Interesting article, and I would love to see this presentation at the BlackHat conference. Jon Ellch and David Myanor will be showing off how they can hijack a MacBook laptop in about 60 seconds using vulnerabilities in the wireless card driver. There are a couple of things that make this interesting:
1. All that has to happen is that your wireless card be turned on. You don’t have to be connected to a network. If you wireless card is on, you are a target, period.
2. In theory, there is nothing to say that BlueTooth is safe from this either. I would imagine that similer vulnerabilities could be found in Bluetooth drivers as well.
3. This is not Mac OS specific! Though they used a Mac for the demo, they have also discovered vulnerabilities in Windows. And I see no reason that it couldn’t affect Linux/*BSD as well.
4. Firewalls and anti-virus programs won’t and can’t protect you from this. This is a much lower level attack and will always bypass this. The only way to protect against it is either through better device driver security or not using wireless. SELinux/SEBSD/SEDarwin may help this somewhat, but again drivers are usually in the OS kernel and once you’re in the kernel it’s hard to stop attacks. I’ll have to look into the SE* solutions and see if they might be used to help mitigate this attack (though I’m doubtful).
Currently, there isn’t much you can do to protect yourself. Just turn off wireless when you don’t need it. Apple’s patches just came out, but there was no mention of a fix for this. The researchers are talking to Apple, Microsoft, and others to get this fixed. Also, they are not showing how they did it, just that they did it, so no current “in the wild” exploits are known of at this point.