Researcher defends Mac Wi-Fi hijack
SAN DIEGO, Calif.--The Mac Wi-Fi hack saga that started at Black Hat in August got a little bit of a next chapter after all on Saturday.
David Maynor, a researcher at SecureWorks, was a no-show Saturday at the ToorCon hacker event here, just as his employer said on Friday. However, his Black Hat partner Jon "Johnny Cache" Ellch did get up on stage. (For more background, read Friday's post " Another twist in Wi-Fi hijack tale.")
Ellch did not give the scheduled presentation, which was meant to set the record straight on the Wi-Fi hack. The two researchers had planned to give a live demonstration, hijacking a Mac via Wi-Fi. Instead, Ellch read a statement. The file, stored on his Apple Computer MacBook, was titled: "rant."
"I cannot give this talk without Dave," Ellch said. "Dave very much wanted to be here. The fact that SecureWorks and Apple managed to compel him not to, means that they must have had something very compelling to stop him."
Ellch went on to defend Maynor and himself against attacks from the Mac community that started right after they claimed at Black Hat that Apple's wireless technology was vulnerable. Apple at the time critiqued the two for not proving their case, but came out with patches for Wi-Fi flaws last week.
That patch release was no coincidence, Ellch suggested Saturday.
The two researchers had put pressure on Apple by saying they would do a live presentation at ToorCon, Ellch said. "A few weeks later, one week before ToorCon, they patch it, and say we had nothing to do with it," Ellch said.
A day before the scheduled ToorCon presentation, SecureWorks and Apple issued separate statements that the companies are working together. SecureWorks pulled Maynor from the San Diego event.
"SecureWorks and Apple are working together in conjunction with the CERT Coordination Center on any reported security issues. We will not make any additional public statements regarding work underway until both companies agree, along with CERT/CC, that it is appropriate," SecureWorks said Friday.
Apple spokeswoman Lynn Fox on Friday said the Cupertino, Calif., Mac maker is working with SecureWorks, but declined to specify the nature of the relationship. "I am not commenting any further," she said.
"That's funny," Ellch reacted on Saturday. "I thought there was no bug, and I thought SecureWorks provided no useful information to Apple...If SecureWorks provided them with virtually nothing useful, then what...could they have to coordinate with CERT?"
The story is bound to be continued. While some in the Mac community see the cancellation of Saturday's talk as proof that Maynor and Ellch are frauds, some at ToorCon suggest the danger of Wi-Fi driver flaws might be bigger than previously thought.
