• United States



Hacker Finally Publishes Notorious Apple Wi-Fi Attack

Sep 19, 20073 mins
Cellular NetworksMacMobile Security

More than a year after claiming to have found a way to take over a Macintosh computer using a flaw in the system's wireless card, David Maynor has published details of his exploit.

More than a year after claiming to have found a way to take over aMacintosh computer using a flaw in the system’s wireless card, DavidMaynor has published details of his exploit.

The details were included in a paper published in the September issueof, an online hacking magazine. The lengthy paperdescribes how to run unauthorized software on a Macintosh by takingadvantage of a flaw in Apple’s AirPort wireless drivers.

Apple patched the bug on Sept. 21, 2006, without crediting Maynor fordiscovering the problem. Instead, Apple’s engineers found the bugduring an internal audit, the company said.

Maynor and researcher Jon Ellch first described this type of problemduring an August 2006 presentation at the Black Hat security conferencein Las Vegas. He was widely criticized by the Apple community forfailing to back up his claims with technical details, and forpresenting a video demonstration that used a third-party wireless cardinstead of the one that ships with the Mac.

On Tuesday, Maynor said that at the time of the Black Hatdemonstration, he had found similar wireless bugs in a number ofwireless cards, including Apple’s AirPort and that he had been told touse the third-party card in the video because it was deemed “the leastoffensive to people.”

So why publish the Mac hack now?

Maynor said that he had been under a nondisclosure agreement, which hadpreviously prevented him from publishing details of the hack. Thesecurity researcher wouldn’t say who his NDA was with, but thatagreement is no longer in force, allowing him to talk about theexploit. “I published it now because I can publish it now,” he said.

By going public with the information, Maynor hopes to help other Appleresearchers with new documentation on things like Wi-Fi debugging andthe Mac OS X kernel core dumping facility. “There’s a lot ofinteresting information in the paper that, if you’re doingvulnerability research on Apple, you’d find useful.”

Maynor will soon publish a second paper on explaining howto write software that will run on a compromised system, he said.

By Robert McMillan, IDG News Service (San Francisco Bureau)

As for his detractors, who will say that this disclosure comes toolate, Maynor says he just doesn’t care what they think. “Let them tearme apart all they want but at the end of the day the technical merit ofthe paper will stand on its own.”