Infrastructure
News
8/2/2006
02:10 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack

Plans by two hackers to demonstrate wireless vulnerabilities at the Black Hat Conference shoot "a pretty big hole in the 'bulletproof' image Apple is trying to project," according to the SANS Institute.

Wireless device drivers for computers running both Apple Computer and Microsoft operating systems appear to be full of holes, and a prominent security researcher recommends turning off wireless cards until the holes can be fixed.

Last night, Intel and the SANS Internet Storm Center announced three Centrino vulnerabilities that can also be used to take over computers using Centrino-based wireless cards.

Introduced in 2003 by Intel, the Centrino package consists of the CPU chip, chipset, and wireless network module.

On Wednesday afternoon at the Black Hat computer security conference in Las Vegas, hackers Jon "Johnny Cache" Ellch and Dave Maynor plan to demonstrate how to take over any Apple MacBook if its wireless card is turned on, even if the owner isn't connected to a wireless network.

In an e-mail to the SANS mailing list and government security researchers, SANS Institute Director Alan Paller warns, "This is a big story for several reasons. First it shoots a pretty big hole in the 'bulletproof' image Apple is trying to project (notice the words Maynor used in the Krebs interview). Second, it isn't just about Macs. The vulnerabilities apparently can also be found in Centrino-based laptops as well. Third, by nature, attackers (a.k.a. security researchers) are swarm organisms. That means they will see Maynor's work as a beacon to follow toward a new cache of useful vulnerabilities. And finally, the really bad guys are already using these flaws (and are frustrated that Maynor is making them public)."

Apple on Tuesday released a Security Update (Security Update 2006-004) to fix 26 Mac security flaws. But this security update doesn't address the wireless chip driver flaws that Ellch and Maynor plan to demonstrate.

An Apple spokesperson says the company is looking into the issue.

Intel has released driver security updates for Centrino device drivers for Windows and for the Intel PROSet management software.

Until a patch has been applied, consider unwiring your wireless. "[P]atching the Centrino flaws and turning off wireless cards is indicated as an immediate response," Paller recommends. Firewalls are unlikely to help because they're not designed to filter low-level wireless device communication.

The Washington Post's Brian Krebs, who broke this story, reports that Apple and Microsoft are working with wireless card vendors and original equipment manufacturers to remedy the problems.

It's not immediately clear how easy it will be to get these fixes into the hands of notebook computer users.

Comment  | 
Print  | 
More Insights
2014 Next-Gen WAN Survey
2014 Next-Gen WAN Survey
While 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.