Is the Mac’s Airport card secure?

Posted on August 23, 2006 by Ian Betteridge

I’ve largely refrained from commenting on the whole issue of whether Apple’s Airport hardware is vulnerable to the security hole that was demonstrated at Black Hat by Maynor and Ellich, and initially reported by Brian Krebs of the Washington Post. The reason that I’ve refrained is largely because I don’t know enough to meaningfully contribute to the debate: this kind of hacking is well outside my experience, yet alone expertise. Although I know a thing or two about viruses, I’m not in any way a security analyst.

What’s more, there’s been an awful lot of noise and not enough meaningful information. A lot of Mac users seize on any challenge to the idea that the Mac is totally secure as if it were a threat to their lives. There’s an awful lot of sound and fury, and not enough smart analysis.

Which is why I’m pleased that there’s been not just one but two pieces of very smart analysis on the subject that shine out as the best writing on the subject. If you’re a Mac user, I recommend you read them both, in order.

First of all, there’s John Gruber’s excellent post on “The Curious Case of the MacBook Wi-Fi Hack“. In this, John looks at the claims made by Krebs, Maynor and Ellich, and concludes that the whole thing is bunk – the whole thing smells as bad as the breath of the Kraken. Incidentally, John the one of the finest writers on the Mac today, and if you haven’t already done so you should send him money so he can carry on doing it full-time. I don’t always agree with him, but he’s never less than excellent. Go on – get off there and send him money.

Back yet? Good. After you’ve read John’s piece, head off to Securosis.com, and read “Another Take on the Mac Wireless Hack“. This takes John’s work as a starting point, and shows how you can reach almost exactly the opposite conclusion – that there is a problem, and it’s a big one – from the same premises. It’s smart, sharp, well written and overall brilliant stuff.

So who’s right? The fact is that it’s simply too early to say. The good news is that Securosis has already been exchanging emails with John, so hopefully there will be some more discussion between the two. But what we’re really all waiting for is a categorical statement from Maynor and Ellich, and that will come only when the security hole – if there is one – is patched. 

Technorati Tags: , , , , ,

This entry was posted in Macs, Web/Tech. Bookmark the permalink.
  • zato

    The “hack” was demoed at Black Hat on Aug 2.

    Domain Name: SECUROSIS.COM

    Registrar: WILD WEST DOMAINS, INC.

    Whois Server: whois.wildwestdomains.com

    Referral URL: http://www.wildwestdomains.com

    Name Server: NS2.BLUEHOST.COM

    Name Server: NS1.BLUEHOST.COM

    Status: REGISTRAR-LOCK

    EPP Status: clientDeleteProhibited

    EPP Status: clientRenewProhibited

    EPP Status: clientTransferProhibited

    EPP Status: clientUpdateProhibited

    Updated Date: 07-Aug-2006

    Creation Date: 07-Aug-2006

    Expiration Date: 07-Aug-2007

  • James Bailey

    Zato, very curious indeed. Thanks!

  • http://technovia.typepad.com Ian Betteridge

    Zato, are you suggesting that there’s a connection between the two?

    A quick look at http://www.securosis.com/about would suggest not. The blog’s author is Rich Mogull, who’s a research vice president at Gartner. His bio (pinched from Gartner’s site) reads thus:

    “Rich Mogull is a research vice president in Gartner Research, where he is part of the Information Security and Risk practice. Mr. Mogull has accumulated a range of skills and experiences spanning IT and business, with backgrounds in programming, systems administration and network administration. He has consulted, authored and lectured on Internet security, risk and compliance management, database design, and Internet application development. Previously, he was director of Software Development Services for the Graduate School of Business Administration at the University of Colorado. In addition, Mr. Mogull founded Phoenix Solutions, Inc., a design and consulting firm.”

  • James Bailey

    It turns out that the whois above is not that interesting after all. It looks very much like a coincidence that the blog was created 5 days after the MacBook Hijacking fiasco. The blogger is upfront about contact information, who he is and that the blog is new. Nothing to see here.

  • zato

    The name and tag for the website. “Securosis”-A mental disorder characterized by cynicism, paranoia, and the strange compulsion to defend random objects. (i.e. MacBooks)
WTF-this is babble. And worded exactly to fit this article. I’ll translate: Mac Fanboys are paranoid, mentally disturbed loonies. The site was created to defend Maynor and Ellich and the hack.

    When you see this kind of crap from someone who should be guarding his professional reputation, you know he’s been taken care of….

    A suitable amount of time after this all fades away, I expect to see articles from this guy proclaiming the wonderfulness of Vista security.

    
This whole thing is a black PR attempt to damage the Mac rep for security that went wrong. I’m sure they’ll find a way out some how, as I’m equally sure there is plenty of money behind the whole thing.

  • http://technovia.typepad.com Ian Betteridge

    Zato, you have precisely zero evidence for anything that you’re saying. There’s nothing there that’s attacking the Mac – it’s simply saying that the jury’s still out. What’s more, you’re actually sounding eactly like the kind of paranoid Mac user that you’re claiming it’s talking about.

    Dude, step away from the Macbook, take a big deep breath. There isn’t some big conspiracy of “black PR”.

  • http://profile.typekey.com/alastair/ alastair

    To my mind there are two separate issues here:

    1. The fact that there is a *possibility* that the MacBook’s built-in WiFi is vulnerable. To date nobody has provided sufficient evidence in either direction, and I don’t think we can really draw any conclusions in this regard from Lynn Fox’s statement either.

    2. The fact that Maynor, Krebs and Ou all seem to be attempting to upset some elements of the Mac community. Some of the things they’ve done may simply have been ill-considered (Krebs’ choice of title, for example), but at the very least Maynor’s remarks were clearly made with that intent.

    It’s a bit disappointing that some people apparently can’t separate the two in their minds. There have been vulnerabilities that affected wireless laptop users before, so it doesn’t seem unlikely that there might be others discovered now or in the future. It’s quite possible that Maynor and Ellch did discover a general class of vulnerability that could affect Apple’s driver. Maybe it does, maybe it doesn’t. At present, we just don’t know.