Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Researcher explains infamous Apple Wi-Fi hack

Details published - a year too late.

Article comments

Security researcher David Maynor has finally published details of last year's hugely controversial Apple Wireless card hack.

The details were included in a paper published on the Uninformed.org website. The lengthy paper describes how to run unauthorised software on a Macintosh by taking advantage of a flaw in Apple's AirPort wireless drivers.

Apple patched the bug on 21 September 2006, without crediting Maynor for discovering the problem. Instead, Apple's engineers found the bug during an internal audit, the company said.

Maynor and researcher Jon Ellch first described this type of problem during an August 2006 presentation at the Black Hat security conference in Las Vegas. He was widely criticised by the Apple community for failing to back up his claims with technical details, and for presenting a video demonstration that used a third-party wireless card instead of the one that ships with the Mac.

On Tuesday, Maynor said that at the time of the Black Hat demonstration, he had found similar wireless bugs in a number of wireless cards, including Apple's AirPort and that he had been told to use the third-party card in the video because it was deemed "the least offensive to people."

So why publish the Mac hack now?

Maynor said that he had been under a non-disclosure agreement, which had previously prevented him from publishing details of the hack. The security researcher wouldn't say who his NDA was with, but that agreement is no longer in force, allowing him to talk about the exploit. "I published it now because I can publish it now," he said.

By going public with the information, Maynor hopes to help other Apple researchers with new documentation on things like Wi-Fi debugging and the Mac OS X kernel core dumping facility. "There's a lot of interesting information in the paper that, if you're doing vulnerability research on Apple, you'd find useful."

Maynor will soon publish a second paper on Uniformed.org explaining how to write software that will run on a compromised system, he said.

As for his detractors, who will say that this disclosure comes too late, Maynor says he just doesn't care what they think. "Let them tear me apart all they want but at the end of the day the technical merit of the paper will stand on its own."



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *