As expected, security researchers David Maynor and "Johnny Cache" demonstrated new WiFi driver flaws that enable various computer systems to be remotely compromised even if their wireless adapter is not connected to a network. The pair demonstrated the issue to an audience of about 300, using a prerecorded video showing a Darwin BSD-based Macbook being exploited and then having a rootkit remotely installed. Maynor and Cache chose to record the video instead of demonstrating the exploit live, as common wireless sniffers, stumblers and packet dump utilities (including Kismac for the Mac) would have enabled the audience to discover the exploit relatively easily. The researchers have followed responsible disclosure guidelines by notifying companies and giving them time to patch their drivers before vulnerability details and public exploits appear. Vulnerabilities of this nature that affect such a wide range of computer systems could create havoc even at popular security conferences such as Blackhat when zero-day exploits appear.
The problem is not limited to Apple computers, and appears to affect drivers written by a wide range WiFi chipset makers. The Apple Macbook is known to use an Atheros WiFi chipset, but numerous other chipsets are also affected. Windows and Linux systems are at risk as well, as the vulnerability affects device drivers that are provided by chipset manufacturers. Systems running OpenBSD are unlikely to be affected based on that open-source group's refusal to use "binary blobs" in their device drivers, and their subsequent reverse engineering of numerous WiFi chipsets to provide open-source alternatives to manufacturer's device drivers.
WiFi driver flaws of this nature should indeed be considered critical vulnerabilities, as they attack the chipset's device driver directly. All users are recommended to patch their Windows, Mac or Linux systems as soon as driver updates become available.
Blackhat USA has become a popular conference for security professionals, and now attracts thousands of visitors every year. Blackhat is followed by DEFCON 14 this year, a unique conference enjoyed by hackers from around the world.
Posted by: Kelly Martin