Two very significant wireless vulnerabilities were made public last week in attempts to educate the public about potential risks. Both relate to laptop computers and represent a serious threat to the security of sensitive information and communication on these devices.
The first was a presentation conducted by Jon “Johnny Cache” Ellch and Dave Maynor at the Black Hat conference in Las Vegas last week. Ellch and Maynor offered a video demonstration at the event in which they showed how to use hacking tools and techniques to add and remove files on a Wi-Fi enabled MacBook via an adjacent laptop computer. Specifically, the two exploited a flaw in the Macbook’s software that links the internal wireless card with the OS X operating system. They said they’d found comparable flaws in laptops running Windows, but used the MacBook to dispel what Maynor termed “Mac user base aura of smugness on security.”
“This is a big story for several reasons,” said Alan Paller, director of research at The SANS Institute, which administers the security-focused GIAC certification. “First, it shoots a pretty big hole in the ‘bulletproof’ image Apple is trying to project (notice the words Maynor used). Second, it isn’t just about Macs. The vulnerabilities apparently can also be found in Centrino-based laptops as well. Third, by nature, attackers (aka security researchers) are swarm organisms. That means they will see Maynor’s work as a beacon to follow toward a new cache of useful vulnerabilities. And finally, the really bad guys are…
Please log in or subscribe to read this article