Hacking Mac Book Pro

[hawki18]

Hijacking a Macbook in 60 Seconds or Less

http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html

Even OS X has it issues.

 

[Timotheos]

"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," Maynor said.

That worries me the most...

 

[lurk]

Yeah, but when you watch what they really did it is not an issue. It looks like they are exploiting a bug in the driver for a third party USB wireless card they installed.

So the news flash is Cheap Third Party Drivers Can Have Bugs!
... Story at 11:00.

 

[billbaloney]

Did you get to the video somewhere? I haven't found it anywhere yet.

I think they are exploiting a bug in the wireless card that shipped in a MacBook, no? I think the problem is that *all* wireless cards are made by third parties. Kind of like the hard drives, the memory, and most everything else.

 

[Captain Code]

It's a 3rd party driver but it's the one Apple ships with since they don't write their own wireless drivers.

 

[fryke]

It's also a USB WiFi card from what I've read. Wow. This is all so unclear...? -> http://haligon.blogspot.com/2006/08/panic-macbooks-wifi-driver.html

 

[billbaloney]

Here's the follow-up, and the important quote:

During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.

 

[Satcomer]

Kids you are getting a man in the middle attack. What the real news is taking over a user's computer.

note: After thinking about the video what you don't see can be listed:

1. Man in the middle network hack that has been around forever. (the pretending to be an access point).

2. How do we know if he wasn't already the Administrator of that machine?

3. Did you notice the terminal window open on the MacBook already had some commands in it (freeze the video)

Two easy fixes any OS X computer can use. a) Always know the access point you are connecting to. b) Turn off (in the system Preferences->Network Pane->AirPort tab) "automatic" joining.

 

[Captain Code]

It's not clear if they can get root with the default being the root account is disabled either. If they can't which I think is how it works then the exploit has very little bite since it wouldn't affect many computers.

 

[billbaloney]

Good point...unless they can access an administrative user and sudo -s, in which they're in like Flynn.

[/Users/holford] % whoami
holford
[/Users/holford] % sudo -s
mattholford:~ root# whoami
root
mattholford:~ root# su -
mattholford:~ root# whoami
root

Because, of course, the root account isn't actually ever disabled; you just can't log into it.

 

[Natobasso]

It's also a USB WiFi card from what I've read. Wow. This is all so unclear...? -> http://haligon.blogspot.com/2006/08/panic-macbooks-wifi-driver.html

I definitely agree here. And it sure got us all talking, eh?

 

[MacNEO]

http://www.macuser.com/security/macbook_hack_isnt_all_apples_f.php

So... if I install some third party junk wireless card, or better yet, convince someone else to do this to their Macbook, I can hack them...

Wow, Apple, how didn't you see this threat?

WTF excatly are these guys trying to prove? Total joke.

I guess Apple needs to change their ad to "Secure only if you use the hardware it came with"...

I'd sue those hackers if I were Apple.

Correct me if I'm wrong here... isn't that what this article is saying?

Sorry, I don't usually rant like this...

 

[MnM]

Did you get to the video somewhere? I haven't found it anywhere yet.

I think they are exploiting a bug in the wireless card that shipped in a MacBook, no? I think the problem is that *all* wireless cards are made by third parties. Kind of like the hard drives, the memory, and most everything else.

I believe this is the same video. I'm not quite sure cause I didn't get a chance to look at the whole thing.

http://news.com.com/1606-2_3-6101573.html

Found it on Cnet.

 

[MacNEO]

http://www.varbusiness.com/sections/news/breakingnews.jhtml?articleId=192201898

What are these Jackasses trying to prove then?

Why does this p*ss me off so much?

 

[billbaloney]

Maybe you have an anger issue....

Look, so as it turns out, it's an academic issue. What this most certainly does not prove is that Macs are thus secure. Macs are insecure because computers are insecure. I don't see the big controversy here. Anyone who's trying to construct an argument that a Mac is somehow possessed of inviolable hardware, or a rock-solid, hacker-proof operating system, is on crazy Apple crack.