Blackhat 2006: Macbook hacked in a few seconds
Las Vegas (NV) - Security researchers speaking at the Blackhat computer security convention claim to have found a new vulnerability in wireless drivers. "Johnny Cache" and David Maynor talked about directly targeting the device drivers and then showed off a video that demonstrated an Apple Macbook being hacked. The pair said the vulnerability spans multiple wireless cards and operating systems.
Firewalls and operating system tools have traditionally been used to protect against wireless users, but Cache and Maynor say device driver can be exploited at a much lower level. This allows attacks to bypass all operating system level protection.
Cache and Maynor are keeping the exact details about the vulnerability secret until Apple, Microsoft and other companies can fix the problem. They did show off a video that demonstrated an Apple Macbook getting hacked. The pair chose to do a video demonstration because the audience could have sniffed the exploit code in a live demonstration.
In the video, Cache wirelessly targets the laptop and uploads shellcode, thereby gaining administrative access. He then created a text file on the desktop called owned.txt. He later showed that he could delete files with impunity.
Cache says that the vulnerability lies in device driver constantly telling the wireless card to find other networks. This vulnerability can be exploited even if the computer isn't connected to a network. In addition, he says both Apple and Windows computers are vulnerable.
Some people watching the video have noticed that the Macbook is using an external wireless card, rather than the built-in card. In a Washington Post interview, Cache and Maynor say Apple leaned on them to use an external card rather than the built-in card. Despite this, both contend that the internal card is identically vulnerable.