PDA

View Full Version : WARNING: "back to my mac" can allow full access to your computer even when disabled




kudukudu
Feb 6, 2010, 10:23 PM
I setup file sharing on my local network and noticed that one of my machines had full access to my mac pro connected as my mobileme user in the finder. My first reaction was WTF, I never enabled this. I configured file sharing on my network to only allow the Guest account access to a small number of shared directories.

1. First thing I noticed after I Googled this issue was that "back to my mac" was enabled in my mobile me preferences. I can't believe this is enabled by default! So of course I disabled it thinking this would solve my problem. Wrong.

2. Even after disabling this feature, I can still access the entire contents of my mac pro through the finder logged in with my mobileme user. So far the only way to disable access is to log out of mobileme.

3. I am still trying to figure out how I can remain logged into mobileme and continue to have my calendar, contacts, etc. kept in sync without leaving a giant security hole (e.g. blocking ports, changing something in keychain, etc.). If I can't resolve I guess it is bye bye mobileme.

Issues like these with "back to my mac" were documented back in 2007 so I can't believe it is still so flaky:

http://www.isfym.com/site/blog/entries/2007/10/27_don%E2%80%99t_go_back_to_my_mac.html



southerndoc
Feb 7, 2010, 11:32 AM
I don't keep any sensitive stuff on my computer. I store all my sensitive stuff on an IronKey.

When I enabled it, and when I switched computers (MacBook to a MB Aluminum), I had to enter my desktop username and password and then clicked for Keychain to remember it. I also have to enter a password on my screen saver (a fairly long one).

Under the sharing section of system preferences, you can set it so that only certain users have access to your computer.

Macsterguy
Feb 7, 2010, 02:09 PM
Screen sharing: System Preferences / Sharing / Screen Sharing - set up user accounts that you want to allow to screen share (yourself or admins only)

File sharing: System Preferences / Sharing / File Sharing - set up user accounts that you want to allow to file share (yourself or admins only - all volumes). Other users will only have access with shared folders.

* Also remember to password protect your iDisk Public Folder - System Preferences / MobileMe / iDisk

Kilamite
Feb 7, 2010, 05:15 PM
You are saying you are surprised you could access your Mac Pro when using a computer that you is part of your MobileMe setup?

kudukudu
Feb 7, 2010, 11:12 PM
You are saying you are surprised you could access your Mac Pro when using a computer that you is part of your MobileMe setup?

No I am surprised that I could access the entire filesystem of my Mac Pro using my mobileme account when "back to my mac" was disabled. According to Apple documentation this should not happen. This is a major bug.

macbookairman
Feb 8, 2010, 10:53 AM
I setup file sharing on my local network and noticed that one of my machines had full access to my mac pro connected as my mobileme user in the finder. My first reaction was WTF, I never enabled this. I configured file sharing on my network to only allow the Guest account access to a small number of shared directories.

1. First thing I noticed after I Googled this issue was that "back to my mac" was enabled in my mobile me preferences. I can't believe this is enabled by default! So of course I disabled it thinking this would solve my problem. Wrong.

2. Even after disabling this feature, I can still access the entire contents of my mac pro through the finder logged in with my mobileme user. So far the only way to disable access is to log out of mobileme.

3. I am still trying to figure out how I can remain logged into mobileme and continue to have my calendar, contacts, etc. kept in sync without leaving a giant security hole (e.g. blocking ports, changing something in keychain, etc.). If I can't resolve I guess it is bye bye mobileme.

Issues like these with "back to my mac" were documented back in 2007 so I can't believe it is still so flaky:

http://www.isfym.com/site/blog/entries/2007/10/27_don%E2%80%99t_go_back_to_my_mac.html

If I understand the situation correctly, you are on a Local Network, and you are connected to a Mac Pro on your local network via your MobileMe username.

If that is correct, than that is normal. When you log into MobileMe on your Mac via System Preferences, it creates an Alias for your account name. So if your account name is "Home" then you can now use your MobileMe account too (ex: homemobileme@me.com). To show you that this is true, go to System Preferences and then the Accounts panel. Click the lock icon in the bottom left. For the Name field, enter your MobileMe address, and for the password enter your Mac's system password (not the MobileMe password). Click OK, and it should log you in...that is because your MobileMe address is an alias for your system username. Once you've done that right click on your account in the accounts pane of system preferences. then choose advanced options. on the page that opens up you should see your MobileMe address listed as an alias. This is not a bug of MobileMe...it is a feature.

kudukudu
Feb 8, 2010, 03:11 PM
If I understand the situation correctly, you are on a Local Network, and you are connected to a Mac Pro on your local network via your MobileMe username.

If that is correct, than that is normal. When you log into MobileMe on your Mac via System Preferences, it creates an Alias for your account name.....This is not a bug of MobileMe...it is a feature.

Thanks for the additional explanation of how mobileme works. I would agree with you, but notice that I explicitly disabled the back to my mac option. According to Apple documentation, file sharing with the mobileme account shouldn't work when back to my mac has been disabled:

http://images.apple.com/mobileme/docs/L358808A_BackMac_UG_v3.pdf

Kilamite
Feb 8, 2010, 03:48 PM
Contact the MobileMe support staff and see if there's a problem with your account; if not then they should have the common sense to report it down the line as a high priority bug.

I only have one Mac, so I can't see if it happens on my account. But I have Back To My Mac enabled so I can get Push.

macbookairman
Feb 9, 2010, 10:09 PM
Thanks for the additional explanation of how mobileme works. I would agree with you, but notice that I explicitly disabled the back to my mac option. According to Apple documentation, file sharing with the mobileme account shouldn't work when back to my mac has been disabled:

http://images.apple.com/mobileme/docs/L358808A_BackMac_UG_v3.pdf

Is it correct that this is happening on a LOCAL network? Because like I was saying, if that is the case, then it isn't an issue with MobileMe. The computer you are trying to connect to has MobileMe set up. Thus, it has an alias for the OS X username. That alias is your mobileme email address, and the osx username is (for example) kudukudu. Since you are on a local network, is letting you log in with that MobileMe email address because it is an ALIAS for that OS X users account. Now, Back to my Mac is meant more for when you aren't on the same network as the computer you are trying to connect to. So, go to a different Wi-Fi network and see if you can connect to that computer. You can't, because Back to my Mac isn't on. If it was on, you'd be able to connect to that mac from a non-local network.

Essentially, what you're doing is logging in to your mac on a local network with that mac's username. Which is how it is supposed to be. The difference here is that you are using your MobileMe username instead because OS X sets up your MobileMe email address as an alias for the OS X account name. Sooo after setting up MobileMe,

MOBILEME USERNAME = OS X LOGIN USERNAME



i don't know if I can explain this any other way...

JuanGuapo
Feb 10, 2010, 12:48 AM
If you're on the same LAN, you're not using BTMM--you're using Screen Sharing. BTMM is only an internet extension of Screen Sharing in Leopard/Snow Leopard.

If you don't want screen sharing, turn it off in the Sharing preference panel.

If you turn off BTMM, Screen Sharing is still enabled if you're on the same LAN. I see it all the time on my campus network... they can only get into your system if they have the user/pass to get in.

kudukudu
Feb 11, 2010, 11:13 AM
If you're on the same LAN, you're not using BTMM--you're using Screen Sharing. BTMM is only an internet extension of Screen Sharing in Leopard/Snow Leopard.

If you don't want screen sharing, turn it off in the Sharing preference panel.

If you turn off BTMM, Screen Sharing is still enabled if you're on the same LAN. I see it all the time on my campus network... they can only get into your system if they have the user/pass to get in.

I already have screen sharing turned off. I only have file sharing enabled.

macbookairman
Feb 11, 2010, 11:23 AM
I already have screen sharing turned off. I only have file sharing enabled.

The same thing applies with file sharing. Seriously, there is nothing wrong here.

kudukudu
Feb 11, 2010, 11:49 AM
Is it correct that this is happening on a LOCAL network? Because like I was saying, if that is the case, then it isn't an issue with MobileMe. The computer you are trying to connect to has MobileMe set up. Thus, it has an alias for the OS X username. That alias is your mobileme email address, and the osx username is (for example) kudukudu. Since you are on a local network, is letting you log in with that MobileMe email address because it is an ALIAS for that OS X users account. Now, Back to my Mac is meant more for when you aren't on the same network as the computer you are trying to connect to. So, go to a different Wi-Fi network and see if you can connect to that computer. You can't, because Back to my Mac isn't on. If it was on, you'd be able to connect to that mac from a non-local network.

Essentially, what you're doing is logging in to your mac on a local network with that mac's username. Which is how it is supposed to be. The difference here is that you are using your MobileMe username instead because OS X sets up your MobileMe email address as an alias for the OS X account name. Sooo after setting up MobileMe,

MOBILEME USERNAME = OS X LOGIN USERNAME

i don't know if I can explain this any other way...

okay yes I see know. I didn't read your original post closely enough. Thanks for taking the time to provide further clarification. I still have two issues with this feature based on this explanation:

1. This is undocumented behavior as far as I can tell. Maybe I missed it, but in the BAck to My Mac user's guide I couldn't find any discussion where Apple differentiates between MM/BTMM behavior on a local network versus remote network (e.g. automated login works on local network even when BTMM is disabled, but automated login only works from remote networks when BTMM is enabled).

2. More importantly, even if the mobileme users acts as an alias for its associated user account on each machine, I don't understand why it does not prompt me for a password. If I login with my primary user account from another machine I am always asked for a password. The fact that I am not prompted for a password when using the mobileme account is a fairly big security hole and a bug in my mind. This bug (or poor implementation depending on your perspective) was clearly documented back in 2007 in the URL I provided at the beginning of this thread:

"The problem came in when we selected the server Mac in the client’s sidebar. Instead of either connecting to that Mac’s File Sharing as a guest, or asking us for that Mac’s password, Back to My Mac automatically connected to the server Mac’s File Sharing as that Mac’s owner without ever asking for the owner’s name and password. Worse yet, the same thing happened when then clicking on “Share Screen...” giving us full remote control of the Mac without ever entering its password...In disbelief for a bit, we confirmed the problem from different machines on different networks. We then took a step back and thought about things: how could Apple have shipped Back to My Mac with such a seemingly serious security hole? "

macbookairman
Feb 11, 2010, 01:51 PM
The whole not asking for a password thing is probably an issue that should be fixed.

GeekOFComedy
Feb 11, 2010, 01:52 PM
okay yes I see know. I didn't read your original post closely enough. Thanks for taking the time to provide further clarification. I still have two issues with this feature based on this explanation:

1. This is undocumented behavior as far as I can tell. Maybe I missed it, but in the BAck to My Mac user's guide I couldn't find any discussion where Apple differentiates between MM/BTMM behavior on a local network versus remote network (e.g. automated login works on local network even when BTMM is disabled, but automated login only works from remote networks when BTMM is enabled).

2. More importantly, even if the mobileme users acts as an alias for its associated user account on each machine, I don't understand why it does not prompt me for a password. If I login with my primary user account from another machine I am always asked for a password. The fact that I am not prompted for a password when using the mobileme account is a fairly big security hole and a bug in my mind. This bug (or poor implementation depending on your perspective) was clearly documented back in 2007 in the URL I provided at the beginning of this thread:

"The problem came in when we selected the server Mac in the client’s sidebar. Instead of either connecting to that Mac’s File Sharing as a guest, or asking us for that Mac’s password, Back to My Mac automatically connected to the server Mac’s File Sharing as that Mac’s owner without ever asking for the owner’s name and password. Worse yet, the same thing happened when then clicking on “Share Screen...” giving us full remote control of the Mac without ever entering its password...In disbelief for a bit, we confirmed the problem from different machines on different networks. We then took a step back and thought about things: how could Apple have shipped Back to My Mac with such a seemingly serious security hole? "

Look. This is the scenario

You have a router. Connected to the router is the mac pro and lets say a macbook. Your on the macbook in your living room looking at CNN and it says in the finder as your about to open a PDF "Insert name" Mac Pro. You click it and it asks for your username and password (if your mac pro is password protected). Once you enter you see all the drives and the account folder. You also see the option of Share screen. You turn off BTMM on the Mac pro but notice on your macbook the option is still there. Why. Because both computers are connected to the same internet. Every mac running leopard/snow leopard has file sharing+Screen sharing built in once the two computers are on the same router/network. To disable this feature. Launch system preferences and enter sharing. Disable the following tabs: File sharing and screen sharing. Their probably ticked like in the following pictures i enclosed below.

I think it might have not asked for the password was when you first found the so called "Bug" BTMM was enabled on both computers. The mac probably thought well since it's probably not the family package it
's probably the same person. We'll grant access