Hijacking a Macbook in 60 Seconds or Less
http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html

If you want to grab the attention of a roomful of hackers, one sure fire way to do it is to show them a new method for remotely circumventing the security of an Apple Macbook computer to seize total control over the machine. That's exactly what hackers Jon "Johnny Cache" Ellch and David Maynor plan to show today in their Black Hat presentation on hacking the low-level computer code that powers many internal and external wireless cards on the market today.

The video shows Ellch and Maynor targeting a specific security flaw in the Macbook's wireless "device driver," the software that allows the internal wireless card to communicate with the underlying OS X operating system. While those device driver flaws are particular to the Macbook -- and presently not publicly disclosed -- Maynor said the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS. Still, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the "Mac user base aura of smugness on security."

"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," Maynor said. "The main problem here is that device drivers are a funny mix of stuff put together by hardware and software developers, and these guys are often under the gun to produce the code that will power products that the manufacturer is often in a hurry to get to market."
(end excerpt)

What's interesting is the follow up article, where you find out that Apple "strongly suggested" to the guys that they do the demo on a third-party card and not Apple's built-in wireless card. Same chipset is on the third-party card as Airport; the two say that the weakness has the same effect.

With the trumpeting of OSX's inherent security, will more hackers view Apple as an intriguing challenge? Are we also seeing a change of vector, from flaws in the OS itself to attacking through third-party programs (http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html)?

damm!

i know that no os is completely safe from hackers, and osx is a fine piece of software. but still, this is pretty alarming since osx is supposed to be better than this.

hopefully apple's gonna get some security patches/updates soon.

I was distracted how the article bolded the words Microsoft and Vista and not Apple, Mac, or OS X.

Apple is just as bad as Microsoft. And why are you saying safe from hackers? You mean no OS is completely secure.

Well, Apple Macbook was bolded, way in the beginning.
;)

i CAN'T get over the weird mouse mac's come with. The best is to get one of the new macs that can run both mac/win programs.

Well, it was a third party card wasn't it? Who the heck would use it considering mac's internal airport cards?

If you're not going to read the article(s), you should read my post. The chipset in both the third-party card and the internal Airport are the same. Apple "strongly suggested" to the guys doing the demo to use a third-party card during the demonstration. According to them, the same flaw is present in the Airport cards. If they had been lying (1) Apple wouldn't be in talks right now with the manufacturer and (2) it would be pretty easy to check by trying to duplicate their work.

does intel make the wireless chip inside the macbook-sort of like a mac version of centrino?

If you're not going to read the article(s), you should read my post. The chipset in both the third-party card and the internal Airport are the same. Apple "strongly suggested" to the guys doing the demo to use a third-party card during the demonstration. According to them, the same flaw is present in the Airport cards. If they had been lying (1) Apple wouldn't be in talks right now with the manufacturer and (2) it would be pretty easy to check by trying to duplicate their work.
You said it, show me duplicate proof that this has been done on a Macbook internal card.

In a nutshell, the controversy regarding this video is such: The security flaw exploited in the video is performed using a third-party, USB-based Wi-Fi card, not the MacBook’s native, built-in AirPort hardware/software. However, the creators of the video claim that the MacBook’s hardware is similarly susceptible, but no demonstration was carried out using the native hardware due to “pressure” from Apple.


Without an explanation of the actual exploit, and in the absence of any commentary from Apple, it is impossible to speculate whether or not the MacBook’s native hardware is actually vulnerable to this flaw as claimed. Setting that important distinction aside for a moment, however, there are some other questions to ask about this “exploit.”


So, they stuck an USB wireless dongle into the mac, ran its software and then hacked it to expose the drivers of the USB wireless dongle on the mac. I'll believe it when I see proof the hacked a Macbook. I'm dismissing it as sensationalist Apple bashing.

Maynor said he and Ellch were not identifying the makers or models of wireless devices that are vulnerable, so that manufacturers have a leg up on criminals who might exploit the vulnerabilities.

http://abcnews.go.com/Technology/wireStory?id=2266507

You said it, show me duplicate proof that this has been done on a Macbook internal card. <snip> I'll believe it when I see proof the hacked a Macbook. I'm dismissing it as sensationalist Apple bashing.

Sensationalist? Right after Apple released fixes for 26 flaws (http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=195603&messageID=2107502) that Secunia designated as "critical" or "highly critical"? And only a few months after Apple fixed a basic (http://news.com.com/2100-1002_3-6046588.html) - and "highly critical" flaw in their own browser, one that had been out for years? My willingness to believe in the two guys is partially based on the flaws that have been discovered, as well as the fact that so far, their spokepeople have declined comment. Prior to this, with "flaws" that were later deemed false-alarms, press releases were made within days by Apple downplaying the issue while providing a fix. It's been a week now, and they still haven't seen anything. I registered on the Apple forum posting a question about it, and it was mysteriously missing the day after. Apple has also been known to delete disfavorable posts on its forums. That is the evidence that suggests to me that is is not just "sensationalist Apple bashing."
does intel make the wireless chip inside the macbook-sort of like a mac version of centrino?
Intel does not make the wireless chips for the MacBook. It is important to note that they had a similar flaw discovered but released patches for it a few days before the convention.

Sensationalist? Right after Apple released fixes for 26 flaws (http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=195603&messageID=2107502) that Secunia designated as "critical" or "highly critical"? And only a few months after Apple fixed a basic (http://news.com.com/2100-1002_3-6046588.html) - and "highly critical" flaw in their own browser, one that had been out for years? My willingness to believe in the two guys is partially based on the flaws that have been discovered, as well as the fact that so far, their spokepeople have declined comment. Prior to this, with "flaws" that were later deemed false-alarms, press releases were made within days by Apple downplaying the issue while providing a fix. It's been a week now, and they still haven't seen anything. I registered on the Apple forum posting a question about it, and it was mysteriously missing the day after. Apple has also been known to delete disfavorable posts on its forums. That is the evidence that suggests to me that is is not just "sensationalist Apple bashing."

Intel does not make the wireless chips for the MacBook. It is important to note that they had a similar flaw discovered but released patches for it a few days before the convention.

LOL. No one has been clear whether they were actual software or hardware that they're working on. I say sensationalist because no one can get their facts straight.