The guys at Black Hat are demonstrating some interesting attacks against the device drivers for the wireless card in a MacBook Pro:

The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s wireless “device driver,” the software that allows the internal wireless card to communicate with the underlying OS X operating system.

This highlights an emerging trend of attacks against device drivers. Should attacks like this become a trend I suspect we’ll see the following:

• Wireless Cards Hit First: Many attacks focused on Wireless cards, and not just because they are remotely accessible. The fact that there’s only a couple of chipset manufacturers will make attacks easier. Especially considering this:
  

  After the demo, Ellch … will talk about a new tool he’s developing that can remotely scan and figure out the chipset and driver version of a wireless device on a target computer. So far, Ellch said the tool currently recognizes 13 different wireless device drivers, breaking them down by operating system and firmware version.

  “I’m getting this tool to the point where it can tell you not only how many people in a room are running, say, Centrino or Broadcom devices, but that ‘x’ number are running them on a Windows box with a specific version of the driver,” Ellch said. “The userful thing for that information is that if you have a device driver exploit and it’s version-specific, you could tweak [the exploit] before you launch it.”

• Homogenous Environments Hit Hardest: As demonstrated Macs will be easier targets, But think about other homogenous environments: Corporate networks whole use all the same PCs (or maybe just all the same nibs), ISPs that use all the same kind of DSL/Cable Modems, etc…
• Mitigates Slow to Come: There won’t be patches coming out of Windows Update for many of these. Expect longer windows of vulnerability and traditional mitigations like firewalls to prove ineffective.

So what do we do? Assuming the attack involves over running a buffer, some sort of kernel-level buffer overflow protection in a Host Intrusion Prevention-type product seems to be in order. The whole article is worth a read. Share your thoughts by leaving a comment below.

Hijacking a Macbook in 60 Seconds or Less [Security Fix]

If you organization is like most, there are a few Macs floating around. SANS says us that it’s one of the 20 biggest things we should be worried about. At the same time Apple has commercials touting their security over PCs. So it begs the question, “How much should you be worried about Macs?”

Let’s start with some facts:

• OS X has many great security features built in, like a Personal Firewall, Auto Updates, and File/Folder Encryption.
• OS X comes out of the box with most unnecessary services turned off and users usually don’t run as a admin level account.
• OS X is vulnerable to viruses and worms.
• People in your organization probably do store critical information on a Mac.
• Lots of vulnerabilities come out for Macs.

What should be you be doing about it? Some. Macs probably aren’t your biggest risk, but they need to be on your radar. I agree with SANS that the risk is increasing, although it’s nowhere near the top 20 things I worry about.

What should you be doing:

• Educating users that they are not immune from security issues.
• Ensuring the are configured securely with Auto Updates, Desktop FW, and Unnessary Services turned off. Just because it came out of the box this way doesn’t mean it’s still this way.

Most Mac users I know have an independent streak to them and will probably resist any “big brothering” by security group. With a little diplomacy and reasonableness you should be able to win them over.