Robert Lemos

…articles and musings of a technology and science journalist

Robert Lemos header image 2
Trusted computing a shield against worst attacks? Security pro pleads guilty to USC breach

MacBook smackdown!

September 2nd, 2006 · No Comments

A member of the Mac community has thrown down the gauntlet.

On Friday, John Gruber challenged David Maynor and Jon Ellch to put their money where their videotaped exploits are and meet behind the local Apple Store to duel as only hackers know how.

As readers might remember–indeed, if you are a Mac user, how could you forget?–Maynor and Ellch showed off a way of attacking laptops through their wireless drivers. The duo claimed to have as many as four different exploits: two for Windows wireless drivers, one for a Linux driver and one for a Mac driver. However, during their presentation at Black Hat, the pair only showed a videotaped demo of the exploitation of a MacBook and only using a third-party wireless driver. A preview article on the attack focused almost exclusively on the claimed MacBook vulnerability.

The outrage from some segments of the Mac community was typical to say the least: The two security researchers were roundly attacked for the presentation and their lack of evidence that the exploit was real. Thier reasoning for not showing off the attack live–for fear that attendees at Black Hat and the following DEFCON hacking convention would sniff the traffic and discover the method of attack–was dismissed.

Well, the Mac community does not let anyone off easily. Gruber has called out Maynor and Ellch to demonstrate the attack to him, on camera, and at a Apple Store of his choosing. From Gruber’s challenge:

I don’t expect to lose this particular bet — but I don’t expect to win it, either. I expect to be ignored. I don’t think Maynor and Ellch have discovered such a vulnerability in the default MacBook AirPort card and driver, and so, if I’m right, they certainly won’t accept this challenge.

I think what they’ve discovered — if they’ve in fact discovered anything useful at all — is a class of potential Wi-Fi-based exploit, which they demonstrated on a rigged MacBook to generate publicity at the expense of the Mac’s renowned reputation for security, but that they have not found an actual exploit based on this technique that works against the MacBook’s built-in AirPort.

Strong words, and perhaps hard to ignore. I’ve interviewed Maynor a number of times, and he has a lot of credibility in the community, so it will be interesting to see what happens.

Tags: Blog · Consumer Tech · Flaws and vulnerabilities · Research · Security

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

You must log in to post a comment.