I’ve become paranoid about security on my Mac laptop and just bumped into a story about some hackers who claim that they can break into a Mac laptop via the wifi connection. Yikes! How do I disable the hole so that no-one can use this exploit to get into my computer??
You might be a bit paranoid, you’re right. The exploit you’re talking about is probably that described in this news.com story about David Maynor and Jon Ellch at the hacker’s conference Black Hat who purported to demonstrate how to hack into a Mac laptop via the wifi connection.
There are some problems with what they demonstrated, not the least of which was that they had to insert a third-party wireless networking card into the Mac, which precious few people I know with PowerBooks or MacBooks use, but nonetheless, let’s look at how to disable that possible exploit on your Mac instead.
The key? All you need to do is teach your computer not to connect to unknown networks without you’re explicit approval.
This is done with the following steps:
First, go to Apple –> System Preferences… and select the “Network” pane. It looks like this:
Now you need to select “Airport” and click on “Configure…”. It looks like this:
You can see the problem in my own screenshot here: the default join of “Automatic”. What this means is that when a new network shows up, legit or not, it’ll automatically be joined by my Mac. Not good.
To change this you’ll need to choose “Preferred Networks” rather than “Automatic”. When you do that, a list of all the networks you’ve joined in the past appear:
To make your computer completely secure, simply delete every network here that you don’t have 100% confidence is secure. Now any time you encounter a new network it’ll pop up a message asking if you want to join it, rather than just blindly connect.
Hope that helps you feel safer!
I wanted to mention that many people are going to have “linksys” and “netgear” as the ssid of their access point. It would be a simple matter for hackers to name their hacking network one of many default ssids. For me, that means that these names fit under your “simply delete every network here that you don’t have 100% confidence is secure” category.
I think that to be truly safe, you have to remove the driver totally. Otherwise, it will probably still be receiving and partially processing WiFi frames which could subvert it before it even can decide that no WiFi networks are allowed. (Remember that these exploits are at the raw WiFi frame level, which is below the Ethernet-ish level, much less the TCP/IP level.)
And if you want to be extra safe, you might consider disconnecting the WiFi hardware within the laptop. This is possible on some Windows laptops — I almost did this on my HP, but settled for never installing the WinXP driver. (I did this out of general distrust of WiFi security, long before these low-level exploits became known.)