Ellch Defends Macbook Wireless Vulnerability Research
SAN DIEGO -- I reported yesterday that one of the most anticipated talks to be presented here at the Toorcon hacker conference -- a public demo of an attack used to compromise a Macbook remotely over a wireless connection -- was canceled for unexplained reasons. The key presenter in that talk, SecureWorks researcher David Maynor, also failed to make an appearance here.
But Maynor's co-presenter -- Johnny "Cache" Ellch -- showed up and gave a five-minute speech, the text of which follows below.
"So, most of you know that we were supposed to be talking about exactly what happened with us regarding Apple and the [Black Hat] talk we gave. Most of you probably also saw that SecureWorks told a few reporters that they were not letting Dave give this talk.
"I cannot give this talk without Dave. A lot of people think that Dave just flaked out and missed his flight or something. That is not the case. Dave very much wanted to be here. The fact that SecureWorks/Apple managed to compel him not to means that they must have had something very compelling to stop him. I'm not supposed to talk about what that is.
"Mac bloggers everywhere will view this as some sort of victory. There are already people writing that the SecureWorks stopped Dave because we were going to get up here and say that it was all fake.
"Right. We reserved an entire speaking slot just to tell people we pulled a fast one.
"Let's recap this thing.
"We give a talk saying that device drivers have lots of bugs. We demo one bug in Apple. A few days later, when Apple starts flaking on a patch, we tell them we are going to do a live demo of it at Toorcon, so it would be a good idea to get it patched before that.
"Apple says that it doesn't exist, and [that] we didn't talk to them about it. A few weeks later (1 week before ToorCon) they patch it, and say we had nothing to do with it. One day before the talk, SecureWorks and Apple get together and manage to stop Dave from coming. They also issue a cutesy press release:
'SecureWorks and Apple are working together in conjunction with the CERT Coordination Center on any reported security issues. We will not make any additional public statements regarding work underway until both companies agree, along with CERT/CC, that it is appropriate.'
"That's funny, I thought there was no bug. And I thought SecureWorks provided no useful information to Apple. Here's Lynn Fox on record with George Ou:
"'Did SecureWorks ever disclose the packet captures of the malicious payload used to trigger said vulnerabilities?
"'No. Packet captures were promised repeatedly but never delivered.
"'Did SecureWorks ever provide driver dis-assemblies pertaining to said Wi-Fi vulnerabilities?
"'No. While SecureWorks did provide a driver disassembly, it did not indicate a Wi-Fi vulnerability in any Apple product.
"'Did SecureWorks ever provide crash dumps pertaining to said Wi-Fi vulnerabilities?
"'No. While we received crash dumps from SecureWorks, they didn't have anything to do with Mac OS X or any other Apple product.
"'Did SecureWorks ever point to the location of the vulnerable code of said Wi-Fi vulnerabilities?
"'Do any of the current patches released by Apple match any of the characteristics of the information provided by SecureWorks?
"So, if SecureWorks provided them with virtually nothing useful, then what the hell could they have to coordinate with CERT. And why did they wait till 1 day before Toorcon to decide this.
"People have called me and Dave a lot of things. First, we were total frauds that faked everything. After a patch was out, we were mostly upgraded from frauds to unprofessional. Lets talk about unprofessional.
"Apple and SecureWorks had two months to stop Dave and I from giving this talk. Why wait till the day before? Neither Dave or I found out about this till yesterday morning. How is that professional?"
No response from SecureWorks or Apple to Ellch's remarks, so far.
Security Fix would still like to hear from Maynor, and I'll update the blog if the companies say anything additional.
The comments to this entry are closed.