• On BNET: 3 worst things about the iPhone 3G S
February 28, 2007 5:10 PM PST

Mac Wi-Fi hijack demonstrated

by Joris Evers

ARLINGTON, Va.--Is the book on the Mac Wi-Fi hijack saga finally being closed?

David Maynor, chief technology officer at Errata Security, at the Black Hat DC event here on Wednesday broke the months-long silence on a controversial Mac hack. He also said he plans to publicly release computer code used in that attack.

The controversy started at the Black Hat Briefings conference last summer in Las Vegas. There, Maynor and fellow security researcher Jon "Johnny Cache" Ellch showed how a MacBook could be hacked by sending malformed network traffic to it. (Click here to see the video.)

The presentation caused a storm of criticism from the Mac community and Apple criticized Maynor and Ellch for saying Macs were insecure. The Mac maker even tried to pressure Maynor into posting a blog on the site of his then-employer SecureWorks stating that Macs were not flawed, he said.

Nearly two months later, however, Apple released Mac OS X 10.4.8, which fixed the problem demonstrated at Black Hat, Maynor said Wednesday.

"The vulnerability that was being exploited was now patched," Maynor said. "Apple released some security patches to address stuff I actually pointed them to and they claimed had nothing to do with me."

Shortly after Apple issued its patches, Maynor and Ellch were slated to open the book on Apple at the ToorCon hacker event in San Diego. That presentation was pulled because Apple threatened to sue SecureWorks, Maynor said.

Maynor did offer an apology.

"I screwed up a little bit," he said. There was a lot of confusion around the Mac hack because the original presentation used a third party Wi-Fi card. However, Maynor and Ellch had in fact also found flaws in Apple's own hardware, he said.

Maynor demonstrated a Mac Wi-Fi hack on stage on Wednesday. His MacBook running Mac OS X 10.4.6 crashed while scanning for a wireless network and coming across rogue code Maynor was pushing out from a Toshiba laptop. While the attack he demonstrated only caused a crash, it could also be used to run code on the Mac, he said.

Apple fixed that particular problem in September with Mac OS X 10.4.8, Maynor said.

"I did provide the information on vulnerabilities in Apple products, I provided them with code and they were given packet captures," he said.

In the future, Maynor said he won't work with Apple. "I do not feel comfortable keeping relations with the company and will not report future findings to them," he said.

An Apple representative could not immediately comment on Maynor's presentation.

Topics:

Security

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Was InfoWorld's CTO of the Year award a year late?
VMWare VI4 renamed to vSphere
Related
advertisement

Can RIM get its mojo back?

The new BlackBerry Tour, carried by Verizon and Sprint, arrives Sunday, even as RIM seems to be losing sales to exclusive devices like the iPhone and Pre.

With Chrome, Google reignites the OS wars

roundup Google Chrome OS, due in 2010, underscores the Web giant's cloud-computing ambitions and opens new competition with Microsoft.
• What Chrome OS has on Windows that Linux doesn't

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET
  • Popular on CBS sites: