ARLINGTON, Va. -- Security researcher David Maynor, who ruffled the
feathers of executives of Apple Computer at last year's Black Hat
conference, disclosed email exchanges that he says proves that he
and fellow researcher Jon Ellch, worked with Apple and provided
researchers there with information on vulnerabilities in the
company's wireless device drivers.
 | | | | | There are a lot of things you can
blame me for. I was wrong. At the same time, I also didn't try to
assassinate Apple.
David Maynor,
security researcher |
| | | | | |
| |
|
Last year, Maynor, who was a senior researcher with
Atlanta-based managed security services provider (MSSP) SecureWorks
Inc., and Ellch, showed attendees a video in which
Maynor used a Dell Inc. laptop to compromise a MacBook in about 60
seconds, just by targeting its wireless card and wireless
device driver. The presentation caused uproar in the Mac community
and Apple pressured Maynor into writing a blog entry on the
SecureWorks Web site saying that the laptop did not contain any
vulnerabilities.
In a presentation at the Black Hat DC Training conference on
Wednesday, Maynor revealed several exchanges he had with Apple
after the public demonstration, disclosing packet captures that
showed he tried to give researchers there the ability to exploit
the flaws. He also showed several email exchanges that he said
proves that he helped Apple build a Wi-Fi auditing box after Apple
researchers couldn't get the exploit to work internally. The email
exchanges he provided were from his personal email account. He said
he is still unable to discuss any communication he had with Apple
via his SecureWorks email account.
 |
| David Maynor: |
Podcast: David Maynor: Researcher David Maynor talks about the
threat to laptop wireless cards and the stir a demonstration caused
at last year's Black Hat conference. Listen to our Newsmaker
Rapid-fire Q&A segment. (Runtime: 13:43)
8/2/2006:
Wireless cards make notebooks easy targets for hackers:
Researchers who demonstrated how to hack a MacBook at Black Hat
admit that they used a third-party device driver. But the threat to
wireless devices is still serious.
9/22/2006:
Apple fixes Mac Wi-Fi flaws: Attackers could exploit flaws in
Apple's wireless technology to cause a denial of service or run
malicious code, resulting in the full takeover of vulnerable Mac
machines. |
|
| |
|
"I said over and over again on the video that although I'm
exploiting a MacBook, I'm not exploiting anything native," Maynor
said. "The bugs that affected the MacBook also affected every
Windows machine with a Broadcom card."
Maynor, who currently serves as chief technology officer of
Errata Security, also took the blame for not disclosing the
vulnerabilities to Apple before the public demonstration at the
Black Hat conference.
"I made mistakes, I screwed up," Maynor said. "I probably
shouldn't have done that demo. I probably shouldn't have talked to
a reporter about it before the information was made available.
There are a lot of things you can blame me for. I was wrong. At the
same time, I also didn't try to assassinate Apple."
Maynor said that although the demonstration took place on an
Apple MacBook using version OS X 10.4.6, he said repeatedly on the
video that the Wi-Fi flaws affected a variety of drivers and not
just Apple. Apple released version 10.4.8 which patched the
wireless bugs, but Maynor said neither he nor Ellch, were credited
with discovering the flaws. Maynor said he plans to
release the attack code
for researchers on his blog.
"I believe in responsible disclosure, but disclosure should be a
two way street," Maynor said, adding that he won't likely talk to
Apple researchers as he conducts further research on wireless
exploits.
One of the major problems with wireless drivers is that driver
makers rely on chipset maker to provide a sample driver that they
can adopt to their needs, Maynor said. The reference driver created
from the sample is often vulnerable, he said.
Future research will cover other Wi-Fi areas, Maynor said.
Wireless fuzzing will not just target the 802.11 specification.
Bluetooth is susceptible as well as WiMax and infrared technology,
he said.
"So far we haven't delved into the trickey parts of the
protocols yet," he said. "There's a huge untapped area."