Hackers show MacBook vulnerability

Two security experts showed that flaws in device drivers could allow unauthorized access to wireless laptop computers, according to an industry expert.

Hackers Johnny Cache and David Maynor demonstrated how to gain access to an Apple Computer MacBook at the Black Hat Briefings 2006 convention in Las Vegas today.

The flaw can be exploited if the computer is broadcasting wirelessly; it does not need to be connected to a network. The pair did not publicly reveal the flaw and showed the demonstration through a recorded video, said Alan Paller, director of research at the SANS Institute. Although Cache and Maynor exposed the problem on a MacBook, they found similar flaws in laptop computers running Microsoft Windows.

Coincidentally, late Aug. 1, Intel and the SANS Institute revealed three major wireless security flaws in Intel Centrino device drivers. The most severe of the three would have allowed someone within range of a laptop computer to execute kernel-level code on the computer.

Paller said both sets of flaws are particularly dangerous because they can bypass encryption and expose sensitive data.

“In most laptop encryption schemes, the encryption key is provided upon sign on by the user,” Paller said. “If a victim is on his/her machine, and the wireless flaw is exploited, the attacker has the same right to use the data that the authorized person has -- and that means the encryption program will make all the data freely available to the attacker.”