Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:10 PM
Connect Directly

Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack

Plans by two hackers to demonstrate wireless vulnerabilities at the Black Hat Conference shoot "a pretty big hole in the 'bulletproof' image Apple is trying to project," according to the SANS Institute.

Wireless device drivers for computers running both Apple Computer and Microsoft operating systems appear to be full of holes, and a prominent security researcher recommends turning off wireless cards until the holes can be fixed.

Last night, Intel and the SANS Internet Storm Center announced three Centrino vulnerabilities that can also be used to take over computers using Centrino-based wireless cards.

Introduced in 2003 by Intel, the Centrino package consists of the CPU chip, chipset, and wireless network module.

On Wednesday afternoon at the Black Hat computer security conference in Las Vegas, hackers Jon "Johnny Cache" Ellch and Dave Maynor plan to demonstrate how to take over any Apple MacBook if its wireless card is turned on, even if the owner isn't connected to a wireless network.

In an e-mail to the SANS mailing list and government security researchers, SANS Institute Director Alan Paller warns, "This is a big story for several reasons. First it shoots a pretty big hole in the 'bulletproof' image Apple is trying to project (notice the words Maynor used in the Krebs interview). Second, it isn't just about Macs. The vulnerabilities apparently can also be found in Centrino-based laptops as well. Third, by nature, attackers (a.k.a. security researchers) are swarm organisms. That means they will see Maynor's work as a beacon to follow toward a new cache of useful vulnerabilities. And finally, the really bad guys are already using these flaws (and are frustrated that Maynor is making them public)."

Apple on Tuesday released a Security Update (Security Update 2006-004) to fix 26 Mac security flaws. But this security update doesn't address the wireless chip driver flaws that Ellch and Maynor plan to demonstrate.

An Apple spokesperson says the company is looking into the issue.

Intel has released driver security updates for Centrino device drivers for Windows and for the Intel PROSet management software.

Until a patch has been applied, consider unwiring your wireless. "[P]atching the Centrino flaws and turning off wireless cards is indicated as an immediate response," Paller recommends. Firewalls are unlikely to help because they're not designed to filter low-level wireless device communication.

The Washington Post's Brian Krebs, who broke this story, reports that Apple and Microsoft are working with wireless card vendors and original equipment manufacturers to remedy the problems.

It's not immediately clear how easy it will be to get these fixes into the hands of notebook computer users.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll