Wireless Laptops Hacked at Black HatBy Deborah Gage | Posted 2006-08-03 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Researchers at the Black Hat security conference seized control of an Apple MacBook, by exploiting buggy codeand a similar problem affects laptops with Intel's wireless chips.
LAS VEGASEvery year, security researchers and hackers at the Black Hat conference in Las Vegas compete to reveal new and scary vulnerabilities. Hundreds of them, almost all men, are running around Caesar's Palace this week in black T-shirts, the traditional dress of a hackereating, drinking, partying and hacking.
The most alarming news to surface Wednesday: evidence that ordinary wireless laptops may be easily commandeered.
Check The Washington Post's security blog for a video shown Wednesday by two researchers who seized control of an Apple MacBook by exploiting buggy code in its wireless device driver. The Mac doesn't even have to be connected to the Internet for the attack to work: Its wireless card just needs to be seeking a connection. The attack also bypasses encryption, if there is any.
Separately, Intel announced Wednesday that the same thing is possible on a PC and issued patches for flaws in three of its driverstwo Windows drivers for Centrino wireless chips and one driver for the Intel ProSet management software. Apple had not issued patches at presstime.
Equally worrisome was the Black Hat session about security flaws in common enterprise management software. According to the presentersDave Goldsmith and Tom Ptacek from Matasano Security, a consulting firm in New Yorksome of the flaws go back to at least 1993.
Goldsmith and Ptacek said companies have done a decent job securing their networks from external threats, with devices like firewalls that protect the perimeter of their networks, but ignore threats on the inside. These threats originate in applications that sit behind the firewall and were never designed to be secure.
Enterprise management software works like a lot like a botnet, Ptacek said, with agents and command and control channels that "dramatically ease the burden of managing tens of thousands of machines." The software is easily exploited because it is buggy and, in some cases, poorly documented or designed, he added, but its reach could give a hacker power over an entire enterprise.
For example, by triggering a buffer overflow in either an agent or a server, an attacker could take control of the system. At a minimum, Ptacek recommends disabling these systems' Web-based management consoles, which may be vulnerable to attacks from the outside.
One reason for such a precaution is that patches from vendors for these flaws are running nine to 12 months behind, he said. Matasano has a backlog of more than 30 vulnerabilities waiting for patches from vendors.