NEWS

MacBook Security Gone in 60 Seconds

Print Version
E-Mail Article
Reprints

By Erika Morphy
MacNewsWorld
Part of the ECT News Network
08/03/06 2:39 PM PT

Two security specialists have demonstrated how they could exploit a vulnerability in the code of a MacBook wireless device driver to gain control of the computer, causing a small uproar at the Black Hat security conference in Las Vegas.


Rackspace is the expert when it comes to delivering hosting solutions. From building out Windows and Linux servers and highly complex configurations to managing and supporting network environments, mail solutions, storage, data backups and far more, Rackspace is here to make your life easier. Learn more.

At the Black Hat USA conference, two security researchers demonstrated how easily they could hack into a Mac computer -- in this case Apple's (Nasdaq: AAPL) Latest News about Apple MacBook -- over a wireless network.

Operating from a nearby laptop, David Maynor, a senior researcher with SecureWorks, and graduate student Jon Ellch took aim at the MacBook's wireless card and wireless device, compromising the computer in about 60 seconds.

The object lessons from this demonstration are manifold, starting with the simple fact that computer security must go beyond installing software to shield the operating system to include protection for wireless devices and cards. There is also this hard truth: It is becoming increasingly clear that Apple computers are not as safe as they were once perceived to be.

Targeting Mac

However, a caveat is necessary: Using a Mac is still far safer than using a Windows Rackspace is the expert when it comes to delivering Windows and Linux hosting solutions. Click here to learn more. system.

"Out of the box, a Mac is more secure than Windows," Scott Carpenter, director of security labs at Secure Elements, told MacNewsWorld.

"The problem is, Apple has been fostering a campaign telling consumers they don't have to worry about security if they use a Mac. They are not any more or less secure about vulnerabilities in their code than Windows, but they like to pretend that they are," he observed.

Noting that Apple has some smart security people on its staff, Carpenter suggested there might be "a behind-the-scenes war between them and marketing Learn how you can enhance your email marketing program today. Free Trial - Click Here. about the image a Mac should project."

He voiced another big gripe about Apple's approach to security: "Microsoft will tell you the criticality of a certain patch. Apple refuses to tell you if a patch is critical or not. It won't even tell you if it is a fix to a vulnerability or whether it is just a problem in the code. Their attitude is, 'Just trust us.'"

Wireless Security

That said, the hack attack into the MacBook would have worked on any laptop that didn't have the highest wireless encryption available installed.

Even with such encryption, Carpenter said, no system is 100 percent fail-safe. "Wireless in particular is inherently insecure, because people tend to use the lowest level of security that there is."

However, Mac's wireless device uses an old version of encryption -- WEP, or Wired Equivalent Privacy -- which is very easy to hack, he pointed out.

"It is very easy to break that protocol," Carpenter said. "I've done it for a major metropolitan government. I sat outside their office on my Harley and sniffed and sniffed and sniffed until I broke into their network."

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by Erika Morphy   RSS

Related News Alerts

Apple Activate Alert | Search Archives

Related Resources

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]