Alleged Wireless MacBook hack: Demonstration flaws

By now you've likely read much coverage regarding the now infamous "MacBook Wireless Hack" -- a video that was publicly exposed at the Black Hat security conference purportedly showing a standard MacBook (with a third-party wireless card) being compromised by a Dell laptop within wireless range.

In a nutshell, the controversy regarding this video is such: The security flaw exploited in the video is performed using a third-party, USB-based Wi-Fi card, not the MacBook's native, built-in AirPort hardware/software. However, the creators of the video claim that the MacBook's hardware is similarly susceptible, but no demonstration was carried out using the native hardware due to "pressure" from Apple.

Without an explanation of the actual exploit, and in the absence of any commentary from Apple, it is impossible to speculate whether or not the MacBook's native hardware is actually vulnerable to this flaw as claimed. Setting that important distinction aside for a moment, however, there are some other questions to ask about this "exploit."

David Maynor -- the in-video demonstrator -- claims that the victim system does not need to be associated with an access point in order for the exploit to occur, but then proceeds to connect the MacBook (with the third-party wireless card) to a software access point, which resides on the Dell. In other words, for the purposes of the exploit that was actually demonstrated, not only does the MacBook need to be using a third-party wireless card, but it needs to associate with a hostile access point.

As such, the basic prophylactic for this "security hole" would be to never join untrusted wireless access points. This can be easily accomplished by the following:

• Open System Preferences and navigate to the Network pane
• Select Airport, and click "Configure"
• Go to the Airport tab
• From the "By default join" menu, select "Preferred Networks" rather than "Automatic"
• Next delete all non trusted networks from the list.

This will cause your portable to connect only to trusted networks, refraining from automatically joining networks without user permission.

Again, the creators of this video claim to be able to manifest this exploit without the victim system connecting to a hostile access point, but that capability was never demonstrated and is therefore suspect.

Another point of consideration is the level of access afforded by this hack. In the video demonstration, the hostile Dell machine was able to access user-level functions only. There was no indication as to whether any admin or root-user level tasks could be accomplished.

Regardless, this re-emphasizes the importance of operating in a standard user account rather than an administrator account for daily tasks, as described in our tutorial "10 simple steps for securing your Mac."

Feedback? Late-breakers@macfixit.com.

Resources