WiFi makes waves at Blackhat
Published: 2006-08-03
A presentation on WiFi driver flaws at Blackhat USA included a
demonstration of an Apple Macbook being remotely compromised.
As expected, security researchers David Maynor and "Johnny Cache"
demonstrated new WiFi driver flaws that enable various computer
systems to be remotely compromised even if their wireless adapter is
not connected to a network. The pair demonstrated the issue to an
audience of about 300, using a prerecorded video showing a Darwin BSD-
based Macbook being exploited and then having a rootkit remotely
installed. Maynor and Cache chose to record the video instead of
demonstrating the exploit live, as common wireless sniffers,
stumblers and packet dump utilities (including Kismac for the Mac)
would have enabled the audience to discover the exploit relatively
easily. The researchers have followed responsible disclosure
guidelines by notifying companies and giving them time to patch their
drivers before vulnerability details and public exploits appear.
Vulnerabilities of this nature that affect such a wide range of
computer systems could create havoc even at popular security
conferences such as Blackhat when zero-day exploits appear.
The problem is not limited to Apple computers, and appears to affect
drivers written by a wide range WiFi chipset makers. The Apple
Macbook is known to use an Atheros WiFi chipset, but numerous other
chipsets are also affected. Windows and Linux systems are at risk as
well, as the vulnerability affects device drivers that are provided
by chipset manufacturers. Systems running OpenBSD are unlikely to be
affected based on that open-source group's refusal to use "binary
blobs" in their device drivers, and their subsequent reverse
engineering of numerous WiFi chipsets to provide open-source
alternatives to manufacturer's device drivers.
WiFi driver flaws of this nature should indeed be considered critical
vulnerabilities, as they attack the chipset's device driver directly.
All users are recommended to patch their Windows, Mac or Linux
systems as soon as driver updates become available.
Blackhat USA has become a popular conference for security
professionals, and now attracts thousands of visitors every year.
Blackhat is followed by DEFCON 14 this year, a unique conference
enjoyed by hackers from around the world.
