Another twist in Wi-Fi hijack tale
The Wi-Fi hack saga that started at Black Hat was scheduled to get a next chapter this weekend, but now it looks like it won't.
David Maynor and Jon "Johnny Cache" Ellch were slated to talk at the ToorCon hacker event in San Diego on Saturday. The security researchers planned to give their side of the story on the controversy started by their presentation at Black in August, when they showed how an intruder could gain complete control over a laptop by sending malformed network traffic to it.
On Thursday, Maynor said in an e-mail that the two were "going ahead with the talk." But at the 11th hour--Friday afternoon-- Maynor's employer SecureWorks sent out the following statement: "David Maynor is not presenting at ToorCon."
Reached via e-mail on Friday, Ellch said he would also drop out. "I can not give this presentation without Dave present," he wrote.
At Black Hat, Maynor and Ellch showed a video of a successful attack on an Apple Computer MacBook. The researchers used a third-party wireless card for their demonstration, but said the AirPort wireless technology built into the laptop was also vulnerable, creating quite a stir in the Apple community.
Apple initially critiqued SecureWorks for saying Macs were insecure. Nearly two months later, however, it released fixes for a trio of security flaws in AirPort which, if exploited, could allow Macs to be hijacked over Wi-Fi.
At ToorCon, Maynor and Ellch said they would give the story behind exactly what happened and what the response meant for the security industry.
"This presentation won't be typical as it will cover the complete story, but it will also offer analysis and commentary of public responses while at the same time giving anyone who has a question a chance to have it answered," they wrote in the description of their talk.
But SecureWorks has pulled the plug on the presentation. Maynor could defy his employer and present anyway, following the example of Michael Lynn at last year's Black Hat conference. But that is "not likely," Ellch said in an e-mail.
Meanwhile, SecureWorks, in the same e-mail it used to announce that Maynor won't talk at ToorCon, said it is working with Apple.
"SecureWorks and Apple are working together in conjunction with the CERT Coordination Center on any reported security issues. We will not make any additional public statements regarding work underway until both companies agree, along with CERT/CC, that it is appropriate," SecureWorks said.
Apple spokesman Lynn Fox on Friday said the Cupertino, Calif., Mac maker is working with SecureWorks, but declined to specify the nature of the relationship. "I am not commenting any further," she said.
SecureWorks spokesman Elizabeth Clarke also declined to give any further comments on the company's work with Apple.