Published August 04, 2006
LAS VEGAS – Some computers with wireless Internet capabilities are vulnerable to attacks that could expose passwords, bank account details and other sensitive information even if the machines aren't actually online, researchers said here Wednesday.
But the two researchers, David Maynor, 28, and Jon Ellch, a 24-year-old who prefers to go by his hacker handle Johnny Cache, said the technique will work on an array of machines, including those that run Microsoft Corp.'s (MSFT) Windows and the free Linux operating system.
"The problem itself isn't really an Apple problem," said Maynor, a researcher at SecureWorks Inc., a network-monitoring company. "This is a systemic problem across the industry."
The technique, detailed during the first day of the Black Hat conference, has broad implications for the large number of people who over the past five years have grown accustomed to connecting to the Internet wirelessly while sitting in airports, hotels and cafes.
"It's an alarming weakness," said Phil Zimmermann, a software engineer who specializes in data security. "Now I would rather connect using an Ethernet cable," he said, referring to the term for wired Internet connections.
Maynor and Cache showed a room of about 300 attendees a video in which they dropped what is known as a "root kit" into a MacBook by exploiting a weakness found in a wireless card, a component that uses radio waves to connect to the Internet.
A root kit is a virtually undetectable program that criminals can use to do things such as log passwords and gain access to sensitive files.
Maynor was able to create, read and delete files on the Apple laptop.
The MacBook, which was running a fully patched version of the latest Apple operating system, showed no indication that it had been compromised.
The MacBook used in the demonstration was not using the wireless gear that shipped with the computer. Instead, they used a third-party wireless card that they declined to name.
Apple spokeswoman Lynn Fox declined to comment.
The researchers were not identifying the makers or models of wireless devices that are vulnerable, so that manufacturers have a leg up on criminals who might use that information to exploit the vulnerabilities. But Maynor said the flaws are so common that he'd have no trouble walking into the typical Internet cafe and finding someone vulnerable.
"I have no doubt," he said in an interview following his presentation.
He said the technique could be useful in targeting specific people or specific groups of people who are in close proximity to an attacker — for instance, a cafe that is frequented by executives of a particular company.
The researchers declined to demonstrate the attack live because they said radio receivers in the room could allow people to detect their techniques and use them to commit crimes.
A computer need not be connected to the Internet to be infected. All that's required is that it have certain wireless devices installed and that those devices be turned on.
Wednesday's demonstration came four days after Intel Corp. (INTC), the world's biggest chip maker, released security fixes for wireless capabilities it includes with many of the laptop processors it sells.
One of the vulnerabilities fixed would have allowed someone to gain control over a computer using the Intel wireless gear.
Maynor said during his presentation that he and Cache did not provide technical details of the attack to Intel but couldn't rule out a connection between the findings and the Intel patch.
"It's pretty interesting, the timing of it," Maynor said. "It seemed a bit suspicious."