Welcome | Sign In
ECommerceTimes.com
News

MacBook Security Gone in 60 Seconds

Print Version
E-Mail Article
Reprints
MacBook Security Gone in 60 Seconds

By Erika Morphy
MacNewsWorld
Part of the ECT News Network
08/03/06 2:39 PM PT

Two security specialists have demonstrated how they could exploit a vulnerability in the code of a MacBook wireless device driver to gain control of the computer, causing a small uproar at the Black Hat security conference in Las Vegas.


Listen to Your Customers, Grow Your Bottom Line.
Learn how loyal customers can be your best advocates for evangelizing your products and brand, while helping you to dramatically gain new business. Download "Customer Experience Management: Engaging Loyal Customers to Evangelize Your Brand."

At the Black Hat USA conference, two security researchers demonstrated how easily they could hack into a Mac computer -- in this case Apple's (Nasdaq: AAPL) MacBook -- over a wireless network.

Operating from a nearby laptop, David Maynor, a senior researcher with SecureWorks, and graduate student Jon Ellch took aim at the MacBook's wireless card and wireless device, compromising the computer in about 60 seconds.

The object lessons from this demonstration are manifold, starting with the simple fact that computer security must go beyond installing software to shield the operating system to include protection for wireless devices and cards. There is also this hard truth: It is becoming increasingly clear that Apple computers are not as safe as they were once perceived to be.

Targeting Mac

However, a caveat is necessary: Using a Mac is still far safer than using a Windows system.

"Out of the box, a Mac is more secure than Windows," Scott Carpenter, director of security labs at Secure Elements, told MacNewsWorld.

"The problem is, Apple has been fostering a campaign telling consumers they don't have to worry about security if they use a Mac. They are not any more or less secure about vulnerabilities in their code than Windows, but they like to pretend that they are," he observed.

Noting that Apple has some smart security people on its staff, Carpenter suggested there might be "a behind-the-scenes war between them and marketing Learn how SugarCRM will improve your business. Free Trial. Click here. about the image a Mac should project."

He voiced another big gripe about Apple's approach to security: "Microsoft will tell you the criticality of a certain patch. Apple refuses to tell you if a patch is critical or not. It won't even tell you if it is a fix to a vulnerability or whether it is just a problem in the code. Their attitude is, 'Just trust us.'"

Wireless Security

That said, the hack attack into the MacBook would have worked on any laptop that didn't have the highest wireless encryption available installed.

Even with such encryption, Carpenter said, no system is 100 percent fail-safe. "Wireless in particular is inherently insecure, because people tend to use the lowest level of security that there is."

However, Mac's wireless device uses an old version of encryption -- WEP, or Wired Equivalent Privacy -- which is very easy to hack, he pointed out.

"It is very easy to break that protocol," Carpenter said. "I've done it for a major metropolitan government. I sat outside their office on my Harley and sniffed and sniffed and sniffed until I broke into their network."

Print Version E-Mail Article Reprints More by Erika Morphy

Talkback: Be the first to comment on this story.

Related News Alerts

Apple Activate Alert | Search Archives

More by Erika Morphy

Palm Beats Itself to a Pulp
March 19, 2010
Palm's inability to excite consumers over the Pre is a colossal marketing failure, suggested Patrick Gilbert, CEO of 4Smartphone. "This is not a tech or design issue -- the problem is they haven't been able to reach out to users or the developer community," he said. 		Survey Totes Up Value of Excellent Online Customer Service
March 19, 2010
There's gold in the e-commerce hills for companies willing to take their customer service to a higher level. Consumers are willing to pay almost 11 percent more to get excellent customer service along with their purchases, according to an Ovum survey, yet few e-tailers meet that standard. Heading a list put together by StellaService, which commissioned the study, are Zappos.com, Diapers.com and BlueNile.com. 		Twitter Flies the Coop
March 16, 2010
Twitter has found a way to flit around to other Web locales through a feature called "@anywhere." Amazon, eBay, The Huffington Post, YouTube and others will be able to open a Twitter window to users, allowing them to send and receive messages without leaving the site. Social media marketers are salivating at the possibilities.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Free eBook: Secure Your Datacenter
Click here to download today.
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> Online Retail Transaction Performance Indices
> Inside E-Commerce Times
E-Commerce Times
TechNewsWorld
CRM Buyer
LinuxInsider
MacNewsWorld
Today's E-Commerce Times Sponsors
Secure Your Datacenter
Mitigate risk and maximize the benefits of virtualization. Get the free eBook today.
How will the Avaya Roadmap affect you?
Webinar: Ovum’s Ian Jacobs and Aspect CTO Gary Barnett on implications for the contact center.
White Paper
Learn How to Drive Revenue and Maximize ROI Communicating Your Message at the Cinema.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2010 ECT News Network, Inc. All Rights Reserved.