David Maynor finally backs up his ‘Apple Wireless Hack’

Almost a year ago, I wrote a post talking about these guys that ‘found a hack that compromises any Mac using a wireless connection’. Of course this was with a lot of skepticism, since they had no way to actually prove it, except for a video of them using a MacBook and some 3rd party wireless card. He touted that he was able to get ‘kernel access’ with this hack, and exploit any Mac around.

Well, after being under an NDA for a year (which, of course, we dont know who with), he has published a paper on how he did this hack. It actually goes into a bit of detail, so I have not really read all that deep into it yet. Basically what they did is send the wireless card randomly generated metadata. If that metadata was to large, the Mac would Kernel panic (makes total sense). What they found out though, is that if they sent the right packet to the wireless card, the machine would not crash right away. It looks that then after debuging how and what packets were sent, one of these could be overflowed, and the remaining other packets could contain code. This could could even contain binary data to create a new root account, etc.

This is a really in depth and technical read, but some people may really like it. Supposedly this bug was fixed in 10.4.7, since it was found by Apple Engineers as well. Hopefully someone finds it useful!

Listening To: ‘Girls’ by The Beastie Boys


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s