Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > RF/Microwave

Apple, PC notebooks might be vulnerable to wireless attack

Posted: 04 Aug 2006 ?? ?Print Version ?Bookmark and Share

Keywords:device driver? Apple Computer? Microsoft? operating system? wireless card?

Wireless device drivers for computers running both Apple Computer and Microsoft operating systems appear to be full of holes, and a prominent security researcher recommends turning off wireless cards until the holes can be fixed.

Intel and the SANS Internet Storm Center recently announced three Centrino vulnerabilities that can also be used to take over computers using Centrino-based wireless cards.

Introduced in 2003 by Intel, the Centrino package comprises the CPU chip, chipset and wireless network module.

During this week's Black Hat computer security conference in Las Vegas, hackers Jon "Johnny Cache" Ellch and Dave Maynor plan to demonstrate how to take over any Apple MacBook if its wireless card is turned on, even if the owner is not connected to a wireless network.

In an e-mail to the SANS mailing list and government security researchers, SANS Institute director Alan Paller warns, "This is a big story for several reasons. First it shoots a pretty big hole in the 'bulletproof' image Apple is trying to project. Second, it isn't just about Macs. The vulnerabilities apparently can also be found in Centrino-based laptops as well. Third, by nature, attackers (a.k.a. security researchers) are swarm organisms. That means they will see Maynor's work as a beacon to follow toward a new cache of useful vulnerabilities. And finally, the really bad guys are already using these flaws (and are frustrated that Maynor is making them public)."

Apple on Tuesday released a Security Update (Security Update 2006-004) to fix 26 Mac security flaws. But this security update doesn't address the wireless chip driver flaws that Ellch and Maynor plan to demonstrate.

An Apple spokesperson says the company is looking into the issue.

Intel has released driver security updates for Centrino device drivers for Windows and for the Intel PROSet management software.

Until a patch has been applied, consider unwiring your wireless. "[P]atching the Centrino flaws and turning off wireless cards is indicated as an immediate response," Paller recommends. Firewalls are unlikely to help because they're not designed to filter low-level wireless device communication.

It's not immediately clear how easy it will be to get these fixes into the hands of notebook computer users.

- Thomas Claburn

Article Comments - Apple, PC notebooks might be vulnera...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top