NEWS FROM THE LAB - Thursday, August 3, 2006

Wi-Fi Hacking on Stage in Las Vegas Posted by Gergo @ 08:10 GMT

Gergo posting from Black Hat USA 2006
Wireless Drivers - Speakers: Johnny Cache & David Maynor

Slide One - Device Drivers

The talk was mostly about different protocol vulnerabilities in wireless LANs. They spent most of the time talking about different angles of why 802.11 sucks. ;)

The interesting bit was the few minutes long video at the end of the briefing. Apparently they have found a remote overflow in a certain wireless card driver. For the demo, an Intel-based Mac was used, with a third-party wireless card. It was not really clear whether the driver was included in OS X or came with the third-party network card. Nevertheless the net result is a connect-back remote shell on the Mac. Pretty impressive, and scary at the same time...

Details have not been released on the vulnerability yet; they are still working with the vendor (Apple?) on the fix. There has not been any hint on a connection between this and the Intel Centrino fix.

The long-standing suspicion has been confirmed but there is no evidence of this affecting a widespread device/driver yet. That is, until they release more information on the vulnerability itself.

The video can be found at Brian Krebs' Security Fix column.