I had an eerie feeling watching a big-screen video of a security researcher hacking into a MacBook through a Wi-Fi connection. Partly, it was because I was sitting in a room full of people clamoring to know how he did it. Mostly, it was because I was typing on a black MacBook myself.
I was listening to a lecture given by Johnny Cache and Dave Maynor at the Black Hat 2006 conference here in Las Vegas. (Maynor is the MacBook hacker in the video, which you can see here
In the end, the Mac wasn't the focus of the hour-long briefing. And Cache and Maynor hacked the drivers of a third-party external Wi-Fi card. They chose the MacBook--in part because of Apple's smug Mac vs. PC commercials--to demonstrate the security weaknesses in 802.11 device drivers and the dangers inherent in releasing products before they’ve been thoroughly tested.
"Speed to market is so important, people are getting pushed to get stuff out the door as quickly as possible," said Maynor.
Companies want to be first out of the gate with the latest, greatest products. (And we at PC World want to be the first to review them.) But Cache and Maynor showed, in step-by-step fashion, how they could identify Wi-Fi chip sets and the drivers through their unique data transfer patterns. By identifying the drivers, they could find their vulnerabilities and write exploits to take advantage of them. The result: Maynor was able to remotely search, add, and delete files on the Wi-Fi connected MacBook.
This is not just a MacBook problem. It's also a Windows problem. It's a problem wherever multiple parties--in this case the chip maker, the Wi-Fi hardware manufacturer, and even the OS developer--are writing portions of drivers that aren't properly tested with each other.
The likelihood that you'll encounter to this particular exploit is small. "You have to have some economic gain," said Cache in an interview after the event. Right now, there's little gain in hacking into an individual laptop at short range. But what happens when the range of Wi-Fi is kilometers instead of meters? What happens when cities provide always-on public Wi-Fi connections?
"Vendors should be dealing with it now before it is a big problem in a year or two," says Maynor.
Let's hope they do.