Podcast Transcript: Wi-Fi security

This a complete transcript of Macworld Podcast 55: Wi-Fi security and iTV.

Jason Snell: Macworld Podcast #55, October 4, 2006. Sponsored by MYOB Small Business Management Software. MYOB helps you to mind your own business. Smarter.

Welcome back to the Macworld Podcast, this is Macworld Editorial Director, Jason Snell filling in for another few weeks for Macworld Podcast host Christopher Breen.

The topic of this podcast is Wi-Fi and my guest is Glenn Fleishman, a Wi-Fi expert and freelance writer who writes for numerous publications including Macworld, TidBITS, and the Seattle Times. And we are going to talk about Mac Wi-Fi security issues as well as the future of Wi-Fi, faster versions of Wi-Fi and how Wi-Fi and Apple’s forthcoming iTV product might interact. Hi Glenn.

Glenn Fleishman: Hi Jason.

Jason: So, you were one of our first, if not our first, Macworld Podcast guest, so it is great to have you back.

Glenn: Thank you. The first podcast was about Bluetooth 2.0 plus EDR because that was very exciting at the time.

Jason: Hot, hot, hot. Well, I’m calling you now and talking to you in your role as expert about all things Wi-Fi. If you would like to give a plug, you have an excellent web site, in which you give Wi-Fi networking news.

Glenn: And it’s strangely called Wi-Fi Networking News because I like to be obvious.

Jason: Isn’t that interesting.

Glenn: It’s a daily news reporting site. It has been great because when I started it about five years ago, I had no idea there would actually be enough news to report on daily. There’s so many different areas, I know we are going to talk about Mac-specific ones. There are so many different areas in which Wi-Fi and broader issues of wireless data. Every newspaper in the country has an article about some kind of wireless data every day now, it seems.

Jason: It amazing how far we’ve come since Apple employees were walking through the aisles at Macworld Expo with those first iBooks, which was the first I’d ever heard of Wi-Fi.

Glenn: Yes, when it was exciting to walk around with a laptop and you’re holding an iSight camera in one hand and doing wireless iChat. But now, it’s integrated and much simpler.

Jason: Yes, absolutely. So, the two topics that I want to bring up with you, one, which we’ll get to in a little bit, is the future of high speed Wi-Fi and how Apple’s iTV may or may not be a part of that. But I wanted to start out with a topic that is fraught with complication and there’s been a big soap opera about it. I want to make sure that we don’t descend too far down into the soap opera, but basically there are these two guys, Maynor and Elich, is that right?

Glenn: Yes, David Maynor and Johnny Ellch.

Jason: Yes, Maynor and Ellch. “Johnny Cache” I guess he calls himself. They were at a security conference and didn’t publicly demonstrate, but played back a videotape of them basically hacking into a MacBook via a Wi-Fi connection. Is that a sort of simplistic description of that?

Glenn: Yes, and what’s been confusing about the whole issue is that even that basic description is like “How many provisos do we have about it?” I want to back up one second; what is the responsible way to report security flaws these days, in an operating system or software? I think that’s one of the fundamental questions that’s been shunted to the side and may be part of the issue.

These guys are security researchers, Maynor works for a firm called SecureWorks that’s in the middle of going through a big merger and they do security reporting work with corporations and produce reports and such. Jon Ellch just got out of graduate school and he just got a job, but I don’t know with whom. But these guys are serious security researchers and they found a bunch of flaws in the past.

Typically, when you find a flaw, you report it to the company through some means they’ve made available to you and there’s a process. Now, I don’t think there’s as established a process unless you go through CERT, the Computer Emergency Response Team, that does a lot of coordination in the U.S. and worldwide on security flaws as they come out to prevent the information from coming out so that someone could exploit it before it’s patched.

So, that’s the backup. If you’re a responsible security researcher, typically you contact the company first, give them whatever details you think are appropriate, and that can vary a lot from an entirely fully written program that would fully exploit some problem to like, “Hey, you got a problem in this part of the code and I’m not going to provide you information, but it’s there and you guys figure it out because you’re smart.” And that range is actually considered acceptable, too.

So at the Black Hat Conference, where all these security presentations are made—the title is a little tongue-in-cheek of course—these are being made in the open at this conference and sometimes there are “zero-day exploits” shown, which means it can exploited the instant they are shown. They are unpatched, easy to exploit things. These two researchers presented what seemed to be an ambush on Apple, and I think that’s been part of the controversy. The night before, they had stated that they had a generic exploit against Macs; it wasn’t clear if it was Intel-based or PowerPC-based or both. They later amended that statement and sort of said they never said it, even though it was on the record and recorded. At the actual conference, they showed a Mac with a third-party adapter being attacked in a very specific way, and they showed it on videotape. So, that’s kind of the confusing lay of the land. What they really showed, they got up and showed a videotape of a demo of a third-party adapter using a third-party driver on a MacBook being hacked from a Dell computer.

Jason: And you could basically take it over via Wi-Fi not connected to a network and magically bad things happened. They were able to control the MacBook.

Glenn: Well, of course, this is where it gets funny. That’s what they were originally claiming. The demo showed a MacBook connected to a Wi-Fi network that was run by the Dell, so it could have been a malicious network to begin with. It didn’t show them taking over the machine, it showed them running a few commands and making a file appear and disappear on the desktop of the MacBook. There’s been some incredible JFK shooter analysis of that videotape by a number of people on the Internet who say there’s a lot of suspicious things, including the MAC (Media Access Control) address, which is the unique adapter address for any ethernet or Wi-Fi adapter. You can see that in the demo and the adapters that they appear to be using don’t match up with the right ranges that Apple controls, so there’s some dubiousness about what the video was actually showing versus what they said it was showing.

Jason: So, what you watch is the Finder go back… and to the left, back… and to the left.

So, the simple version here, and I don’t know, maybe there isn’t, I’m striving for a simple version, but there may not be one. The idea was, people were worried, could this mean that Macs — certain models, all models, who knows — were fundamentally insecure in a way due to a Wi-Fi bug of some sort. That’s the core fear here, right?

Glenn: Yes, if you separate it out… What they showed and what they said they were going to show, as researchers, what they said they were going to show was “We figured a generic way to attack wireless adapters and find out their vulnerabilities without having to do all of this sort of twiddly-bits that you usually do to find these kind of weaknesses,” which is a really powerful thing. So their conceptual framework was “We know how to find weaknesses better than anybody else now,” and that’s great, and actually that hasn’t been disproven. This is a technique called fuzzing that I think existed before then but they’ve refined, and that’s great.

What they said generically was — and they said they found this on Wi-Fi adapters with drivers in Windows — was that there are ways in which a computer with a Wi-Fi adapter connected to no network could actually be hijacked. The technical explanation in brief is just that malformed frames would be accepted by the Wi-Fi adapter and this would cause essentially driver problems.

What happens is when you’re not connected to a network, your Wi-Fi adapter isn’t just sitting there if it’s turned on. As long as the adapter is turned on and you’re not associated with a network, it’s constantly listening and putting out little bits of information that help it know what’s going on in the network environment around it. That’s why when you pull down the AirPort menu, it shows you a list of all the networks in the vicinity even when you’re not connected to a network.

So, what these guys were saying was that using one of several ways to make a Wi-Fi adapter that’s listening to the wrong type of frame, they could actually send the wrong information through, which would cause the driver to get overloaded, execute code and perhaps get root permission. So, that as a general concept is also well understood and accepted. There was nothing unreasonable with them stating that such a weakness could exist in Mac OS X, Windows, Linux, anywhere — that is a well-believed statement because of how Wi-Fi works.

Jason: The issue was this something that was, first off, something that was actually true because they only seemed to perform it in a canned sort of demo environment.

Glenn: Right.

Jason: And it was unclear whether it was a stock system. They were using this third-party Wi-Fi adapter, which adds another level of bizarreness to it since there’s Wi-Fi that comes with the MacBook and they chose not to use it. Then their story has changed a little bit depending on who they talk to. They talk to a guy from the Washington Post. They made some public pronouncements on mailing lists. So, the big question has been, is this real? Is this not real? And if it is real, what is it trying to tell us? It seems to me that, following the soap opera, they were never really that forthcoming with details. Although, did they say that was because they were trying to work on it behind the scenes or just because they wanted to be mysterious?

Glenn: Well, this is where it gets confusing because there aren’t many first-party statements from them about it. I think what happened was after the kerfuffle at Black Hat where Apple got really peeved because they found out about, I think the engineers at Apple, my understanding of the timeline only heard from these researchers, if you believe this part of the timeline, a day or two before Black Hat. Apple says public ally that they only heard about the exploit at Black Hat. Apple later made SecureWorks, which is David Maynor’s employer, clarify that the demonstration only showed a third-party adapter being hacked.

It’s funny; you could say their story changed. I was saying that for a while and then I realized we haven’t gotten any direct statements from them because I think David Maynor’s employer wanted to avoid bad reputation and lawsuits and sort of has clamped down on what’s being released. The two researchers were suppose to present, just a few days ago, at a conference in San Diego called TorCon, another security event, they were suppose to present what they say was the real information and they were not allowed to present, or I should say David Maynor’s company wouldn’t allow him to present any evidence.

So, here’s the part of the timeline that did happen. They describe this problem. They showed this hack using a third-party wireless adapter on a Mac. Then just a few weeks ago Apple released three patches that do in fact patch the general problem of these malformed frames that could cause “privilege escalation,” as it’s called, but Apple denies, and has denied in very specific terms that the researchers or Secureworks provided them any specific information or really, in some cases, they’ve said any information whatsoever that led them to actually dig this up. Apple says “We had a bunch of engineers, we set them loose and said find any weaknesses and if you do we’ll patch them,” and that’s what Apple said happened. So, we’re kind of in a match over who gets credit at this point.

Jason: So, to back up a little bit — I don’t know if it’s the 50,000 foot overview, at least it’s the 1,000 foot overview. Where we end up is that Apple released a software update for Wi-Fi that patches some security holes that they feel that they have found, but it’s either unclear, depending on who you ask, or clear that it isn’t the same problem as what Maynor and Ellch found. So, there’s some debate about whether perhaps they caused Apple to investigate Wi-Fi security and release a fix, but Apple seems to say that the fixes that they’re making are not addressing whatever Maynor and Ellch claimed to have found.

Glenn: I think that’s exactly right, that Apple would not have investigated this without this prod, because Apple was unaware of any specific problems in the drivers and they were always doing testing and they get reports and there’s a lot of interest in stress-testing Wi-Fi. And Apple is using commodity drivers and they’re adapting code from FreeBSD so there’s a lot of knowledge. So, you could say that Apple has this black-box part that’s their secret sauce that’s kind of on top of this open-source and free software that they use. But on the Wi-Fi side there’s actually quite a bit that is shared both on the chip and driver side with other systems. So, it’s not like there aren’t attacks. In fact, there was a major FreeBSD attack demonstrated last year that was patched and Apple ostensibly had already patched that. They even claim Apple says that even the code they are using was a little different than the ones that were attacked anyway.

But I think the fundamental point that’s interesting, I think this is why we are all fascinated by this, by the way, is that this was a really serious attack. This is one of the most severe attacks that have not yet been realized against Mac OS X that I can think of in its entire history. And of course, it’s a weak entry point; it’s a driver from another party that’s integrated with hardware that provides a path to the outside world.

Jason: And imagine, I mean if you think about it, imagine Wi-Fi is turned on basically on every Mac that exists, and you think that when you’re not connected to a network you’re really in a black box, that you are secure. In fact, this is the point, potentially, of vulnerability. It’s pretty scary.

Glenn: Right. Apple’s point was that there was no exploit code out there. They were denying that Maynor and Ellch had any code that showed this or whatever. So, let’s just say that’s Apple’s statement and it could be disproven if Maynor and Ellch are ever allowed to release stuff that showed that they had the information. So, let’s leave that aside.

So, Apple says that there’s no exploit code. They’ve found this preemptively and they’ve strengthened their system without anything being out there in the wild, or demonstrated by researchers, as Apple says, to do it. But, just imagine if Maynor and Ellch hadn’t raised this particular issue, if Apple hadn’t done it and you had some really nefarious people and they released code, let’s call it “zero to exploit” — they just pushed code out there with no advance notice and suddenly somebody, anywhere in the world, who could download a piece of software could essentially gain root access to any Mac nearby them that was running the current version of 10.3.9 or 10.4.7.

So, I don’t want to overstate it because we don’t know how difficult it would have been to exploit those weaknesses that Apple just patched. It could have taken a year’s worth of 50 people writing the code to make it happen. Who knows? But the fact is, this is the most severe vulnerability that I can think of that would allow access without being attached to a Macintosh, like sitting at his keyboard, that’s ever existed for Mac OS X.

Jason: So, yes, pretty scary, as a potential, anyway, to be pretty scary.

Glenn: Right and it’s great, so nothing happened. This is where you then have to back up and say some people complain about Apple’s response to security vulnerabilities and I think there is some justification to that at times. It depends on the particular vulnerability. Here’s a case where you have to say that you can argue all you want to how Apple responded to these guys, but within six weeks of either being presented with evidence, if you believe the researchers, some of their statements, or with six weeks of being presented with nothing, Apple released significant patches that overcome what seems to be an unexploited vulnerability. So, that actually seems like a pretty good response, even if there is this issue now about credit for who reported it.

Jason: Right. So, once they knew about it, they seemed to have gotten on the ball about it pretty quickly. So, the short version now, for a regular person listening in, who’s not a security expert, not a Wi-Fi expert is: You never know if there’s some other vulnerability out there, but at the very least, if you haven’t downloaded Apple’s Airport Security Update you ought to go out and do that.

Glenn: Yes, and what’s funny is that there’s three different ones. That was confusing too. There’s one for Power PCs running 10.3.9, so if you have to be running that version, or 10.4.7 for Tiger. There’s one for Intel-based Macintoshes running 10.4.7 and there’s one for, I believe it’s Intel-based Macs that have third party wireless adapters connected, because Apple said that there was actually a flaw in their interface that allowed other companies to develop drivers for that particular version of the operating system.

As you know, you go to Software Update, you download it, install it, and it reboots and that’s it. This is another interesting part that I have to say about Apple’s approach to security updates is even if somebody said “Oh my goodness, here’s a great way for me to exploit Macs,” the window for them to exploit it becomes really small. Apple pushed out the updates. A lot of people automatically updated. Anybody who’s regularly connected with broadband is probably going to have already have patched this or will very soon. So, you got this very, very small window of when someone could potentially go try to reverse engineer and figure out what the exploit was and then that window closes really fast. So, there’s not enough people to actually attack that it makes sense.

Jason: And now a short break with a word from our sponsor.

1989. David Hasselhoff was dancing on the Berlin Wall, Michael Jordan was in search of his first title, and the brand new Macintosh SE had 4 megabytes of RAM. 1989 was also the year MYOB introduced its award-winning software for Mac small businesses. Seventeen years later, MYOB is still empowering small business owners to manage their customers, vendors, inventory, payroll and, of course, their accounting. To learn how MYOB can help your small business, visit myob-us.com. MYOB. Mind Your Own Business. Smarter.

Jason: You’re listening to the Macworld Podcast. I’m talking to Glenn Fleishman of Wi-Fi Networking News, a Macworld contributor, lots of other things. Glenn, let’s shift gears a little bit and talk about the future of Wi-Fi. When Steve Jobs unveiled the iTV — code-name iTV, a few weeks ago, not the actual name.

Glenn: Not its real name.

Jason: As I like to point out, that’s not its actual name. Everybody at iTV in Great Britain is on edge right now. “What? Call it BBC next time!”

Glenn: You bloody…! Sorry.

Jason: So, Steve Jobs made a point of saying 802.11 wireless networking would be in this product, which is what we know as Wi-Fi or Airport. But he didn’t mention any of those little letters that go on the end that tell you whether it’s A or B or G or whatever. That’s led to a little bit of a furor, there’s some speculation about what might be in there.

I thought we really have come to a funny point, because I remember when Wi-Fi first came out, everybody was talking about how it really wasn’t that fast compared to ethernet. It was slower than ethernet. All of a sudden, all the know-it-alls made a really good point which was “Look, your connection to the Internet at home is always going to be the gating factor.”

Glenn: Right.

Jason: It’s highly unlikely that some regular person at home is going to have an Internet connection that’s going to be faster than their Wi-Fi connection. That’s still true today, I think. But what’s gotten interesting is we’re not talking about pulling data over the internet, we’re talking about having movies or music on a computer in your house and then wanting to play it on a TV in another room, all of a sudden, people start to wonder if Wi-Fi has really got it. Now, does Airport Extreme, 802.11g, is that fast enough to stream video from, let’s say, I’ve got an iTV, a theoretical iTV in my den, and I’ve got a Mac in my office. Is 802.11g fast enough for that?

Glenn: Well, I have to give you one of these non-answer answers, which is yes and no. There’s fast enough and there’s good enough, with networking. So fast enough is, is the raw bandwidth enough? The answer is yes, absolutely. Apple’s selling the most bare-bones version of 802.11g, they’ve got no proprietary extensions like a lot of other companies have layered on top to improve speed and other factors. So Apple’s version is 54 megabits per second of raw data, and in a real network you usually see, over a short range, you usually see about 20, 30 megabits per second, somewhere in that range. That’s plenty for H.264 compressed video, for MPEG-2, for all these different things. You could stream full-motion, full-screen, HD-quality, at least one stream with that kind of network. So that’s the fast enough part.

The good enough part is that video is highly susceptible to any kind of degradation, like voice but even more so. You’re talking on a voice handset that’s connected to a Wi-Fi network, which is a big new deal these days too. If there’s any delay in any of the packets, or there’s a network dropout for two seconds, your voice conversation sounds terrible and your video, you get this big black screen. Even with buffering, you might have that. So there are companies that have created proprietary technology that overlays the Airport Extreme flavor of Wi-Fi and smooths it out. It’s called Quality of Service, or QoS, which is a way to ensure that certain data packets are more important than every other.

So, the Animal Farm thing, it’s “all animals are created equal and some more equal than others.” Well, all data is equal except video and voice data is more equal than others. So you’re downloading a giant file off the Internet, well that’s less important than keeping that streaming video thing going along. So far, Apple doesn’t have that technology embedded in Airport Extreme, and that’s going to be one of the issues with whether video would work over it, even though it has enough speed. Now I’ve given you the yes and the no on that, I hope.

Jason: Well, and then I need to microwave a burrito, and the whole thing goes to hell, right?

Glenn: Exactly.

Jason: That’s another issue with this, is that you’re relying for a consumer application. This happened to me; we have a wireless audio streamer in our living room. We were listening to some streaming Internet radio and my wife turned on the microwave and said “Okay, the music just stopped. Something wrong with the computer?” I sat there and I thought for a minute and I realized, the microwave is going, and that’s probably—sometimes that’s enough.

Glenn: A little scary, isn’t it? Well, you know, this is the thing. Water is a dipole molecule that vibrates 2.4 billion times a second, when you turn on a microwave oven. The microwave oven is switching at the same frequency that Wi-Fi works at, which always baffles people because they’re such different kinds of technology. Because a microwave oven, it’s actually causing friction, it’s making water molecules rotate their magnetic poles really quickly and that friction causes the food to heat up.

But of course, that’s sort of like junk noise to a Wi-Fi receiver. In fact, the 2.4 gigahertz band, in which Wi-Fi and microwave ovens work, it’s called the “junk band”, that’s its informal name. And Wi-Fi, one of the great things about it, it’s really resilient to interference of all kinds, but it also means there’s tons of interference in that band. If you live in a semi-industrial part of a city, there could be people running these industrial sealers, these huge microwave sealers that seal equipment, or make plastic or whatever. You will not be able to run a Wi-Fi network anywhere near there.

Jason: So 802.11n is what I keep hearing about now, which is the next generation of Wi-Fi.

Glenn: Conveniently starting with N.

Jason: So what does that get us? Yes, I don’t really understand the lettering and I don’t think I want to know. It’s frightening to me.

Glenn: You don’t want to know.

Jason: As long as they’re using actual letters that I learned in school, I’m okay.

Glenn: That’s right.

Jason: If we get to like 802.11π I’m going to run screaming. So what is 802.11n, when’s it coming and what does it get us?

Glenn: Well, N is a next generation Wi-Fi standard. N is a task group within a group at the IEEE standards body that makes these. It’s a consensus-driven engineering group, and it’s just as exciting as it sounds. There’s lots of people from different companies and academia, and they get together and they hash out what these standards should look like, so that everyone can agree on them and then go back and build stuff based on them.

And so task group N, they were tasked about two years ago with Wi-Fi really isn’t fast enough to be competitive with a wire-line network. We need ethernet-like speeds out of Wi-Fi, especially as ethernet gets faster and faster. With, you know, gigabit ethernet really typical these days, and gigabit ethernet switches really inexpensive, Wi-Fi should be somewhere relative to that. And so they said, “Okay, we have the technology, we know the approach.” And it’s taken a long time to get here, but their goal is a raw rate. This is with network overhead, so this is the stated marketing rate of at least 150 megabits per second, versus 54 for 802.11g.

Now, here’s the cool part. The real throughput should be over 100 megabits per second, or four to five times faster than what Airport Extreme can deliver on a good day today, and even beyond that. That’s like the minimal, lowest-end version of 802.11n, which will come out… We should talk about when it’s coming out, that’s sort of a long story, but we’ll do the brief version. Some versions of 802.11n that will probably come out not until 2008 will have all these optional extras on it. They will run as fast as 600 megabits per second raw speed, with 200 to 300 megabits per second of real throughput. That starts to get you up there, where you’re actually pretty close to gigabit ethernet. In an office, like a graphic design office or an office that’s doing large amounts of file transfer and network operations, then wireless becomes a real alternative to a wired network, with a lot more flexibility.

Jason: Unless you’ve got somebody running an industrial microwave sealer next door.

Glenn: Darn those industrial sealants! So now the timeline, so this is the ugly part, right? You can actually go to the store right now and you can buy equipment that’s labeled “draft N” on it, meaning it’s based on a draft, and not a released version of this 802.11n standard. The fundamental problem is, nobody agrees on the draft. It’s a draft; it’s not final. There’s tons of disagreement, and there’s fundamental disagreements. So, early this year, draft 1.0 was agreed on by this group as the basis to do additional work, to achieve a final version.

A lot of manufacturers, chipmakers, said “Close enough. We’re going to push equipment out because consumers are demanding this and we want to get it out in the market.” So draft N gear is still pretty buggy. All the magazines that have reviewed it, our sister publication PC World has done some extensive reviews of early draft N gear, and not only does it not have Mac drivers, just start there, but it also doesn’t really interoperate well. You can’t get two devices, even with the same chips from two different companies and get them to work together as well as you’d like.

Jason: So basically it won’t even run on a Mac. But you would need to buy two boxes from Linksys and connect them together, in order to get it to work.

Glenn: Yes, exactly. Basically from the Mac standpoint, this is a nonstarter right now and even if you’re a Windows or Linux user, if there are Linux drivers, you’re tied into what is now a very expensive technology.

Some of the benefits of N, N has speed but it also has distance. It uses multiple antennas, an array of what’s called multiple-in, multiple-out or MIMO antennas, to achieve much greater range. You can buy, on the market today, 802.11g gateways with MIMO antenna arrays attached that will achieve range that’s far better than these draft N devices. So for under a hundred dollars you can buy a device, a gateway, that works better than the 250 dollar early non-compatible, non-standard, draft N gateway. So this is very frustrating.

Jason: Doesn’t that range mean that we’re going to have more interference problems when everybody’s got 802.11n?

Glenn: That is such a marvelous question because that’s the logical conclusion and here’s where that turns out not to be so. What MIMO does, because it has multiple antennas, it can reconcile reflection. This is a big issue with all wireless data, it bounces around objects. So some of it passes through objects, some reflects. When you have one antenna or even two, it’s really hard to figure out what direction a signal came from and to differentiate between many signals. With multiple antennas and this technology approach the device can more easily differentiate between many signals. It’s got more directionality, so it knows that this signal bounced off this way, this other signal bounced off this way; that’s the same signal, so I can now reconstruct the data that came from that. That gets you more discrimination among different networks in the same space. But it also gets you more range because distant and fainter signals can also now be picked up and sorted out better.

Jason: Sounds good. But is this going to be a product that we see, a final product next year sometime?

Glenn: Oh, don’t I wish. The original projections last year were late 2006 for a final standard. At this point we’re looking at 2008 with the final standard being signed off by the whole IEEE standards body. The good news though, and this is where it ties in with Apple’s code-name iTV project: It looks like by March of 2007, the task group responsible for this should have a draft 2.0, a version that is basically pretty close to what everybody wants. And the Wi-Fi Alliance, which is actually a trade group, that tests and certifies equipment as complying with these IEEE standards. These different companies, including Apple and Intel and Microsoft, they are all voluntary members of the Wi-Fi Alliance; they submit their equipment to testing to get the Wi-Fi seal on it. So the Wi-Fi Alliance is going to certify and test equipment based on this interim draft in March. And they’ll probably do that by the end of spring of 2007. Then they’ll do another version, a year later when the final version is approved, they’ll do another certification for final N products as well. There’s expected to be only some slight differences at that time, probably the faster speeds being the big one.

Now you tell me this, when is iTV supposed to ship? I hear a lot of different dates for it.

Jason: All Apple has said is the first quarter, which means between January and March of 2007, so it could be as late as the last day in March or it could be at Macworld Expo, and I think nobody really knows. If you had to make me guess, I’d would say that they will announce it, its real name, its feature set, when it’s going to be shipping, at Macworld Expo. But it won’t actually ship then. That would be my best guess, but it’s just a guess.

Glenn: That ties in with what the 802.11n schedule is too. Apple’s two major chip suppliers for Wi-Fi, Atheros and Broadcom, which make all of the chips that go into all current Macs at this point. Atheros, they picked up when the Intel Macs came up they started to use Atheros chips as well as Broadcom, which they had been using since 2003. So, these two chip makers have draft N products out in the market now. And they’re actively some of the biggest players in the standards process.

If I had to make my best educated guess, I’d say that iTV won’t feature 802.11n unless it’s at the very end of Apple’s projected time frame, because it’s possible that they’ll be too many unknowns about what this real interim version, this certified version of N is going to look like in the spring of 2007. So if they put the chip in in January, it might not actually be upgradeable in the way they want in March or June or September.

So if Apple ships the iTV at the end of March, I would expect that they would probably use an early generation but pretty compliant 802.11n chip. If they ship at Macworld, I think it’s going to be 802.11g. It will be Airport Extreme Squared or something. Because there is a way that they could go back and upgrade all the existing Airport Extreme cards through firmware, a download, and all the base stations to add better support for streaming video and audio. It wouldn’t be perfect, but it would actually probably be enough for their purposes.

Jason: That leads us to my next question. So it’s not a no-go to do iTV with 802.11g. 802.11g can handle what you throw at it.

Glenn: I would say with upgrades of Apple’s firmware for Airport Extreme, yes.

Jason: To prioritize that video and audio content.

Glenn: Exactly. Because without that it’s just going to be too erratic and people will be too unhappy. With that I think you’d say one iTV on a network, not too far from everything else, from the base station and from the computers that are streaming, if there’s stuff streaming off computers or Internet connection, then you’re not going to be dissatisfied. There’s companies like Ruckus, Rotani, and there’s several other firms, including the major Wi-Fi gateway makers like Linksys and Netgear, they all have some entertainment systems, they all have a little bit of proprietary secret sauce that makes their media stuff work. And it all works over 802.11g. So Apple’s in a position to upgrade G, and there’s actually good reasons why they should upgrade G because it would help with voice calls over Wi-Fi networking and there’s some other things that are happening as well.

There’s one thing I didn’t mention, 802.11n, one of the reasons that people are excited about it is not just because it’s faster and will support streaming video and it will go further, but it will actually make a lot more simultaneous voice calls possible over a Wi-Fi network because it’s going to give you that much more reliability and space in which these tiny calls can be made with greater assurance without dropping out packets. If Apple has any voice plans for their networks, any calling options, perhaps like an iPhone, perhaps that might also have Wi-Fi built in, which, who knows if that would be the case, or even an iPod, than they may need this improvement to Airport Extreme just for that purpose.

Jason: When we look down the future in 802.11n, we’ve been focused on an iTV on a network. I think it’s not unreasonable to suggest that in the future, people are going to want to put an iTV or some other box on every TV in their house. If they’ve got two or three, at that point, you don’t want to have a TV system where if mom’s watching something in the living room, nobody else can watch TV in the other rooms because the bandwidth’s all taken up. That’s not going to be acceptable.

Glenn: In an article in upcoming Macworld magazine, written by yours truly, I have some numbers about that too, which is consumer electronics are actually a big expansion. The iTV is like a funny hybrid. It’s an adapter. It’s sort of a PC-to-consumer-electronics adapter, you could call it. Because it’s going to be a computer, but it’s not going to do computer things, but it’s got PC like elements. And it’s not going to be a consumer electronics thing because it doesn’t actually display anything.

Well, there’s going to be DVD players and HDTV sets and every kind consumer electronic device you can think of, is going to have 802.11n embedded as just an option. It’s going to cost five dollars for the chips in a couple of years. So AVI Research based out of New York, they estimate nearly 250 million devices will sell in 2011, consumer electronics devices, with embedded Wi-Fi, and about 90 plus percent of those will use N. And that’s part of the revolution is. There’s going to be an equal number of 802.11n and Wi-Fi adapters sold that are part of laptops and PCs in 2011, by their numbers. But when you start saying, “Anything I go into Costco and buy to plug into my system is going to have N in it,” and it also might have some other wireless standards we’re not going to talk about right now, but that’s where the real revolution is going to happen. Then you don’t need an iTV at that point.

Jason: So I can buy a microwave oven at Costco and it’ll have N in it, but will it interfere with itself?

Glenn: Well maybe it would coordinate. Like you could buy a microwave oven with N and it would make sure it didn’t walk over the rest of the network. Now that would be cool.

Jason: That would be something. Glen, thank you for talking about all of this Wi-Fi stuff. It’s certainly enough to make your head spin. I’m certainly excited about the iTV and about getting some improvements in Wi-Fi. Gone are the days when your wireless network is always going to be fast enough. Now we’re in an exciting new world where it’s going to keep getting faster and faster. It’s pretty exciting.

Glenn: Yeah. I think there’s speed, there’s distance, there’s quality… I think one of the fundamental things that comes up for me all the time is people say, “My house is too big or too wonky, and I get can’t one Wi-Fi gateway to cover the house.” That’s going to be part of what’s exciting about the newer technologies. You plug in one gateway it will cover your whole house. You plug in an iTV to stream your video, your consumer electronics devices will have Wi-Fi in it and you just won’t worry about it anymore. It’s going to be like a dial tone.

Jason: Can’t wait. Glenn thanks a lot for your time.

Glenn: My pleasure. Thank you.

Jason: Thanks for coming back to the podcast.

Glenn: Always a pleasure.

Jason: That wraps up this edition of the Macworld Podcast, sponsored by MYOB, small business management software. MYOB helps you to mind your own business. Smarter. Thanks for joining us, thanks to our sponsor and we’ll see you again soon with another edition of the Macworld Podcast. Signing off, this is Jason Snell, Editorial Director of Macworld.