NEWS

MacBook Security Gone in 60 Seconds

Print Version
E-Mail Article
Reprints

By Erika Morphy
MacNewsWorld
Part of the ECT News Network
08/03/06 2:39 PM PT

Two security specialists have demonstrated how they could exploit a vulnerability in the code of a MacBook wireless device driver to gain control of the computer, causing a small uproar at the Black Hat security conference in Las Vegas.


Free WiFi Hotspot Locator from TechNewsWorld
Wondering where to find the nearest publicly available WiFi Internet access? Our global directory of more than 100,000 locations in 26 countries is a terrific tool for mobile computer users.

At the Black Hat USA conference, two security researchers demonstrated how easily they could hack into a Mac computer -- in this case Apple's (Nasdaq: AAPL) Latest News about Apple MacBook -- over a wireless network.

Operating from a nearby laptop, David Maynor, a senior researcher with SecureWorks, and graduate student Jon Ellch took aim at the MacBook's wireless card and wireless device, compromising the computer in about 60 seconds.

The object lessons from this demonstration are manifold, starting with the simple fact that computer security must go beyond installing software to shield the operating system to include protection for wireless devices and cards. There is also this hard truth: It is becoming increasingly clear that Apple computers are not as safe as they were once perceived to be.

Targeting Mac

However, a caveat is necessary: Using a Mac is still far safer than using a Windows system.

"Out of the box, a Mac is more secure than Windows," Scott Carpenter, director of security labs at Secure Elements, told MacNewsWorld.

"The problem is, Apple has been fostering a campaign telling consumers they don't have to worry about security Free Trial. Security Software As A Service From Webroot. if they use a Mac. They are not any more or less secure about vulnerabilities in their code than Windows, but they like to pretend that they are," he observed.

Noting that Apple has some smart security people on its staff, Carpenter suggested there might be "a behind-the-scenes war between them and marketing E-Mail Marketing Software - Free Trial. Click Here. about the image a Mac should project."

He voiced another big gripe about Apple's approach to security: "Microsoft will tell you the criticality of a certain patch. Apple refuses to tell you if a patch is critical or not. It won't even tell you if it is a fix to a vulnerability or whether it is just a problem in the code. Their attitude is, 'Just trust us.'"

Wireless Security

That said, the hack attack into the MacBook would have worked on any laptop that didn't have the highest wireless encryption available installed.

Even with such encryption, Carpenter said, no system is 100 percent fail-safe. "Wireless in particular is inherently insecure, because people tend to use the lowest level of security that there is."

However, Mac's wireless device uses an old version of encryption -- WEP, or Wired Equivalent Privacy -- which is very easy to hack, he pointed out.

"It is very easy to break that protocol," Carpenter said. "I've done it for a major metropolitan government. I sat outside their office New HP LaserJet P4014n Printer Starting at $699 after $100 instant savings. on my Harley and sniffed and sniffed and sniffed until I broke into their network."

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by Erika Morphy   RSS

Related News Alerts

Apple Activate Alert | Search Archives

Related Resources

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]