Filed under: Hardware, OS, Hacks, Odds and ends, Internet Tools, Security, MacBook
John Gruber issues open challenge to MacBook Wi-Fi hackers
Oh it's on now: criticism of the MacBook Wi-Fi hack has been mounting against the original hackers (David Maynor and Jon Ellch) and SecureWorks, while they have remained mostly silent. At least one passionate blogger has been defending the hack and the original statements, but John Gruber has issued an open challenge for Maynor and Elich to prove this hack once and for all: "If you can hijack a brand-new MacBook out of the box, it's yours to keep."From my understanding of the hack as it was originally explained and pseudo-demonstrated, Gruber's criteria and the actual nature of the challenge sound reasonable: he will meet Maynor and/or Elich at an agreed-upon Apple Store or Mac reseller, and he will purchase a brand new MacBook (
Maynor and/or Elich are then free to attack, and if the file disappears from the desktop - they win a (very slightly used, recently attacked) MacBook. If the file stands its ground, the hackers owe John the price of the MacBook. If the dynamic duo manage to only crash the machine or the current login session, John will call the challenge a tie, whereas he will keep the MacBook, and the duo don't have to whip out their checkbooks.
I am admittedly no security expert, nor am I a 1337 h4x0r, but the challenge seems sound. Any readers who have been following this saga spot any holes? Feel free to sound off - and stay tuned: the challenge must be accepted by Friday, September 8th, and as John already deduced: the most likely outcome is that they'll only take the challenge if the know they can win.
Get a WordPress.com Blog
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Victor Agreda, Jr. said 1:34PM on 9-02-2006
They won't do it.
Reply
Harish said 2:13PM on 9-02-2006
He mentions $1099 at the bottom of the post so its probably a base white macbook.
Reply
Dar the Monk said 2:17PM on 9-02-2006
Question: What about taking the necessary precautions such as not using the Admin account, but a sub account with restrictions in place. And all the other precautions? Wouldn't it be more realistic (hopefully users are this smart)?
Peace
Reply
David Chartier said 2:20PM on 9-02-2006
#3: Therein lies one catch: *most* users don't take the time to set up a second account; they simply run with the main, default account set up. Yes, there's plenty of us who know this isn't a very good idea, but the greater majority who don't know about these security issues trumps the few of us who do.
Reply
Jesse said 2:33PM on 9-02-2006
There is a widespread misconception that running as a non-admin user in Mac OS X makes you more secure. This is not the case (assming you also know the admin login and password). Admin in OS X is not root -- a user will still be prompted for admin login for anything that requires sudo powers, just like a non-admin user.
Reply
Ken R said 3:12PM on 9-02-2006
#5-
They will be promted when superuser powers are needed, but anything the admins have access to willl be wide open. This includes the Applications folder, and the rootlevel Library. A little bit of added security can make a diffrenece.
Reply
Raphael said 3:38PM on 9-02-2006
In the original video, not the internal AirPort card was hacked but a 3rd party wireless card so maybe the hack only works for those…
Reply
M said 3:40PM on 9-02-2006
Well that way, the user may be admin but root is disabled completely. Any task from terminal that requires root has to be a per command "sudo" you can't "su" to become root.
Futher any desktop task that need permissions asks for a password.
Reply
M said 3:45PM on 9-02-2006
ps if he loses surely we should all club together and help him recover his money as a thanks to finding out what the other guy is holding.
Reply
Lekun said 6:27PM on 9-02-2006
I think "M" (#8, #9) is John Gruber's wife. Or kid looking to protect a college fund. :-)
Reply
BKWatch said 4:35PM on 9-02-2006
Raphael:
There is a good chance to native drivers were used in the video-taped attack. See what Jim Thompson has to say about an analysis of the video.
If the native drivers were used, it is likely that the 1) attack is a complete hoax (think SSH) or 2) the target MacBook had to have an open shell to trigger a connection back. If #1, then Gruber wins. If #2, then a draw -- without the shell open the Maynor/Ellch attack might only crash the airport drivers.
Reply
Clark said 5:55PM on 9-02-2006
Your link to Gruber's blog is bad. You have two http's in the url.
Reply
Niels Berglund said 2:41AM on 9-03-2006
Nice challenge. I do however question the not joining a default network; I do not know of the original claims (and I am not very versed in Wi-Fi either), however, if you not join a network, what are the changes that you can be hacked in the first place? Or did they (Maynor/Elich) claim that the exploits could be done, just by having Wi-Fi enabled?
Niels
Reply
Daniel said 3:35AM on 9-03-2006
See this is where the mac community really messes up. OS X is secure, but its not bullet proof (and this is proved by the sheer amount of unreleased exploit code for Tiger alone)
The quote "Well that way, the user may be admin but root is disabled completely. Any task from terminal that requires root has to be a per command "sudo" you can't "su" to become root.
Futher any desktop task that need permissions asks for a password."
is utter bollocks:
"oooh:~ daniel$ sudo su
oooh:/Users/daniel root# id
uid=0(root) gid=0(wheel) groups=0(wheel), 1(daemon), 2(kmem), 3(sys), 4(tty), 29(certusers), 8(procview), 5(operator), 9(procmod), 80(admin), 20(staff)
oooh:/Users/daniel root#
Furthermore OS X is littered with loads of setuid programs which are terrible at ensuring non root users can execute them and gain the permissions that root generally has
Right, so you CANT su from normal user to root?
Seriously if you DONT work in security, dont try and pretend you know what your talking about
Reply
Wry Cooter said 4:31PM on 9-03-2006
Raphael,
That is the point. Gruber, and many others, state that the attack was indeed one about external wifi via PCMCIA stule cards, and the third party drivers, yet, it was presented with the intent of showing the MacBook itself at fault.
The thing is, not too many people are going to be using an external wifi antenna in a notebook that ships with its own internal AirPort card.
Reply
access said 6:11AM on 9-04-2006
#14
Right...
(access@s642)(~)$ sudo -s
Password:
sudo in OS X is by default set to ask for password from users in the admin group.
Not refuting your other points though.
Reply
Tom said 6:17PM on 9-06-2006
These "challenges" are nothing more than little publicity stunts, and Mac bloggers seem to love doing them. First Shipley, now Gruber.
Reply
Mike said 6:32AM on 9-06-2006
First time I've heard Pete Shipley called a "Mac blogger", and I shared a house with him. The only Apple systems in the place were mine. 8)
Reply