBook with
stock Apple WiFi, why didn't they?


--
Glenn Tenney CISSP CISM


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: