Security researcher offers apology, plans to release attack code

By Robert Westervelt, News Editor 01 Mar 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

There are a lot of things you can blame me for. I was wrong. At the same time, I also didn't try to assassinate Apple. David Maynor, security researcher

Last year, Maynor, who was a senior researcher with Atlanta-based managed security services provider (MSSP) SecureWorks Inc., and Ellch, showed attendees a video in which Maynor used a Dell Inc. laptop to compromise a MacBook in about 60 seconds, just by targeting its wireless card and wireless device driver. The presentation caused uproar in the Mac community and Apple pressured Maynor into writing a blog entry on the SecureWorks Web site saying that the laptop did not contain any vulnerabilities.

In a presentation at the Black Hat DC Training conference on Wednesday, Maynor revealed several exchanges he had with Apple after the public demonstration, disclosing packet captures that showed he tried to give researchers there the ability to exploit the flaws. He also showed several email exchanges that he said proves that he helped Apple build a Wi-Fi auditing box after Apple researchers couldn't get the exploit to work internally. The email exchanges he provided were from his personal email account. He said he is still unable to discuss any communication he had with Apple via his SecureWorks email account.

David Maynor: Podcast: David Maynor: Researcher David Maynor talks about the threat to laptop wireless cards and the stir a demonstration caused at last year's Black Hat conference. Listen to our Newsmaker Rapid-fire Q&A segment. (Runtime: 13:43) 8/2/2006: Wireless cards make notebooks easy targets for hackers: Researchers who demonstrated how to hack a MacBook at Black Hat admit that they used a third-party device driver. But the threat to wireless devices is still serious. 9/22/2006: Apple fixes Mac Wi-Fi flaws: Attackers could exploit flaws in Apple's wireless technology to cause a denial of service or run malicious code, resulting in the full takeover of vulnerable Mac machines.

"I said over and over again on the video that although I'm exploiting a MacBook, I'm not exploiting anything native," Maynor said. "The bugs that affected the MacBook also affected every Windows machine with a Broadcom card."

Maynor, who currently serves as chief technology officer of Errata Security, also took the blame for not disclosing the vulnerabilities to Apple before the public demonstration at the Black Hat conference.

"I made mistakes, I screwed up," Maynor said. "I probably shouldn't have done that demo. I probably shouldn't have talked to a reporter about it before the information was made available. There are a lot of things you can blame me for. I was wrong. At the same time, I also didn't try to assassinate Apple."

Maynor said that although the demonstration took place on an Apple MacBook using version OS X 10.4.6, he said repeatedly on the video that the Wi-Fi flaws affected a variety of drivers and not just Apple. Apple released version 10.4.8 which patched the wireless bugs, but Maynor said neither he nor Ellch, were credited with discovering the flaws. Maynor said he plans to release the attack code for researchers on his blog.

"I believe in responsible disclosure, but disclosure should be a two way street," Maynor said, adding that he won't likely talk to Apple researchers as he conducts further research on wireless exploits.

One of the major problems with wireless drivers is that driver makers rely on chipset maker to provide a sample driver that they can adopt to their needs, Maynor said. The reference driver created from the sample is often vulnerable, he said.

Future research will cover other Wi-Fi areas, Maynor said. Wireless fuzzing will not just target the 802.11 specification. Bluetooth is susceptible as well as WiMax and infrared technology, he said.

"So far we haven't delved into the trickey parts of the protocols yet," he said. "There's a huge untapped area."

Tags: Information Security Laws, Investigations and Ethics,  Wireless Network Protocols and Standards,  Wireless LAN Design and Setup,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Wireless Network Protocols and Standards Wireless network guidelines for PCI DSS compliance Best Wireless Security Products MMS messaging spoof hack could have global ramifications PCI group releases wireless security guide 802.1X Port Access Control: Which version is best for you? Wireless Security Lunchtime Learning An introduction to wireless security Lesson 1: How to counter wireless threats and vulnerabilities Risky Business: Understanding WiFi threats Lesson 1 quiz: Risky business Wireless LAN Design and Setup Wireless network guidelines for PCI DSS compliance Best Wireless Security Products How to prevent wireless DoS attacks Lesson 4 quiz: How to use wireless IPS Wireless intrusion prevention systems: Overlay vs. embedded sensors Rogue AP containment methods How to monitor WLAN performance with WIPS The role of VPN in an enterprise wireless network Wireless AP placement basics Lesson 3 quiz: Who goes there? Wireless LAN Design and Setup Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CALEA  (SearchSecurity.com) cyberstalking  (SearchSecurity.com) FERPA  (SearchSecurity.com) HSPD-7  (SearchSecurity.com) I-SPY Act  (SearchSecurity.com) Information Awareness Office  (SearchSecurity.com) intelligence community  (SearchSecurity.com) lawful interception  (SearchSecurity.com) lifestyle polygraph  (SearchSecurity.com) vulnerability disclosure  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary