14 DAY TRIAL // Mac security is in the spotlight again as two hackers Jon "Johnny Cache" Ellch and David Maynor demonstrated a new vulnerability via a videotaped demonstration. While the demonstration was done on a Mac, due to what Maynor called the "Mac user base aura of smugness on security," this is not a specific Macintosh problem and it also targets PCs using Windows as their operating system.
The attack is done by exploiting the device driver, the software that allows the wireless component to communicate with the OS currently being used. The machines that are affected by this are vulnerable simply by being turned on, as, according to Maynor and Ellch, this attack can be carried out whether or not a vulnerable targeted machine connects with a local wireless network. As such, the wireless card simply needs to be active.
Because the software that powers the wireless device, which is where the vulnerability exists, operates at such a low level of the OS, the most common safeguards such as firewalls and antivirus applications provide no protection. The poorly designed device driver is vulnerable to compromise just by doing what it was programmed to do. As such, there is no easy fix other than disabling the wireless card, or the manufacturer of the driver updating it.
Also, while some people will be left with the impression that this is a 'Mac' vulnerability, it has little to do with the computer and the OS. The problem comes from the driver for the specific piece of hardware, in Apple's case, the developer in question is Atheros, a company that devises drivers for a number of different wireless cards, each designed with drivers specific to the operating systems on which they will be used.