Email Delivery

Receive new posts as email.

Email address

Syndicate this site

RSS | Atom


About This Site
Contact Us
Privacy Policy


November 2010
Sun Mon Tues Wed Thurs Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        

Stories by Category

Basics :: Basics
Casting :: Casting Listen In Podcasts Videocasts
Culture :: Culture Hacking
Deals :: Deals
Future :: Future
Hardware :: Hardware Adapters Appliances Chips Consumer Electronics Gaming Home Entertainment Music Photography Video Gadgets Mesh Monitoring and Testing PDAs Phones Smartphones
Industry :: Industry Conferences Financial Free Health Legal Research Vendor analysis
International :: International
Media :: Media Locally cached Streaming
Metro-Scale Networks :: Metro-Scale Networks Community Networking Municipal
Network Types :: Network Types Broadband Wireless Cellular 2.5G and 3G 4G Power Line Satellite
News :: News Mainstream Media
Politics :: Politics Regulation Sock Puppets
Schedules :: Schedules
Security :: Security 802.1X
Site Specific :: Site Specific Administrative Detail April Fool's Blogging Book review Cluelessness Guest Commentary History Humor Self-Promotion Unique Wee-Fi Who's Hot Today?
Software :: Software Open Source
Spectrum :: Spectrum 60 GHz
Standards :: Standards 802.11a 802.11ac 802.11ad 802.11e 802.11g 802.11n 802.20 Bluetooth MIMO UWB WiGig WiMAX ZigBee
Transportation and Lodging :: Transportation and Lodging Air Travel Aquatic Commuting Hotels Rails
Unclassified :: Unclassified
Vertical Markets :: Vertical Markets Academia Enterprise WLAN Switches Home Hot Spot Aggregators Hot Spot Advertising Road Warrior Roaming Libraries Location Medical Public Safety Residential Rural SOHO Small-Medium Sized Business Universities Utilities wISP
Voice :: Voice


November 2010 | October 2010 | September 2010 | August 2010 | July 2010 | June 2010 | May 2010 | April 2010 | March 2010 | February 2010 | January 2010 | December 2009 | November 2009 | October 2009 | September 2009 | August 2009 | July 2009 | June 2009 | May 2009 | April 2009 | March 2009 | February 2009 | January 2009 | December 2008 | November 2008 | October 2008 | September 2008 | August 2008 | July 2008 | June 2008 | May 2008 | April 2008 | March 2008 | February 2008 | January 2008 | December 2007 | November 2007 | October 2007 | September 2007 | August 2007 | July 2007 | June 2007 | May 2007 | April 2007 | March 2007 | February 2007 | January 2007 | December 2006 | November 2006 | October 2006 | September 2006 | August 2006 | July 2006 | June 2006 | May 2006 | April 2006 | March 2006 | February 2006 | January 2006 | December 2005 | November 2005 | October 2005 | September 2005 | August 2005 | July 2005 | June 2005 | May 2005 | April 2005 | March 2005 | February 2005 | January 2005 | December 2004 | November 2004 | October 2004 | September 2004 | August 2004 | July 2004 | June 2004 | May 2004 | April 2004 | March 2004 | February 2004 | January 2004 | December 2003 | November 2003 | October 2003 | September 2003 | August 2003 | July 2003 | June 2003 | May 2003 | April 2003 | March 2003 | February 2003 | January 2003 | December 2002 | November 2002 | October 2002 | September 2002 | August 2002 | July 2002 | June 2002 | May 2002 | April 2002 | March 2002 | February 2002 | January 2002 | December 2001 | November 2001 | October 2001 | September 2001 | August 2001 | July 2001 | June 2001 | May 2001 | April 2001 |

Recent Entries

In-Flight Wi-Fi and In-Flight Bombs
Can WPA Protect against Firesheep on Same Network?
Southwest Sets In-Flight Wi-Fi at $5
Eye-Fi Adds a View for Web Access
Firesheep Makes Sidejacking Easy
Wi-Fi Direct Certification Starts
Decaf on the Starbucks Digital Network
Google Did Snag Passwords
WiMax and LTE Not Technically 4G by ITU Standards
AT&T Wi-Fi Connections Keep High Growth with Free Service

Site Philosophy

This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator. Part of the FM Tech advertising network.


Entire site and all contents except otherwise noted © Copyright 2001-2010 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.

Powered by
Movable Type

« AirJaldi Summit in Dharamsala, India | Main | Podcast Transcripts »

August 18, 2006

Wi-Fi Exploit Continues To Crumble

Atheros hasn't seen any credible code, either: Brian Krebs of Security Fix at the Washington Posts updates the story he was the first to write about extensively with access to the researchers. The Wi-Fi exploit that they claimed allowed compromise of a computer because of drivers problems with several adapters now appears to be somewhat debunked. While the general premise is still reasonable--Intel released an unrelated Centrino update intended to prevent escalation of privileges via a Wi-Fi driver flaw--the researchers appear to have no leg to stand on at this point in terms of their demonstration and their claims. (Update: Some commentators and security experts have a different opinion: see bottom.)

Atheros's CTO, a blunt-spoken fellow, sent Krebs this statement: "Atheros has not been contacted by SecureWorks and Atheros has not received any code or other proof demonstrating a security vulnerability in our chips or wireless drivers used in any laptop computers. We believe SecureWorks' modified statement and the flaws revealed in its presentation and methodology demonstrates only a security vulnerability in the wireless USB adapter they used in the demo, not in the laptop's internal Wi-Fi card."

Apple said yesterday that the researchers had provided no information that showed an exploit was possible, and that the demonstration used a third-party Wi-Fi card and driver; the researchers updated their site to reflect this. Krebs received a clarification today from Apple that the researchers had, in fact, contacted them prior to their demonstration at Black Hat 2006--which seemed in dispute yesterday. Krebs writes, "Apple's revised statement today made it clear that the company had not received any evidence from SecureWorks to back up the claim that the Macbook drivers are indeed vulnerable."

Finally, Jim Thompson, whom one of the researchers attempted to smack down by assaulting his expertise and misreading some of his analysis, goes all out. He's obtained a high-resolution version of the video that the two researchers recorded, and uses information that he can see in that version to show what appears to be misdirection and other problems with what they stated they were doing.

The suspicion now is that the researchers hit upon a FreeBSD Wi-Fi driver flaw that has since been patched, and that Apple doesn't directly rely on, although they've built on top of it. Krebs is waiting for confirmation of this back from Apple.

What do we learn from this? Not that Mac OS X is impregnable. Not that Wi-Fi drivers are trustworthy. Not that researchers may exaggerate data for publicity. Rather that it's, in fact, all too likely that a Wi-Fi driver could allow an exploit to happen--but that under the guise of preventing exploits in the wild that it's too easy to take that general case and believe that it's applicable when we can't see and touch it.

Ultimately, the exploit the researchers allege to have found must be fixed, and at that point, their research should be made fully available for inspection. If that doesn't happen, their credibility is sunk.

The moral of the story, truly, is "Don't taunt Mac users unless you've got something real to show."

Update: Some folks like George Ou and a few through private email who don't want to be identified at the moment are stating that researchers David Maynor and Jon Ellch never said that there was an exploitable feature in the driver for Apple's own Intel-based laptop Wi-Fi adapters. Ou has video of his interview at Black Hat 2006 with the two fellows in which they state this more clearly than any other coverage I've read or, in fact, their own video.

Ou suggests there's an orchestrated attack being conducted--one assumes by Apple?--against Maynor and Ellch to discredit them. He cites hate mail and crazy phone calls as part of this, but I don't think he's implying Apple is making them. But he does think the press is ganging up against Maynor and Ellch. I'd suggest that we're seeing follow-up stories because the two researchers first said that Apple leaned on them not to show an Apple driver being hacked, then they backed off that claim (or that claim was misunderstand). They also baited Mac users and didn't deliver the goods, making the goods seem unreliable.

Ou can't get Maynor to talk about the Apple situation, so he references the live demonstration that Brian Krebs received in a hotel room at Black Hat 2006 that Krebs published the full transcript of after people on his blog complained that he was exaggerating the exploit's potential. However, Ou misses a key point when he writes, "The transcript clearly reveals that Maynor had demonstrated the same exploit on a Mac without any third party wireless hardware!"

Krebs wrote in the introduction to the interview transcript, "in the demo Maynor showed me personally, he exploited the Macbook without any third-party wireless card plugged in. As far as I'm aware, only one other person at the conference saw the demo the way I saw it (a Black Hat staff member whom I'm not at liberty to name); the discrepancy over the wireless card is probably the biggest reason why the Mac community was so confused and upset by my original post."

Now here's the crux. No one that I know of has seen the actual code or the details of exploit, or at least they are not yet able to even state that they have. Thus, what Brian Krebs saw and George Ou cites is Krebs seeing a few keystrokes on a computer and then a file appearing on a Macintosh. Krebs saw a live demonstration, but he still hasn't seen the code. Apple has apparently seen the code, but says it's not an exploit. Atheros has not seen the code.

I'd like to say I'm from Missouri here. Let's hear from an independent party that won't reveal the code but who has inspected it, and performed the exploit on unmodified equipment.

Another update: Some think that Apple has snowed me. There should be more news this week. Many security researchers and commentators know Maynor or Ellch, and believe they have seen something legitimate. If so, Apple will have a lot to answer for.


For such a serious attack, you would think the security researchers would be proactively finding other credible researchers to demo the attack and get confirmation from. They don't need to post code to bugtraq to clear their names, they just need to get the word out to other trusted names who can back them up.


The video is full of holes. Its swiss cheese. The latest flaw somoene has pointed out is that the "remote exploit" seems to have magically begun runinng in Maynor's home directory, as a user named "david".

Apple didn't snow you Glenn, Maynor and Ellch duped Krebs.

I'm not technically savvy enough to say what's really going on, but at the end of the day, I expect the SecureWorks guys are going to demonstrate their hack on an Apple laptop with the standard WiFi card and some third-party driver. In other words, a very rare situation in the Mac world.

For me, the problems with SecureWorks began with their lack of professionalism. Maynor has since apologized for offending people, but when he descibed wanting to put a cigarette out in the eye of all those smug Mac users, I was shocked. No, I didn't take it as a literal threat. But I felt it was in very poor taste. He now says that he was just talking about the Mac users (sic) in the Apple television spots.

Like many in the Mac community, I started following the story closely.

Even if Maynor and Ellch are vindicated, and demonstrate a Mac vulnerability, I personally don't see how they can emerge with their reputations intact.

Thanks for the evenhanded coverage, Glenn.