The internet is abuzz with news that researchers David Maynor and Jon “Johnny Cache” Ellch from Blackhat (a website dedicated to computer security) have exploited what they call “buggy code in the device driver” of a third-party wi/fi USB card plugged into a black MacBook, allowing them “complete interactive access” to the MacBook. This has been hyped as a fault in the MacBook, or OS X; in reality, this demonstration shows a fault in the driver for the third party wi/fi USB card. Their video, which is very good, does not so much demonstrate flaws in OS X or the MacBook, but potentially dangerous flaws in third-party device drivers.
It seems that buggy device drivers are a hackable problem for almost every computer ever created. Unfortunately, buggy, exploitable third party drivers are a fact of our digital lifestyle. Drivers are created by software companies working for hardware companies, often under pressure to rush a product to market. This has rarely been an issue for Apple, because of the way Apple deals with companies that create compatible third party products.
The Washington Post reports that Apple “outsources the development of its wireless device drivers to third parties. In Apple’s case, the developer in question is Atheros, a company that devises drivers for a number of different wireless cards, each designed with drivers specific to the operating systems on which they will be used.”
While this demonstration shows weakness in third-party drivers, it does appear that the default MacBook drivers may be exploitable. This detail will have to be clarified. If this is the case, I’m sure Apple will come out with a patch. For now, this hack has only been demonstrated with a third-party wi/fi card, and it’s buggy drivers.
There are some questions about the researchers methods. The researchers said that the machine’s defaults were slightly modified, it appears the MacBook was set to automatically join an open wi/fi network, it’s not clear if the researchers were able to access the root of OSX, or only a user level, and if they did access the root, they would have had to enable root access somehow.
This brings me to the issue of wireless security for computers in general. The flaws discovered by the researchers could be exploited before the wireless device is connected to a network. In a PCWorld interview, Johnny Cache “You don’t have to necessarily be connected for these device driver flaws to come into play,” Ellch said. “Just because your wireless card is on and looking for a network could be enough.”
This is because wireless devices are often set up to constantly search for new networks, and most are configured to automatically connect to any available wireless network. One writer calls this activity “a potential vector for exploits.” Indeed, wireless cards are becoming a very popular target for hackers and wanna-be hackers.
In OS 10.4, you can make your Mac with a wi/fi card less vulnerable to attacks by browsing to System Preferences>Network. Under Network, select Airport>Options. Select “By default, join Preferred Networks.” Then click the Options button. Here you should at least select “Ask before joining an open network.” You should also consider selecting the other options listed there, depending if you favor security over convincing, or vice versa.
Never log in as a root user on a public network. You should always have a password assigned to your user account on your Mac. You can set this up under System Preferences>Accounts. While you are in System Preferences, click on the Security panel and select “Require password to wake this computer from sleep” and “Disable Automatic Login.”
None of the buggy driver exploits are known to have been used “in the wild.” I can’t imagine why anyone would connect a third-party wi/fi card to their MacBook, as it already has a great wi/fi card (the Airport Extreme card) built in. But it’s good this information is out there; it reminds us that no computer on a network is ever 100% safe. Even with our wonderful Macs, we should be savvy when it comes to digital security.