Contributed by mbalmer on from the stop-whining-you-ve-been-warned dept.
Security researchers hacked a binary only Wi-Fi driver (we call it blob) to breach a laptop.
One of many flaws found [in a binary only driver] allowed them to take over a laptop by exploiting a bug in an 802.11 wireless driver [blob].
Security researchers have found a way to seize control of a laptop computer by manipulating buggy code in the system's wireless device driver."
Well, ... this time it was the researchers, ... next time it's going to be the script kiddies.
Read the full article at http://www.infoworld.com/article/06/06/21/79536_HNwifibreach_1.html
(Comments are closed)
By Anonymous Coward (84.188.230.151) on
http://www.802.11mercenary.net/lorcon/
;-))
By Anonymous Coward (65.95.243.231) on
Comments
By Anonymous Coward (84.188.230.151) on
By Anonymous Coward (70.109.50.2) on
Now there's a worked example of an exploit. It's now practice.
Having this around will help add real-world weight to arguments against blobs.
Comments
By Anonymous Coward (203.113.233.137) on
>
> Now there's a worked example of an exploit. It's now practice.
>
> Having this around will help add real-world weight to arguments against blobs.
like i said before
"asif put some blob from some vendor into the obsd kernel"
By Anonymous Coward (202.6.138.34) on
many examples of wireless device driver flaws
This could mean blobby and/or non-blobby drivers. Anyone actually know which drivers on which systems are affected?
Comments
By Anonymous Coward (84.188.230.151) on
>
> many examples of wireless device driver flaws
>
> This could mean blobby and/or non-blobby drivers. Anyone actually know which drivers on which systems are affected?
They wnana relase it at the BLackHat-Conference...
Comments
By Anonymous Coward (202.6.138.34) on
So the article submitter has some insider knowledge?
Comments
By Anonymous Coward (84.188.230.151) on
>
> So the article submitter has some insider knowledge?
Donīt we all know some birds wich talk to us? ;) ;)
In other words: Yes seams like this... :)
Comments
By Anonymous Coward (84.188.230.151) on
> >
> > So the article submitter has some insider knowledge?
>
> Donīt we all know some birds wich talk to us? ;) ;)
>
> In other words: Yes seams like this... :)
Damn i forgot something:
They made mostly all test with the tool Iīve mentioned in the first answer to this Thread.
By Joachim Schipper (82.157.194.81) on
>
> So the article submitter has some insider knowledge?
No, this was announced on the security list Full-Disclosure; and, at least, also in the linked article on InfoWorld. It's pretty much a complete copy, with 'see? Blobs are evil' attached.
Not that there's anything wrong with that - after all, this bears repeating - but one does not need insider knowledge to do so.
Joachim
Comments
By Anonymous Coward (202.6.138.34) on
> >
> > So the article submitter has some insider knowledge?
>
> No, this was announced on the security list Full-Disclosure; and, at
>least, also in the linked article on InfoWorld. It's pretty much a
>complete copy, with 'see? Blobs are evil' attached.
I was referring to whether the submitter knew that the drivers in question were binary only, not about this being announced at the BlackHat conference.
The BlackHat agenda doesn't say they're blobs either.
http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Ellch
By Anonymous Coward (217.12.147.5) on
> >
> > So the article submitter has some insider knowledge?
>
> No, this was announced on the security list Full-Disclosure; and, at least, also in the linked article on InfoWorld. It's pretty much a complete copy, with 'see? Blobs are evil' attached.
Could you please provide some links? 'cause I can't find anything...
Comments
By Anonymous Coward (64.231.233.53) on
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047298.html
At this point it looks like there's no published proof that the affected drivers were blobs, but how many brain cells does one need to rub together to figure out that they were?
We'll see, I guess.
Comments
By SH (82.182.103.172) on
>
> http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047298.html
That post is just a rehash+copy of the Infoworld article. Like the grand parent poster, I looked for a post made by the researcher themselves at full-disclosure, but came up empty handed ;-)
> At this point it looks like there's no published proof that the affected drivers were blobs, but how many brain cells does one need to rub together to figure out that they were?
From the article it appears that at least one Windows driver have exploitable bugs, but one cannot draw the conclusion that the researchers only found exploitable bugs in blobs.
By Nick Holland (68.43.117.34) nick@holland-consulting.net on
2) (much more relevant): the point isn't that binary blobs are "automatically insecure", but that they can not be supported, fixed, improved, or audited by developers or others (yes, 3.9 CD case was handy..and I'm only covering the directly security-related issues). You got a bug in your blob? Hope someone else cares, because you and the OS developers can't do a thing about it.
Comments
By Anonymous Coward (84.188.237.47) on
>
> 2) (much more relevant): the point isn't that binary blobs are "automatically insecure", but that they can not be supported, fixed, improved, or audited by developers or others (yes, 3.9 CD case was handy..and I'm only covering the directly security-related issues). You got a bug in your blob? Hope someone else cares, because you and the OS developers can't do a thing about it.
PLUS: Most customers are NOT aware of that.
If I set up an OpenBSD for my aunt to have a Internet-PC (Browsing, Printing, Writing..foo (as example)) I hope that OpenBSD-Developers do a good job and if they find a misstake they`ll correct it.
If I set up a Windows XP with a binary-driver I donīt exspect that she`ll look every week for a new driver or cares about "holes" she simply does not understand.
On an OpenBSD updating is easy... cvs and can get automated *f.e. every 2 weeks in background*. :)
On Windows.. well.. pls don`t exspect that I would like to watch the driver-version soo much and if it bumps I wont jump high to the sky and cry "god damn UPDATE UPDATE UPDATE"...
Another disadvantage is that most binary drivers DON`T tell you in the changelog that they fixed some holes... *my experience*
So I suspect Holes in Windows, Linux, SOlaris maybe and FreeBSD.. or in general: All OSs wich may use binary only-drivers.
Comments
By Anonymous Coward (203.113.233.137) on
> >
> > 2) (much more relevant): the point isn't that binary blobs are "automatically insecure", but that they can not be supported, fixed, improved, or audited by developers or others (yes, 3.9 CD case was handy..and I'm only covering the directly security-related issues). You got a bug in your blob? Hope someone else cares, because you and the OS developers can't do a thing about it.
>
> PLUS: Most customers are NOT aware of that.
> If I set up an OpenBSD for my aunt to have a Internet-PC (Browsing, Printing, Writing..foo (as example)) I hope that OpenBSD-Developers do a good job and if they find a misstake they`ll correct it.
>
> If I set up a Windows XP with a binary-driver I donīt exspect that she`ll look every week for a new driver or cares about "holes" she simply does not understand.
>
> On an OpenBSD updating is easy... cvs and can get automated *f.e. every 2 weeks in background*. :)
>
> On Windows.. well.. pls don`t exspect that I would like to watch the driver-version soo much and if it bumps I wont jump high to the sky and cry "god damn UPDATE UPDATE UPDATE"...
>
> Another disadvantage is that most binary drivers DON`T tell you in the changelog that they fixed some holes... *my experience*
>
>
> So I suspect Holes in Windows, Linux, SOlaris maybe and FreeBSD.. or in general: All OSs wich may use binary only-drivers.
You can use automatic updates in windows and use hardware that has its drivers published there
Comments
By tedu (69.12.168.114) on
> You can use automatic updates in windows and use hardware that has its drivers published there
where is the list of drivers updated by windows update?
By EN (83.248.138.152) en@openbsd.nu on http://www.openbsd.nu
Switching from Linux to OpenBSD was right move after all.
Comments
By Anonymous Coward (85.112.75.252) on
By Anonymous Coward (151.188.0.249) on
> Switching from Linux to OpenBSD was right move after all.
Actually, GNU/Linux really isn't a bad system to use, and it beats the hell out of what I used to use (MS Windows). I've been using it for years on laptops (usually Slackware, which uses an unpatched www.kernel.org kernel), and I do not allow any blobs or other non-Free software on my systems. This is, to be sure, thanks to the OpenBSD project who has found out which wireless chipsets have publicly-released programming specs, and for which I have been able to determine the drivers do not use blobs. Yes, I'm still on 802.11b, but it does the job very nicely for me, so I personally don't need to upgrade to 802.11g at this time.
Thus, GNU/Linux is actually being helped significantly by the OpenBSD project's vigilance. Thank you, Theo and crew.
A co-worker used to run OpenBSD on his personal laptop until very recently. The problem was that the PCMCIA slots finally went bad, and there is no integrated NIC of any sort (it's an older box). I was inspired enough by his example that I will investigate this myself, provided that OpenOffice.org and Ximian/Novell Evolution--both of which I absolutely need for work--are available for OpenBSD. If they are, then I'm all over it.
Comments
By Anonymous Coward (199.18.139.126) on
No and yes. KOffice is available, as well as xlhtml, which converts Excel documents to html tables.
By Anonymous Coward (84.188.237.47) on
VIA and others offen release new Chipset-Drivers... wich ma yspeed up some stuff and co.
Do the OpenBSD-Developers improve such Drivers too?!
And some very oftopic: VIA enables HOT-Plug SATA for even older Chipsets. Why dosn`t OpenBSD provide at least Hotplug SATA if it`s NOT the root-Disk?!
Comments
By tedu (71.139.166.59) on
> Do the OpenBSD-Developers improve such Drivers too?!
of course.
> And some very oftopic: VIA enables HOT-Plug SATA for even older Chipsets. Why dosn`t OpenBSD provide at least Hotplug SATA if it`s NOT the root-Disk?!
because nobody has written the code.
Comments
By Anonymous Coward (24.117.246.131) on
> > Do the OpenBSD-Developers improve such Drivers too?!
>
> of course.
>
> > And some very oftopic: VIA enables HOT-Plug SATA for even older Chipsets. Why dosn`t OpenBSD provide at least Hotplug SATA if it`s NOT the root-Disk?!
>
> because nobody has written the code.
>
And beacause hot-plug sata is a dumb dumb dumb idea.
Comments
By Anonymous Coward (70.27.15.123) on
Stop repeating this bullshit. There is nothing wrong with hot swap SATA, or SCSI, or PCI. Just because openbsd doesn't support it, doesn't mean its bad.
Comments
By Anonymous Coward (24.117.246.131) on
>
> Stop repeating this bullshit. There is nothing wrong with hot swap SATA, or SCSI, or PCI. Just because openbsd doesn't support it, doesn't mean its bad.
SATA hot plug is bad standard; if it can even be called that. SCSI is ugly but works when used right. Stop repeating this bullshit that SATA is a good idea for anything but a workstation without a real io load. You get what you pay for.
Comments
By Anonymous Coward (66.11.66.41) on
Hot plug SATA is not a bad standard at all, go read it. Neither is the SCSI spec "ugly". And I never said SATA was a good idea for anything but a workstation. Although now that you mention it, its good for basically everything where you don't need the performance of SCSI. Including many kinds of servers.
Comments
By Anonymous Coward (67.64.89.177) on
You also think that the signal drivers that are unreliable over 30cm is a good idea?
You also think that having 1 pending io is a good idea?
Oh, NCQ, yeah i have seen the test results on that, less than a few % of improvement.
Commands missing in the 1.0 and 1.5 SATA spec because "it had to ship to recoup some of the investment" is a good idea too.
Inherent to being cheaper the disks are made out of cheaper material, hope you can follow that argument. You get what you pay for.
SCSI hotplug is a very very marginal spec with inherent issues. "It works" due to the of endless retries in the layers above the physical one. It's saving grace is the SCA connector with other mechanical aids.
SATA is slightly better of because it has a phy which helps dramatically; since it also has less signals it is easier to get right however, there is no standard for backplanes and inherent to that you'll end up with either a cable hotplug scenario which is bad (no you can not insert those cables perpendicular by sight) or a propriatary interposer to strengthen/enhance the signal (not enough driver strength to run it through an enclosure).
Read the spec, build a product and then come back with an informed opinion.
Comments
By Anonymous Coward (66.11.66.41) on
Yes. What is wrong with a maximum 1 minute delay before its online?
> You also think that the signal drivers that are unreliable over 30cm is a good idea?
I can't find the part of the spec that defines when anything should be unreliable. Oh right, this has nothing to do with the spec, its just you pointing to worst case shitty hardware as an example of why the spec is bad. Nice try.
> You also think that having 1 pending io is a good idea?
I think it has nothing to do with hot plugging.
> Oh, NCQ, yeah i have seen the test results on that, less than a few % of improvement.
Which also has nothing to do with hotplugging.
> Commands missing in the 1.0 and 1.5 SATA spec because "it had to ship to recoup some of the investment" is a good idea too.
Still more irrelivance. You are pretty shitty at making an argument.
> Inherent to being cheaper the disks are made out of cheaper material, hope you can follow that argument. You get what you pay for.
And that makes hot plug bad how? No shit SATA drivers are lower quality than SCSI drives. Nobody said otherwise.
> SCSI hotplug is a very very marginal spec with inherent issues. "It works" due to the of endless retries in the layers above the physical one. It's saving grace is the SCA connector with other mechanical aids.
Does marginal mean "I just like bitching for no reason" by any chance? What exactly do you think is missing from it?
> SATA is slightly better of because it has a phy which helps dramatically; since it also has less signals it is easier to get right however, there is no standard for backplanes and inherent to that you'll end up with either a cable hotplug scenario which is bad (no you can not insert those cables perpendicular by sight) or a propriatary interposer to strengthen/enhance the signal (not enough driver strength to run it through an enclosure).
So, the spec is complete, and products following it work great. But because you can find shitty gear that doesn't, that means the whole concept is worthless? Nice logic.
Comments
By Anonymous Coward (143.166.226.19) on
By Anonymous Coward (203.113.233.137) on
> > > Do the OpenBSD-Developers improve such Drivers too?!
> >
> > of course.
> >
> > > And some very oftopic: VIA enables HOT-Plug SATA for even older Chipsets. Why dosn`t OpenBSD provide at least Hotplug SATA if it`s NOT the root-Disk?!
> >
> > because nobody has written the code.
> >
>
> And beacause hot-plug sata is a dumb dumb dumb idea.
"And beacause hot-plug sata is a dumb dumb dumb idea."
NER WRONG ANSWER!
Comments
By djm@ (203.217.30.86) on
i think you got lost on your way to kindergarten
By Stephan A. Rickauer (130.60.5.218) on
Comments
By jb (69.239.198.33) on
> what I needed to finally move my notebook to OpenBSD, too.
I've been running OpenBSD on various notebooks for a while. The problems I've encountered range from funkiness with firmware for the audio ("clcs") to the occasional short "freeze" when the system is running a bunch of network traffic through the aironet card.
Outside of that, 3.9 has been outstanding.
By Anonymous Coward (203.113.233.137) on
Comments
By Anonymous Coward (203.113.233.137) on
Does anybody know any good PCMCIA 802.11b and g WiFi cards for a laptop? (That are well supported under OpenBSD)
Comments
By sthen (81.168.66.243) on
Comments
By Anonymous Coward (203.113.233.137) on
> since the DMESG does not seem to list any wireless devices but it does
> say there is a Broadcome unknown product of class network not configured
>
> You can try looking up the PCI ID here.
> Though there are plenty of good laptops with supported wireless...
>
> Alternatively the radio+MAC are often just MiniPCI modules that can
> be swapped out (very easily in some cases, but sometimes you need
> to alter cmos or maybe hack the bios as some have an 'approved card'
> list).
>
> You're likely to get a much better signal from the antenna built-in
> to a laptop than the one in a PC-Card.
>
> Does anybody know any good PCMCIA 802.11b and g WiFi cards for a
> laptop? (That are well supported under OpenBSD)
>
> PCMCIA: wi(4) - Prism 2+, Wavelan etc.
> CardBus: ral(4) generally works well, cheap and usually easy to find.
>
> Take a laptop to a shop and try them there if you can and care...
>
> Chipset ID'ing: If it says "125Mb/s" or "11G+" it's probably TI
> (unsupported). If it says "XR" it's probably a newer Atheros that's
> unlikely to work yet. Marvell is another that won't work but slightly
> harder to identify if it doesn't actually tell you on the packaging.
> And broadcom (though they seem more likely to be built-in than add-on).
> I think that covers the chipsets you're most likely to find that
> /don't/ work; google around for clues if you have a particular card
> in mind that you can't positively ID (watch out as many manufacturers
> change chipsets too often to keep track of; fortunately they're
> pretty cheap).
ahh ok so it looks like the ral is the one to get... unfortunately the laptop was a cheapie second hand one so I couldn't just choose one which had supported wireless built-in.
By Choochus (12.107.224.66) on
Just because a white hat published, doesn't mean that some bad guys (or governments) haven't been taking advantage of this until now...
Comments
By Anonymous Coward (203.113.233.137) on
>
> Just because a white hat published, doesn't mean that some bad guys (or governments) haven't been taking advantage of this until now...
Of course
...