Hijacking a Macbook in 60 Seconds

pianoman · Aug 2, 2006

A blog entry from today's Washington Post (online edition) is about two guys who think they can exploit a flaw in the wireless driver.

http://blog.washingtonpost.com/securityfix/

JBot · Aug 2, 2006

"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something,"

probably the best part of this blog.
interesting. However, its not so much that they can hijack a mac, as they claim they can exploit any machine with a wireless signal. This may be interesting.

pianoman · Aug 2, 2006

i laughed at that part, too.

it will be interesting to see how they do it and what they can do (if successful). and yeah, they claim they can exploit any machine with a wireless signal, but they chose to do it on a mac because of the security features associated with a mac.

dsnort · Aug 2, 2006

Oddly enough, my Airport card is not on by default. I have to actively select the service in Internet Connect to turn it on/off. Now, if I forget to turn it off after use, then it will start when the computer is turned on, kind of like not locking your doors though. I have no idea how to turn on/off the wifi card in a pc.
I also noted that Appple came out with a security update yesterday. Does anyone know if that addressed this issue?

MS bulldog · Aug 2, 2006

pianoman said:
they chose to do it on a mac because of the security features associated with a mac.

they chose to do it on a mac because of the annoying "get a mac" advertisements...according to the ars post.

http://arstechnica.com/journals/apple.ars/2006/8/2/4856

benthewraith · Aug 2, 2006

"I'm getting this tool to the point where it can tell you not only how many people in a room are running, say, Centrino or Broadcom devices, but that 'x' number are running them on a Windows box with a specific version of the driver," Ellch said. "The userful thing for that information is that if you have a device driver exploit and it's version-specific, you could tweak [the exploit] before you launch it."

Odd, I thought Netstumbler was supposed to do something like this?

pianoman · Aug 2, 2006

MS bulldog said:
they chose to do it on a mac because of the annoying "get a mac" advertisements...according to the ars post.

http://arstechnica.com/journals/apple.ars/2006/8/2/4856

they wanted to prove to mac owners that their machines aren't 100% threat-proof. my take on the "get a mac" ad comment is that they were trying to be funny. they rely on the assumption that people watching know how secure a mac is and try to disprove that perception.

benthewraith · Aug 2, 2006

pianoman said:
they wanted to prove to mac owners that their machines aren't 100% threat-proof. my take on the "get a mac" ad comment is that they were trying to be funny. they rely on the assumption that people watching know how secure a mac is and try to disprove that perception.

Either way it's incredibly rude, and insulting. Not every mac user is a smug, egotistical, rich person.

The very thought that they want to stab someone in the eye with a lit cigarette shows what kind of jerk they really are.

In case of confusion, this post is laced with sarcasm.

JBot · Aug 2, 2006

benthewraith said:
Either way it's incredibly rude, and insulting. Not every mac user is a smug, egotistical, rich person.

The very thought that they want to stab someone in the eye with a lit cigarette shows what kind of jerk they really are.

hahahahahahahaha.
All theyre saying is the ad which states macs are invincible are mistleading, and frusturating.
They want to stab the guy in the commercial. not you dont worry.
You can unlock your door and leave your room from playing WoW now.

ljump12 · Aug 2, 2006

benthewraith said:
Either way it's incredibly rude, and insulting. Not every mac user is a smug, egotistical, rich person.

The very thought that they want to stab someone in the eye with a lit cigarette shows what kind of jerk they really are.

I really hope your whole statement was meant with sarcasm.

benthewraith · Aug 2, 2006

JBot said:
hahahahahahahaha.
All theyre saying is the ad which states macs are invincible are mistleading, and frusturating.
They want to stab the guy in the commercial. not you dont worry.
You can unlock your door and leave your room from playing WoW now.

You know, I still wonder who the actor is that plays the "cool" kid on the Mac commercials? I'm thinking it's Justin Long but he isn't credited for it. Does anyone know who the kid is playing the Mac on the Mac vs PC?

Never mind, it IS Justin Long.

IMDB said:
In addition to his film appearances, he is a spokesman for the Apple Mac computers, appearing with John Hodgman in its commercials.

I know the PC dude is the guy that is always coming onto The Daily Show.

benthewraith · Aug 2, 2006

ljump12 said:
I really hope your whole statement was meant with sarcasm.

Better?

notjustjay · Aug 2, 2006

Bah.

Open challenger to hackers and script kiddies: If you can successfully hack my Mac (no physical access, of course), it is yours to keep.

Unspeaked · Aug 2, 2006

"I should note here that while the bad guys may or may not have known about these security weaknesses for some time, there is not a single shred of evidence that these flaws have been exploited "in the wild" (as security companies like to say)."

weg · Aug 2, 2006

notjustjay said:
Bah.

Open challenger to hackers and script kiddies: If you can successfully hack my Mac (no physical access, of course), it is yours to keep.

Post your IP address, please..

JBot · Aug 2, 2006

weg said:
Post your IP address, please..

If you cant figure it out im sure youre going nowhere fast.

nbs2 · Aug 2, 2006

dsnort said:
I have no idea how to turn on/off the wifi card in a pc.

On most (if not all) laptops, there is a toggle switch that turns it on and off. At least I assume it powers down the card and not just the antenna (on my old 3Com PCMCIA that I used with my old Vaio, the only way to turn it off was taking it out).

Fearless Leader · Aug 2, 2006

now all we need is that across the nation wireless and these guys can own every macbook.

. I think apple should use this in their marketing... "Buy the Macbook Pro, that guy in corner of the coffeshop cant take over it..."

also i want to see this. you know post all the steps, software, yata yata, to... umm... make sure its a real exploit.

JBot · Aug 4, 2006

*Updated*
Thought it was fake myself. http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html
Unless somehow theyve turned a vnc into a text mode dos command app, i guess this is some pretty huge news.

Note* Because im not sure if everyone will go here. This is NOT intended to exploit macs and macs only. It is clearly stated in the video that its exploiting a wireless signal.

WildCowboy · Aug 4, 2006

JBot said:
*Updated*
Thought it was fake myself. http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html
Unless somehow theyve turned a vnc into a text mode dos command app, i guess this is some pretty huge news.

Note* Because im not sure if everyone will go here. This is NOT intended to exploit macs and macs only. It is clearly stated in the video that its exploiting a wireless signal.

Did you happen to miss the Page 1 story on this? The discussion is taking place there now.

JBot · Aug 4, 2006

Where?

yellow · Aug 4, 2006

https://forums.macrumors.com/threads/221242/

Hijacking a Macbook in 60 Seconds

macrumors 68000

macrumors 6502

macrumors 68000

macrumors 68000

macrumors regular

macrumors 68040

macrumors 68000

macrumors 68040

macrumors 6502

macrumors 6502

macrumors 68040

macrumors 68040

macrumors 603

macrumors 68020

macrumors 6502a

macrumors 6502

macrumors 68030

macrumors 68020

macrumors 6502

Administrator/Editor

macrumors 6502

Moderator emeritus

Our Staff