How To Hijack a MacBook in 60 Seconds or Less

Watch the video presentation Jon “Johnny Cache” Ellch and David Maynor at Black Hat USA 2006 conference in Las Vegas on a new method for remotely (using Wireless) circumventing the security of an Apple Macbook computer to seize total control over the machine.

The demo uses a script to exploit a vulnerability of third-party wireless device driver by Atheros for MacBook. It is enough for a vulnerable machine to have its wireless card active for such an attack to be successful.

The device driver software that powers these wireless devices operates at such a low level of the operating system that traditional system safeguards like firewalls and anti-virus software will not stop the operating system from accepting a maliciously crafted network probe from an attacker seeking to exploit device driver-specific flaws.
via Washington Post

The funny part is that Maynor & Ellch have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows operating system. And yet they decided to run the demo against a Mac due to “Mac user base aura of smugness on security”.

“We’re not picking specifically on Macs here, but if you watch those ‘Get a Mac’ commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something,” Maynor said.