Two very significant wireless vulnerabilities were made public last week in attempts to educate the public about potential risks. Both relate to laptop computers and represent a serious threat to the security of sensitive information and communication on these devices.
The first was a presentation conducted by Jon “Johnny Cache” Ellch and Dave Maynor at the Black Hat conference in Las Vegas last week. Ellch and Maynor offered a video demonstration at the event in which they showed how to use hacking tools and techniques to add and remove files on a Wi-Fi enabled MacBook via an adjacent laptop computer. Specifically, the two exploited a flaw in the Macbook’s software that links the internal wireless card with the OS X operating system. They said they’d found comparable flaws in laptops running Windows, but used the MacBook to dispel what Maynor termed “Mac user base aura of smugness on security.”
“This is a big story for several reasons,” said Alan Paller, director of research at The SANS Institute, which administers the security-focused GIAC certification. “First, it shoots a pretty big hole in the ‘bulletproof’ image Apple is trying to project (notice the words Maynor used). Second, it isn’t just about Macs. The vulnerabilities apparently can also be found in Centrino-based laptops as well. Third, by nature, attackers (aka security researchers) are swarm organisms. That means they will see Maynor’s work as a beacon to follow toward a new cache of useful vulnerabilities. And finally, the really bad guys are already using these flaws (and are frustrated that Maynor is making them public).”
The second major vulnerability is actually an interrelated set of three flaws: Centrino Wireless Driver Malformed Frame Remote Code Execution, PROSet/Wireless Software Local Information Disclosure and Centrino Wireless Driver Malformed Frame Privilege Escalation. Intel and SANS Internet Storm Center announced that these can be used to take over computers using Centrino-based wireless cards (which affects IBM, Lenovo, HP, Dell and many others). According to The SANS Institute, the Centrino Wireless Driver Malformed Frame Remote Code Execution and Centrino Wireless Driver Malformed Frame Privilege Escalation vulnerabilities are the most severe.
“Both the Centrino and Mac flaws allow attackers to circumvent encryption,” Paller said. “That means that sensitive data stored on laptops isn’t protected, even if it is encrypted.” He added that at present, the recommended responses include patching the Centrino flaws and turning off wireless cards. For the patches, go to http://isc.sans.org/diary.php?date=2006-08-01.