I’m back from Black Hat and DEFCON, and I’ve vowed to actually start blogging regularly about some of the stories behind the stories. I’m hoping that more transparency about my reporting, more behind-the-scenes looks at the people in the stories and adding tidbits on which I might not otherwise report will end up helping my readers.
To that end, I wanted to highlight some of the issues behind David Maynor’s and Jon Ellch’s device drivers talk–otherwise known as the “MacBook hack” in popular media–which they gave at Black Hat and DEFCON and which got some Mac users in a tizzy.
First of all, what Maynor and Ellch–aka “johnny cache”–talked about was not a flaw in the Mac OS X, but a way of attacking computers through their wireless drivers. Both Maynor and Ellch did not say the attack was specific to the MacBook.
Ellch explained how to use idiosyncrasies in the wireless traffic produced by the drivers to detect which of more than a dozen chip/firmware combination was in use. The duo had fingerprinted 14 chip-firmware combinations based on their wireless traffic. Maynor had fuzzed a number of drivers under Linux, Windows, and–yes–the Mac OS X. So far, he has found four flaws: Two in Windows, one in Linux and one in the Mac OS X. One of the flaws in Windows could not be exploited except in special circumstances.
The duo decided to demo the attack on the Mac OS X using the exploit they found. They could have easily attacked a Linux machine or a Windows laptop using a wireless driver in which they had found a vulnerability. They mentioned that Apple’s current ad campaign, where a person representing a PC gets a virus and the Mac person stays healthy, was reminiscent of Oracle’s “Unbreakable” campaign–basically, painting a target on the company’s products.
The resulting coverage, however, was skewed to be controversial at the expense of balance, and that was not Maynor’s nor Ellch’s fault.
Yes, Macs can be compromised remotely. Ask any security researcher and they will tell you it is possible. But that wasn’t the point. As I wrote in an article from Black Hat, the truth is that many security researchers are finding it easier to find flaws in lower-level components of the operating system–such as device drivers–or moving up the software stack to commonly-used applications.
However, I also have to add that those Mac users whose faith in their operating system precludes room to consider that the software could be vulnerable to attack need to think a bit more rationally about their security.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.