Announcement

Collapse
No announcement yet.

(Johnny Cache) Fun with 802.11 Device Drivers

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    (Johnny Cache) Fun with 802.11 Device Drivers

    Fun with 802.11 Device Drivers
    Johnny Cache

    Abstract:
    The 802.11 link-layer wireless protocol is widely known for its design flaws. Unauthenticated management packets, a ridiculous attempt at providing link layer confidentiality and authentication (WEP), and general vendor stupidity have all contributed to 802.11 being the most sensationalized protocol ever mentioned in the media.

    All of the above topics have been beaten to death. Instead this talk explores new advances not in design problems in 802.11, but in implementation issues. The two major advances in 802.11 security will be covered, device driver vulnerabilities and link layer fingerprinting techniques. 802.11 fingerprinting represents the first time that a link-layer protocol has been vulnerable to finger-printing attacks. These attacks can provide useful information to the attacker, allowing him to accurately target the latest weapon in any wireless hackers arsenal: 802.11 device driver exploits.

    Bio:
    Johnny Cache is responsible for many wireless hacking tools. These include jc-wepcrack (a distributed wep-cracker) jc-aircrack (a complete aircrack re-write in C++), and also helped h1kari create pico-wepcrack (a FPGA accelerated WEP brute forcer). Cache is currently pursuing his Master's degree in computer security. He is also co-author of "Hacking Exposed Wireless". His latest accomplishments can be found in Airbase, available at www.802.11mercenary.net
    Tags: None
  • #2
    Re: (Johnny Cache) Fun with 802.11 Device Drivers

    So there has been a good deal of writing about what was demonstrated at this talk. Personally, I think a lot of the discussion has been completely incorrect and demonstrates exactly what can happen when you add together people who don't fully understand what they are talking about, a dramatic security vulnerability, and an Apple computer.

    Instead of ranting about the utter stupidity of many people considering themself "bloggers" I would like to know what the perspective on this issue is from a more knowledgeable community.

    Here are a couple of these "blog" posts to get your blood boiling.

    Hijacking the 'MacBook Wi-Fi hack' in one article or less

    My personal favorite considering the facts don't match the title: SecureWorks admits to falsifying MacBook wireless hack

    And the most recent challenge: http://daringfireball.net/2006/09/open_challenge
    jur1st, esq.

    Comment

    • #3
      Re: (Johnny Cache) Fun with 802.11 Device Drivers

      Originally posted by jur1st
      So there has been a good deal of writing about what was demonstrated at this talk. Personally, I think a lot of the discussion has been completely incorrect and demonstrates exactly what can happen when you add together people who don't fully understand what they are talking about, a dramatic security vulnerability, and an Apple computer.

      Instead of ranting about the utter stupidity of many people considering themself "bloggers" I would like to know what the perspective on this issue is from a more knowledgeable community.

      Here are a couple of these "blog" posts to get your blood boiling.

      Hijacking the 'MacBook Wi-Fi hack' in one article or less

      My personal favorite considering the facts don't match the title: SecureWorks admits to falsifying MacBook wireless hack

      And the most recent challenge: http://daringfireball.net/2006/09/open_challenge
      I read all the links, also all of Brian Kreb's articles and many of the comments to his articles, and I'm still not sure what's going on. Here's my take:

      They tried to make it look like they were exploiting a Mac. Then it came out that they used a third-party wireless card so they backtracked a bit and said the exploit was not OS-dependent. But they also claimed that the Mac's native drivers could be exploited as well, yet no one has ever demonstrated that, and I doubt that the "challenge" will be met. All in all, it seems they "rigged" the exploit for more news than it was worth.

      Just my $0.02 from reading the articles and half-following the issue over the past few weeks.
      "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

      Comment

      • #4
        Re: (Johnny Cache) Fun with 802.11 Device Drivers

        Originally posted by theprez98
        They tried to make it look like they were exploiting a Mac. Then it came out that they used a third-party wireless card so they backtracked a bit and said the exploit was not OS-dependent. But they also claimed that the Mac's native drivers could be exploited as well, yet no one has ever demonstrated that, and I doubt that the "challenge" will be met. All in all, it seems they "rigged" the exploit for more news than it was worth.
        That is the case as I understand it, as well. It sounds as if they did some initial testing, found that the Apple drivers were (probably) vulnerable, but they didn't develop an exploit in time. Perhaps they adapted an existing exploit (using the third-party driver) so that they could still get the press while hoping to buy time.

        At this point ... *shrug*. It seems to me that if the Apple drivers did contain a flaw, then someone would have cracked them by this point with all the attention this issue has been getting.

        Comment

        • #5
          (Johnny Cache) Fun with 802.11 Device Drivers

          I was reading over slashdot today when I came across this story, http://it.slashdot.org/article.pl?sid=06/09/04/1534252 .

          After reading through most of the comments, I can't decide whether or not half of them even have credible arguments. Most of them are just bashing him as an attention whore. What would you have done?

          Personally I would have done the same thing he did.
          You don't "Win" Scavenger Hunt, you survive Scavenger Hunt.

          Comment

          • #6
            Re: (Johnny Cache) Fun with 802.11 Device Drivers

            Originally posted by yamamushi
            I was reading over slashdot today when I came across this story, http://it.slashdot.org/article.pl?sid=06/09/04/1534252 .
            Hmmm. /. eh?
            Ok then. Your thread merged with the thread where other people were previously discussing this, and a move/redirect has been left in Community talk for other /. people to find.

            "Hooray for the 24 hour wating period before new users can reply." :-)

            Comment

            • #7
              Re: (Johnny Cache) Fun with 802.11 Device Drivers

              Originally posted by theprez98
              I read all the links, also all of Brian Kreb's articles and many of the comments to his articles, and I'm still not sure what's going on. Here's my take:

              They tried to make it look like they were exploiting a Mac. Then it came out that they used a third-party wireless card so they backtracked a bit and said the exploit was not OS-dependent. But they also claimed that the Mac's native drivers could be exploited as well, yet no one has ever demonstrated that, and I doubt that the "challenge" will be met. All in all, it seems they "rigged" the exploit for more news than it was worth.

              Just my $0.02 from reading the articles and half-following the issue over the past few weeks.

              Hmmm...I don't know Johnny Cache personally, but I do know Dave Maynor and I would be SHOCKED if their exploit didn't work exactly as they say it does on exactly what they say it does.

              The bashing about the exploit being plug and pray are ridiculous. If you understand even remotely how wireless networks work (Prez, this is not directed at you, I know you understand) then the explanation about the exploit not always working makes perfect sense.

              I don't know if Apple silenced them or if Secureworks did, or both, but I don't find it the least bit unplausible that they have been forbidden from speaking/writing about the Apple exploit. Think about it, if you worked for a security company and disclosed an unpatched vulnerability to the general public by releasing exploit code you would be crucified...more importantly, your employer would be crucified.

              My take on this...give it time. I will buy any takers a six pack at DEF CON next year if this turns out to be a hoax.
              perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

              Comment

              • #8
                Re: (Johnny Cache) Fun with 802.11 Device Drivers

                Possible vindication:

                http://www.macworld.com/news/2006/09...less/index.php
                Never drink anything larger than your head!





                Comment

                • #9
                  Re: (Johnny Cache) Fun with 802.11 Device Drivers

                  Originally posted by renderman
                  Possible vindication:

                  http://www.macworld.com/news/2006/09...less/index.php
                  At the very least, there shouldn't be any more reason to withhold the details of their exploit. If details aren't forthcoming after this, it's going to reflect poorly on Maynor and Johnny Cache, especially after Johnny popped up on Daily Dave and the Metasploit mailing list to try to drum up support.

                  Comment

                  Previous template Next
                  Working...
                  X