Apple Silencing Wireless Hackers?Controversy erupts over weekend ToorCon no show ( old news - 02:40PM Monday Oct 02 2006) tags: wireless · security · MacWireless hackers Jon "Johnny Cache" Ellch and David Maynor were set to give a talk at ToorCon over the weekend, with the intent being to cover the vulnerabilities in Apple's wireless stack they recently received ample heat over. At the last second, Maynor's employer, SecureWorks, forced him to cancel the appearance - allegedly due to external pressure from Apple. Ellch took the stage to apologize, and to lash out at Apple's tactics: "Dave very much wanted to be here. The fact that Secureworks/Apple managed to compel him not to means that they must have had something very compelling to stop him. I'm not supposed to talk about what that is.
Let's recap this thing.
We give a talk saying that device drivers have lots of bugs.
We demo one bug in Apple.
A few days later, when Apple starts flaking on a patch, we tell them we are going to do a live demo of it at ToorCon, so it would be a good idea to get it patched before that.
Apple says that it doesn't exist, and we didn't talk to them about it.
A few weeks later (one week before ToorCon) they patch it, and say we had nothing to do with it.
One day before the talk, SecureWorks and Apple get together to and manage to stop dave from coming. They also issue a cutesy press release." The full transcript is available here.
Related:- FBI Gets DS3 Backdoor Into Verizon Wireless Network?
- Steal Wi-Fi In Maryland? Face 3 Year Prison Stretch
- 3G iPhone: June Launch, Starting At $399
- Cell Phones and VoIP Calls Easy to Hack
- Apple: 1 Million 3G iPhones Sold In 3 Days
- iPhone May Have 3G Chip Flaw
- Friday Evening Links
- Tuesday Morning Links
|
 
David
Last man standing
Premium,VIP
join:2002-05-30
Granite City, IL
clubs: | These aren't the droids you are looking for For shame apple, for shame!! | |
|  | 
rachelsfx
join:2004-09-27
Pensacola, FL | Re: These aren't the droids you are looking for Considering they "engineered it," maybe they shouldn't be there. | |
| dadarkside
Premium
join:2006-05-20
The Moon
| Who ever said life was supposed to be fair? Exposing the flaw is fine.
Pointing it out to Apple is fine.
Publishing your findings BEFORE Apple has a fix for it, not so fine.
Since the talented individuals who found the flaw intended to hold Apple's feet to the flame (so to speak), what did they expect Apple to do? Take it up the ass?
LOL, aint happenin.
If credit for finding a flaw was all they wanted, why did they threaten apple to expose their flawed drivers in a very public forum?
I don't have a whole lot of sympathy for these guys.
Props for finding the flaw, but, hey, it isn't too bright to threaten someone with deep pockets.
Life aint fair, stop expecting it to be fair and your life will get easier. | |
| | 
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs:
 ·Embarq
| Re: Who ever said life was supposed to be fair? said by dadarkside  :I don't have a whole lot of sympathy for these guys. Props for finding the flaw, but, hey, it isn't too bright to threaten someone with deep pockets. So might makes right? These people had a right to expose this flaw. If Apple was refusing to acknowledge the flaw then they should come forward with the details to force Apple to fix it, which is essentially what they did. Just because Apple has more money than them doesn't give Apple the right to bully people around.
This is all barring what it was that Apple was able to do to silence the guy. Seeings how we don't know there is speculation that maybe there was something going on we don't know about.
--
"Padre, nobody said war was fun now bowl!" - Sherman T Potter
»www.cafepress.com/maxolasersquad
»maxolasersquad.com/
»maxolasersquad.com/network/ My DSL Network Guide
»myspace.com/mlsquad | |
| | | 
digitalfreak
Frodo failed. Bush has the ring
join:2005-12-09
49533
edit:
October 2nd, @02:52PM
| Re: Who ever said life was supposed to be fair? Exactly. If Apple refuses to even acknowledge that there was a problem, then these guys had every right to go public with it. Still amazes me that companies think "security by obscurity" works. Another fine example of the Steve Jobs "Reality Distortion Field". | |
| | | dadarkside
Premium
join:2006-05-20
The Moon
| Never said it was right. Clearly said that life wasn't fair.
Read a little more carefully...
The guy was free to speak.
I do believe, however, that doing so, would have been a job limiting decision.
However, Apple is also free to exert pressure. (most likely of a financial nature, and directed towards his place of employment.)
Again, threatening people with deep pockets can be risky.
Just sayin dude, not supporting Apple here, but, they threatened Apple, Apple threatened back, the dude chose employment. | |
| | | | 
Niklaus
@ucsd.edu
| Re: Who ever said life was supposed to be fair? > Just sayin dude, not supporting Apple here, but, they threatened Apple,
> Apple threatened back, the dude chose employment.
The guy doesn't work for Apple, so it's none of Apple's business what he says and doesn't say.
His employer should have told Apple to stick it where the sun don't shine! | |
| | | | | dadarkside
Premium
join:2006-05-20
The Moon
| Re: Who ever said life was supposed to be fair? said by Niklaus :
> Just sayin dude, not supporting Apple here, but, they threatened Apple,
> Apple threatened back, the dude chose employment.
The guy doesn't work for Apple, so it's none of Apple's business what he says and doesn't say.
His employer should have told Apple to stick it where the sun don't shine!
Apple apparantly has some influence over his employer, this is true. His employer didn't feel that supporting him against Apple was a wise business decision.
Bummer. That's life. It aint fair, it just is. | |
| | 
JakCrow
join:2001-12-06
Palo Alto, CA
edit:
October 2nd, @06:17PM
| Apple had plenty of time to patch it before these guys were going to go live with the flaw. Sometimes the only way to get a company like to "do the right thing" is to shame them into doing it. | |
| | | dadarkside
Premium
join:2006-05-20
The Moon
edit:
October 3rd, @10:11AM
| Re: Who ever said life was supposed to be fair? said by JakCrow :Apple had plenty of time to patch it before these guys were going to go live with the flaw. Sometimes the only way to get a company like to "do the right thing" is to shame them into doing it. So?
Nobody likes having their hand forced. Individual or corporation. I am not saying Apples actions are right. I think...Predictable fits this scenario though.
They took a swing at Apple, Apple swung back. What did they expect?
The guys went after someone with deep pockets.
Do so at your own risk. | |
| Ricky Smith
Premium
join:2004-09-11
Winter Park, FL | Pirates The team of people at apple are pirates.
"Pirates of Silicon Valley"
--
Ricky SmithVerizon FIOS User15 Mbit Down 2 Mbit Up | |
| | 
Camelot One
Premium,MVM
join:2001-11-21
Austin, TX
clubs: | Re: Pirates Actually the movie made it clear that Bill Gates and Microsoft were the pirates. Apple asked for and received permission for everything they used. | |
| | | Ricky Smith
Premium
join:2004-09-11
Winter Park, FL | Re: Pirates I was speaking in terms of Steve Jobs and how he had a pirate flag flying over the apple headquarters.
--
Ricky SmithVerizon FIOS User15 Mbit Down 2 Mbit Up | |
| | | | 
envoid
join:2002-12-21
Duluth, GA | Re: Pirates Keep Woz out of it... He's just an engineer that likes to make things work. Jobs is the maniacal brains behind the obscurity movement.
 | |
| | | | voyager6868
join:2003-01-29
Waterloo, ON | Apple is perfect Huh? I thought Macs were invulnerable to any type of virus or intrusion because the TV ad says so. Clearly these wireless hackers are on dope, right Apple? | |
| | 
koitsu
Premium
join:2002-07-16
Mountain View, CA
edit:
October 2nd, @02:46PM
| Re: Apple is perfect Transcript with a person I used to work with (now in a different dept.), when I informed him that his personal/at-home Macbook was siphoning spam/unsolicited mail through our corporate mail servers via an SSH tunnel on one of our shell machines:
"No! You're not listening! That can't be happening."
"Well, it's happening. I'm sitting here looking at the mail server queue, and I'm sitting here looking at the packets with tcpdump. It's like you've got a trojan or some malicious software on your home machine"
"That's impossible. There is no spyware, no trojans, no viruses. That can't happen, it's a Mac."
Turns out he had configured his mail server on his Macbook to push SMTP via the SSH tunnel (which redirected through one of our corporate shell machines to the corporate mail server) -- while at the same time, had port-forwarded an arbitrary port on his home router to his Macbook ""for testing purposes"". His mail server had no relay access rules configured in it, and was therefore acting an open proxy.
I'm amazed this guy still works here. He could've gotten our entire company added to an RBL/DNSBL. *sigh*
Ignorance is bliss...
--
Making life hard for others since 1977. | |
| | | squid7
Premium
join:2006-09-02 | Re: Apple is perfect No OS, no matter how robust, can defend itself from a stupid user. | |
| | | | yabos
join:2003-02-16
Ingersoll, ON | The TV ads don't say they're invulnerable they say they don't have viruses or spyware in the wild which is 100% true. Stop making up stuff. | |
| | | squid7
Premium
join:2006-09-02
 ·Cox HSI
edit:
October 2nd, @05:14PM
| Re: Apple is perfect More specifically, the "I'm a Mac, I'm a PC" commercials state that Macs aren't vulnerable to Windows viruses and spyware.
Mac to PC "I run OS ten so I don't have to worry about YOUR viruses and spyware..."
»movies.apple.com/movies/us/apple···x376.mov | |
| | 
ifarrell
join:2000-08-10
Willow Spring, NC
 ·Vonage
| said by voyager6868 :Huh? I thought Macs were invulnerable to any type of virus or intrusion because the TV ad says so. Clearly these wireless hackers are on dope, right Apple? Well you thought wrong.
Perhaps you should watch the TV Ad again because that is not what it says.
There has never been at any time an Ad that states Macs are invulnerable to Viruses or Attacks.
Besides, nobody likes their baby being called ugly. | |
| squid7
Premium
join:2006-09-02
·Cox HSI
edit:
October 2nd, @03:00PM
| Vulnerability? I must be mistaken but I thought they found a so-called flaw by using hacked drivers for non-Apple hardware...a fact that they overlooked when first bringing this vulnerability up. From what I understand the OEM drivers don't have the vulnerability.
They were able to take over a machine that they had installed the hacked drivers and USB wireless adapter on.
Is that really a vulnerability? | |
| | 
MattE
Obama '08
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
 ·Corporate Colocation
| Re: Vulnerability? said by squid7 :I must be mistaken but I thought they found a so-called flaw by using hacked drivers for non-Apple hardware...a fact that they overlooked when first bringing this vulnerability up. From what I understand the OEM drivers don't have the vulnerability. They were able to take over a machine that they had installed the hacked drivers and USB wireless adapter on. Is that really a vulnerability? Yes, it's really a vulnerability: »docs.info.apple.com/article.html···m=304420 | |
| | | squid7
Premium
join:2006-09-02
·Cox HSI
edit:
October 2nd, @03:19PM
| Re: Vulnerability? I'm confused then...if this vulnerability is in OEM drivers, why did they need hacked drivers or otherwise modify a Macbook to demonstrate this?
Shouldn't they have been able to demonstrate the existance of this vulnerability on an out of the box Macbook rather than a modified one as reported by Secureworks.
quote:
"This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers," the disclaimer says. "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver--not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."
So is Apple patching a non-Apple driver? | |
| | | | squid7
Premium
join:2006-09-02
edit:
October 2nd, @03:23PM
| Re: Vulnerability? nm | |
| | | |
MattE
Obama '08
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
·Corporate Colocation
| said by squid7 :I'm confused then...if this vulnerability is in OEM drivers, why did they need hacked drivers or otherwise modify a Macbook to demonstrate this? Shouldn't they have been able to demonstrate the existance of this vulnerability on an out of the box Macbook rather than a modified one as reported by Secureworks. quote:
"This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers," the disclaimer says. "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver--not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."
So is Apple patching a non-Apple driver? Did you read the link? Apple patched the AIRPORT. | |
| | | | | squid7
Premium
join:2006-09-02
·Cox HSI
edit:
October 2nd, @03:52PM
| Re: Vulnerability? Did you read Secureworks' statement?
quote:
...was exploited through a third-party wireless device driver--not the original wireless device driver that ships with the MacBook.
Cache demoed this using modified 3rd party drivers, not OEM Airport drivers. In order to accomplish what Cache accomplished in his demo, Cache would have had to obtain possession of the victims Macbook, installed his hacked drivers and USB device and return it without the victim noticing. Hardly a realistic vulnerability...expecially considering that all Macbooks include Airport Extreme (not 3rd party) hardware. Seems to me that if Cache was on the up and up he should have demoed this on an OEM Macbook if such a vulnerability existed as he claimed rather than try and pass this off as an easy OEM vulnerability. | |
| | | | | |
JakCrow
join:2001-12-06
Palo Alto, CA | Re: Vulnerability? Airport Extreme hardware is just rebadged OEM stuff. They were using Broadcom last time I looked. | |
| | | | | | | squid7
Premium
join:2006-09-02
·Cox HSI
edit:
October 2nd, @07:08PM
| Re: Vulnerability? said by JakCrow :Airport Extreme hardware is just rebadged OEM stuff. They were using Broadcom last time I looked. Cache's claimed vulnerability didn't exist in Apple's OEM drivers. Which is the whole point. He set up this demo failing to disclose that he used hacked 3rd party drivers. Only later was this stunt discovered and Secureworks had to add the disclaimer.
The course of events is simple.
David Maynor and Jon Ellch fake vulnerability demo using hacked 3rd party drivers in their modded Macbook.
Apple freaks out and starts auditing code.
Maynor and Ellch's stunt is uncovered and Secureworks has to back off their claim and admit that the duo used purposely 'flawed' drivers for the demo and that THE VULNERABILITY CLAIMED BY MAYNOR AND ELLCH DID NOT EXIST IN APPLE'S OEM DRIVERS.
Apples internal code audit turns up possible issues which are promptly patched despite no exploit actually existing.
Apple is pissed at the duo for faking this stunt hurting Apple's reputation and haunts them everywhere they go.
| |
| | | | | yabos
join:2003-02-16
Ingersoll, ON
| Maybe you should read this link
»www.macworld.com/news/2006/09/29···ndex.php
"Apple released an update for its wireless drivers one week ago, but said that no known exploits existed for the issues addressed in the update"
and this link
»www.macworld.com/news/2006/09/21···ndex.php
"Apple said the issues found were the result of an internal audit of the software drivers and that no known exploits exist for the issues addressed in this update.
The internal audit came as a result of claims by a senior researcher at SecureWorks that said he had revealed a vulnerability in Apple’s MacBook wireless software driver that would allow him to take control of the machine. SecureWorks later clarified its position and said it had used a third-party driver and not Apple’s driver.
Apple has maintained that SecureWorks has provided no proof that Mac drivers are vulnerable in any way.
“They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit,” Apple spokesman, Anuj Nayar, told Macworld. “Today’s update preemptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac.”" | |
| | | | | |
See 6 replies to this post | |
|
MattE
Obama '08
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
·Corporate Colocation
edit:
October 2nd, @05:26PM
| Yes, I have followed this closely. Do you understand what Cache did to accomplish this attack?
If so, compare that to this "fix" from my link by Apple for the Airport:
AirPort
CVE-ID: CVE-2006-3508
Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7
Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution
Description: A heap buffer overflow exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4. | |
| | |
See 9 replies to this post | |
| 
kamm
join:2001-02-14
Brooklyn, NY
·Packet8
| said by squid7 :I must be mistaken but I thought they found a so-called flaw by using hacked drivers for non-Apple hardware...a fact that they overlooked when first bringing this vulnerability up. From what I understand the OEM drivers don't have the vulnerability. They were able to take over a machine that they had installed the hacked drivers and USB wireless adapter on. Is that really a vulnerability? I have a feeling you didn't really catch the story... | |
| | | squid7
Premium
join:2006-09-02
·Cox HSI
edit:
October 3rd, @08:43AM
| Re: Vulnerability? said by kamm : I have a feeling you didn't really catch the story... Which I thought was Apple hounding the frauds Jon "Johnny Cache" Ellch and David Maynor. How Ellch and Maynor get credit for Zovi and Duin's work and placed in the halls of PC martyrdom is escaping me.
The recent Apple patch has nothing to do with Ellch and Maynor's fraudulent demo at Blackhat. This recent patch is one of zillions Apple has issued for OS X over the years.
The story is becoming that there are PC users hoping that the Apple OS gets decimated in some widespread attack. | |
| 
N3OGH
They both suck, we're so screwed
Premium
join:2003-11-11
Philly burbs
·Verizon Online DSL
| OS X is more secure... Well, I got ya to read it, didn't I?
If Maynor believed his discovery was a genuine threat, he should have waited until Apple patched it. It's called ETHICS folks. He's not some "black hat" hacker running net bots and Russian credit card scams. He works for a computer security company that bills itself as " the leading Managed Security Service Provider (MSSP) serving the security needs of banks, credit unions, healthcare providers, utilities and other security-oriented companies as they protect themselves against hackers and other cyber criminals." It's his job to stop people from hacking into computers, not show the whole world how to do it.
Putting this threat, or ANY threat out in the public realm, without making sure the company responsible has secured it is akin to medical malpractice.
If he believes the threat was indeed genuine, he needlessly put millions of computer users at risk of compromising their data for not other reason than to massage his ego. If he didn't believe the threat was genuine, he put out a fluff piece simply to..massage his own ego.
Quite frankly, he deserves a spanking from someone for either being unethical or being a damn liar. If SecureWorks wasn't willing to do it on their own, kudos to Apple for forcing them to... | |
| |
JakCrow
join:2001-12-06
Palo Alto, CA | Re: OS X is more secure... Apple had plenty of time to patch it before these guys were going to go live with the flaw. Sometimes the only way to get a company like to "do the right thing" is to shame them into doing it. | |
| | |
N3OGH
They both suck, we're so screwed
Premium
join:2003-11-11
Philly burbs
·Verizon Online DSL
| Re: OS X is more secure... Either way, his profession is computer security.
So, while he's "shaming" someone, my data is at risk? How about this.
The police are conducting an investigation into a local bank robbery. The local paper decides they're "taking to long" and decides to publish the name and photograph of the robber in the local newspaper before they complete the investigation and arrest him, and he gets away.
Of course the paper knows this, but they do it anyway. Unethical? Damn skippy.
Same thing. If the risk was as high as he said it was, he put millions of USERS at risk for no good reason. Obviously no one knew about this exploit before he published it. Since no one knew of it, the risk was nill.
His actions are what made the exploit common knowledge, and ultimately a threat. He put MY data at risk for no good reason other than being the "guy who found the hole in the Mac". It's unethical, and no measure of rationalization can explain it away.... | |
| | | |
JakCrow
join:2001-12-06
Palo Alto, CA
·DSL EXTREME
edit:
October 2nd, @06:50PM
| Re: OS X is more secure... You misunderstand the whole issue. Apple had plenty of time to fix the problem. Apple -wasn't fixing it-. Apple was dragging its feet over the issue, or just providing misinformation about it. Quite a while has gone by since the original news about these flaws, and it was only last week that Apple released a fix. How long should someone sit on their research, waiting for a company to even admit there's a problem? A week? A month? 6 months? You realize that Microsoft wouldn't issue half the patches they do if it weren't for 3rd parties discovering security issues and going public with them, right? | |
| | | | |
N3OGH
They both suck, we're so screwed
Premium
join:2003-11-11
Philly burbs
·Verizon Online DSL
| Re: OS X is more secure... said by JakCrow :How long should someone sit on their research, waiting for a company to even admit there's a problem? Till they die and rot, if it takes that long.
If this guy was a lone wolf, I would have a lot less of a problem with it. But his job is to make computers more secure for a multitude of large clients.
I don't believe for a second that his motives were 100% altruistic. This guy was looking for publicity. He got it, and now he reaps what he sows.
If he doesn't like it, he can quit his computer security job and go copy DVD's in his basement. Then he's free to speak wherever and whenever he wants. As long has he's working where he's working, he bound by their directives. | |
| | | | | 
Johnny
Premium
join:2001-06-27
Atlanta, GA | Apple -wasn't fixing it-.
There was nothing to fix. The "flaw" he "discovered" didn't exist. Read Apple's response. | |
| 
BuriedCaesar
It's Not Polite To Stare.
join:2004-03-27
Richardson, TX
·AT&T Yahoo
| Has it occurred to anyone ...that Maynor was pressured to NOT speak by his employer because if he had it would NOT have been particularly bad for Apple? Instead, is it possible that it would have been not only bad for Maynor, personally, but for his employer, too? May have been in SecureWorks best interests to muzzle Maynor and leave well enough alone and hope this whole stink quickly blows over, and they can slink back into the shadows.
So far things haven't been going their way: »daringfireball.net/2006/09/airpo···y_update
Apple could have said - "Hey, SecureWorks, go right ahead and let Maynor dig himself that grave at ToorCon - the moment he speaks about this issue, we'll be glad to tell the story from our end. You [SecureWorks] and Maynor, may not like the result. It's your neck, your noose, your company, your reputation...seems you have some decisions to make..."
--
That was preposterous! Utter Nonsense! Totally unsupportable drivel! You can't be serious!....Um, what did you say? | |
| | | 
linicx
Caveat Emptor
Premium
join:2002-12-03
United State | Hacked Drivers I guess if you can use hacked drivers to patch a problem. you can also used hacked drivers to create one.
Kinda like a Gordian Knot isn't it?
--
Mac: No windows, No gates, Apple inside | |
| | | |
|
|
