Ok, I have read several media write-ups about the speech given by Dave Maynor and "Johnny Cache" at Blackhat / Defcon and I have to say a couple of things.
Most of these articles are focusing WAY too much on the operating system used. Yes, it was running OS X.
Big deal, get over it. Who told everyone that Apple computers are totally secure and un-hackable? It wasn't me, that is for sure.
The truth is Apple computers have been hacked, rooted and used in botnets for some time now, this is pure fact. Like all computers/operating system, Apples are open to attack given the correct conditions. Accept this statement or not, but this is the truth.
The speech is was designed to point out very serious code problems in device drivers, which can lead to the complete compromise of the operating system since drivers normally run at SYSTEM / Kernel level access.
Sure, it is flashy to use wireless device drivers to prove this point, but the real problem goes way beyond wireless. Attacking device drivers isn't a new idea in the security world, but it hasn't been taken very serious by the media or the manufacturers until now.
So lets all stop making a point about which OS does that...or it wouldn't work on this because of blah and lets all focus on the real issue.
Device drivers across all platforms have not been properly code audited and are a fresh new hacking ground.
Intel has released new wireless drivers recently, yet Apple seems to be working harder on keeping everyone quiet about the issue instead of fixing it.
Do OS X users really feel that Apple is keeping quiet to protect them? I don't see how. Apple is keeping everyone quiet to cover their bottomline...not the OS X faithful.
With all that being said, the video is quite amazing.
See the full media coverage at the SecureWorks website.
No comments:
Post a Comment