Filed under: Hacks, Security, MacBook
MacBook hijack story prompts criticism
Yesterday Washingtonpost.com posted a video of a couple of hackers allegedly launching a security attack against a MacBook. The video and the accompanying story by reporter Brian Krebs received tons of criticism from commenters. That prompted Krebs to post a follow-up defending his reporting -- which prompted even more criticism. I don't pretend to be a hardware or security expert, so I can't tell you whether the video is a fake or not. What I do find interesting is how the blogosphere policed this "story," proving once again that you can't get away with much out here.
Get a WordPress.com Blog
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
Aaron Adams said 11:00PM on 8-03-2006
I don't know that I've read anyone who's accused the video of being fake. Rather, I've read criticism that the two hackers claim the MacBook's built-in network interface and driver are vulnerable without demonstrating it, which raises a number of good questions. Check out Daring Fireball for a good article about this issue.
Reply
RaVeNouS said 11:37PM on 8-03-2006
A third party wireless card? For the macbook? That didn't look usb! Black macbook doesn't have PCMICIA (or whatever the hell) and so I am a bit confused here.
And how about that smerk on his face when he brought out the macbook? That made me angry...argh.
Reply
Evan said 11:38PM on 8-03-2006
I think this is just showing how pissed off someone people are about the mac vs. pc adds.
I think this wont be the first of hacks found or created. I personaly think since Mac switched over to the Intel CPU it has brought alot of attention to new users. This could possibly mean that since their will be more users that Macs might become more apeling to hackers.
Reply
QUICKSILVER said 11:38PM on 8-03-2006
There are a few things that are wrong in the video and article.
1. the guy in the video says hey this inst a max osx problem its a driver problem, yet the article bashes the security in macs as hard as he can.
2.this is really unrealistic because the user has to acces the network the hacker has up (not likely). Also the hacker would have to be in a realitivlyy close proximity.
3. If you have a macbook why would you use a wifi card??? You have built it wifi and it is more protected then 3rd party brands.
This is a really weak attack on how unsecure macs are. I know they are not the fortress some people believe. It can be hacked. But this attack i think is alil blown up jsut to discredit Macs.
Reply
Serious.Business said 11:44PM on 8-03-2006
"Again, the whole point of this story was not to pick on Macs, but to point to a security issue that affects multiple operating systems and one that is long overdue for some serious code review by the companies that OEMs rely upon to produce this software."
Which is why he titled his original serious blog post "Hacking a MacBook in under 60 Seconds". Because this is serious stuff, not sensationalistic Digg/Slashdot crap. Serious.
Reply
Mike Barnard said 11:58PM on 8-03-2006
HELLO WAKE UP! How many macbook users or anybody with a new notebook will be using a usb wireless card? Correct me if i'm wrong but don't most portable computers(laptops) have built in wireless these days...?
Reply
Jon said 12:13AM on 8-04-2006
The only reason he is picking on Macs is because it wouldn't make the headlines otherwise. "Hacking Windows XP" would not draw people to the article at all, yet it would still get the point about the driver vulnerability across. It's a shame but the hyperlinked nature of the internet means that sensationalist stories like this generate masses of traffic in a very short space of time.
Reply
msticky said 2:49AM on 8-04-2006
I think some people need to get a life.
Reply
Hellraiser said 4:21AM on 8-04-2006
Guys calm down,
actually i dont know what is so new about this attack. The Tool they are using was released 2005 and is called LORCON. It can be downloaded here http://www.802.11mercenary.net/lorcon/ but Mac Users calm down. It requires Linux and some libraries which are not compatible with OS-X so u cant compile it on a mac.
Cheers
Hell
Reply
Thomas said 4:22AM on 8-04-2006
The stupid thing is that potentially there was a perfectly good story here. Let's assume that this problem does effect the drivers of both OS X and windows wifi, native and external. Had the demo showed that or even clearly stated it and the article had done the same then no-one would really have been able to complain. The demo could have even still been done on a Mac.
As it is, they did a demo on a Mac using a setup that was obscure at best then whilst drawing attention to the fact that it was a Mac and that it affected Macs and that the recent Mac ads were too smug and thus probably needed to be taken down a peg or too, tried to reassure people that they weren't trying to make an example of Macs at all.
Reply
Eric said 4:27AM on 8-04-2006
hmm... mayb i'll switch back to pc later.
Although ppl kept tellming me Mac users are stupid, I don't want to believe it as im 1 of them.
However, frm the response given by the Mac community this time, I think i'd better quit before i got brain washed.
lol...
Reply
Holmes said 4:47AM on 8-04-2006
So all this video is just a fake?
Reply
Hiram said 6:23AM on 8-04-2006
There's really nothing to see here. A third party wireless card is used, which no MacBook owner will do, as WIFI is built-in. The MacBook is handled during the demonstration; actual commands are typed in Terminal.app, without which the 'attack' would not be possible. If physical access to a device is needed for an attack, it cannot be said to be vulnerable. Your coffee machine is just as vulnerable, then.
Of course, it may still be wise to edit System Preferences > Network > Airport so that the user is asked before joining an open network and networks are not automatically added to the 'preferred networks' list. At least, that's what I did, just because it's better to err on the safe side.
Reply
Just Visiting said 7:16AM on 8-04-2006
Taken from the follow up article linked in the post and regarding the use of a third party wireless card:
"During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported."
Reply
Liam Parkinson said 8:03AM on 8-04-2006
The only commands he used was a command to connect to the network, rather then using the airport icon, many of my friends do this, and the other was to check the ip address matches, which i do occasionally, so he didnt need the access he just did what a user would likely do but in his own way.
The 'hacker' also clearly states its not a error with a mac or anything its just 3rd party error but it does prove that it is still possible, unlikely to happen but if someone found a exploit similer in the internal airport then there could be problems. i agree with Hiram, just dont let anything connect by default.
Reply
GadgetGav said 8:13AM on 8-04-2006
Hmmm, let's see... The washington post web site has lots of advertising on it, WWDC is next week, the tech media is scouring the web for any bit of Apple news, no-one bothers to read any stories these days before reposting them to their blog of choice, so it seems like a great strategy for Krebs and the post to drive advertising revenue to their site. You all fell for it. Again.
Reply
ols said 9:39AM on 8-04-2006
TOTALY fake
-Old powerbook during the demo
-3rd party card is like ????
-Lied becase he ALREADY has a already a networked folder check top icon under hd icone.
Reply
astutefool said 9:48AM on 8-04-2006
What a nob. NOBODY uses 3rd party wireless cards on any MacBook because they all have built in wireless so that is ridiculous.As Hiram said, anyone can 'hack' a computer if it is right in front of them. What would have made it half credibile is if the mac was on the other side of the room with someone else entering commands.
Reply
deepquest said 2:53PM on 8-04-2006
I'll make that fast and easy: Johny want to get 1000 USD in Cash?
http://deepquest.code511.com/blog/comments.php?id=P395_0_1_0
Reply
drivebybiped said 3:33PM on 8-04-2006
I use an external USB wireless card for wardriving and packet-injection support. Granted that also means that the odds of me falling for this are a bit slimer as I have a better idea of whats going on with my machine at all times.
However in response to one of the comments that alked about it being unrealistic to get people to connect to the hacker's network that not true. Run yourself as a rogue AP, odds are you're physically closer to the person and he'll access everything through you -- MiM
still though this is just sensationalistic news (what isn't these days) and its pretty unlikely, but then so are most security flaws. that is until someone exploits them and then that 1 in a million possibility doesn't matter cause you're system got owned.
Reply