Oh it's on now: criticism of the MacBook Wi-Fi hack has been mounting against the original hackers (David Maynor and Jon Ellch) and SecureWorks, while they have remained mostly silent. At least one passionate blogger has been defending the hack and the original statements, but John Gruber has issued an open challenge for Maynor and Elich to prove this hack once and for all: "If you can hijack a brand-new MacBook out of the box, it's yours to keep."From my understanding of the hack as it was originally explained and pseudo-demonstrated, Gruber's criteria and the actual nature of the challenge sound reasonable: he will meet Maynor and/or Elich at an agreed-upon Apple Store or Mac reseller, and he will purchase a brand new MacBook (
Maynor and/or Elich are then free to attack, and if the file disappears from the desktop - they win a (very slightly used, recently attacked) MacBook. If the file stands its ground, the hackers owe John the price of the MacBook. If the dynamic duo manage to only crash the machine or the current login session, John will call the challenge a tie, whereas he will keep the MacBook, and the duo don't have to whip out their checkbooks.
I am admittedly no security expert, nor am I a 1337 h4x0r, but the challenge seems sound. Any readers who have been following this saga spot any holes? Feel free to sound off - and stay tuned: the challenge must be accepted by Friday, September 8th, and as John already deduced: the most likely outcome is that they'll only take the challenge if the know they can win.













Reader Comments (Page 1 of 1)
9-02-2006 @ 1:34PM
Victor Agreda, Jr. said...
They won't do it.
Reply
9-02-2006 @ 2:13PM
Harish said...
He mentions $1099 at the bottom of the post so its probably a base white macbook.
Reply
9-02-2006 @ 2:17PM
Dar the Monk said...
Question: What about taking the necessary precautions such as not using the Admin account, but a sub account with restrictions in place. And all the other precautions? Wouldn't it be more realistic (hopefully users are this smart)?
Peace
Reply
9-02-2006 @ 2:20PM
David Chartier said...
#3: Therein lies one catch: *most* users don't take the time to set up a second account; they simply run with the main, default account set up. Yes, there's plenty of us who know this isn't a very good idea, but the greater majority who don't know about these security issues trumps the few of us who do.
Reply
9-02-2006 @ 2:33PM
Jesse said...
There is a widespread misconception that running as a non-admin user in Mac OS X makes you more secure. This is not the case (assming you also know the admin login and password). Admin in OS X is not root -- a user will still be prompted for admin login for anything that requires sudo powers, just like a non-admin user.
Reply
9-02-2006 @ 3:12PM
Ken R said...
#5-
They will be promted when superuser powers are needed, but anything the admins have access to willl be wide open. This includes the Applications folder, and the rootlevel Library. A little bit of added security can make a diffrenece.
Reply
9-02-2006 @ 3:38PM
Raphael said...
In the original video, not the internal AirPort card was hacked but a 3rd party wireless card so maybe the hack only works for those…
Reply
9-02-2006 @ 3:40PM
M said...
Well that way, the user may be admin but root is disabled completely. Any task from terminal that requires root has to be a per command "sudo" you can't "su" to become root.
Futher any desktop task that need permissions asks for a password.
Reply
9-02-2006 @ 3:45PM
M said...
ps if he loses surely we should all club together and help him recover his money as a thanks to finding out what the other guy is holding.
Reply
9-02-2006 @ 4:35PM
BKWatch said...
Raphael:
There is a good chance to native drivers were used in the video-taped attack. See what Jim Thompson has to say about an analysis of the video.
If the native drivers were used, it is likely that the 1) attack is a complete hoax (think SSH) or 2) the target MacBook had to have an open shell to trigger a connection back. If #1, then Gruber wins. If #2, then a draw -- without the shell open the Maynor/Ellch attack might only crash the airport drivers.
Reply
9-02-2006 @ 5:55PM
Clark said...
Your link to Gruber's blog is bad. You have two http's in the url.
Reply
9-02-2006 @ 6:27PM
Lekun said...
I think "M" (#8, #9) is John Gruber's wife. Or kid looking to protect a college fund. :-)
Reply
9-03-2006 @ 2:41AM
Niels Berglund said...
Nice challenge. I do however question the not joining a default network; I do not know of the original claims (and I am not very versed in Wi-Fi either), however, if you not join a network, what are the changes that you can be hacked in the first place? Or did they (Maynor/Elich) claim that the exploits could be done, just by having Wi-Fi enabled?
Niels
Reply
9-03-2006 @ 3:35AM
Daniel said...
See this is where the mac community really messes up. OS X is secure, but its not bullet proof (and this is proved by the sheer amount of unreleased exploit code for Tiger alone)
The quote "Well that way, the user may be admin but root is disabled completely. Any task from terminal that requires root has to be a per command "sudo" you can't "su" to become root.
Futher any desktop task that need permissions asks for a password."
is utter bollocks:
"oooh:~ daniel$ sudo su
oooh:/Users/daniel root# id
uid=0(root) gid=0(wheel) groups=0(wheel), 1(daemon), 2(kmem), 3(sys), 4(tty), 29(certusers), 8(procview), 5(operator), 9(procmod), 80(admin), 20(staff)
oooh:/Users/daniel root#
Furthermore OS X is littered with loads of setuid programs which are terrible at ensuring non root users can execute them and gain the permissions that root generally has
Right, so you CANT su from normal user to root?
Seriously if you DONT work in security, dont try and pretend you know what your talking about
Reply
9-03-2006 @ 4:31PM
Wry Cooter said...
Raphael,
That is the point. Gruber, and many others, state that the attack was indeed one about external wifi via PCMCIA stule cards, and the third party drivers, yet, it was presented with the intent of showing the MacBook itself at fault.
The thing is, not too many people are going to be using an external wifi antenna in a notebook that ships with its own internal AirPort card.
Reply
9-04-2006 @ 6:11AM
access said...
#14
Right...
(access@s642)(~)$ sudo -s
Password:
sudo in OS X is by default set to ask for password from users in the admin group.
Not refuting your other points though.
Reply
9-06-2006 @ 6:32AM
Mike said...
First time I've heard Pete Shipley called a "Mac blogger", and I shared a house with him. The only Apple systems in the place were mine. 8)
Reply
9-06-2006 @ 6:17PM
Tom said...
These "challenges" are nothing more than little publicity stunts, and Mac bloggers seem to love doing them. First Shipley, now Gruber.
Reply