Mac OS X easy to crack, says researcher

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Mar 13, 2009.

  1. macrumors bot

    Joined:
    Jul 5, 2003
  2. macrumors 65816

    steveza

    Joined:
    Feb 20, 2008
    Location:
    UK
    #2
    Some people need to get out more :rolleyes:
     
  3. Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Missouri
    #3
    Really, if it is so easy to crack, why haven't we seen any actual exploits?
     
  4. macrumors 65816

    Joined:
    Sep 21, 2008
    #4
    :rolleyes: Yeah, OK whatever.

    Brings to mind that old line, "Nobody wants to hack Macs because nobody uses them." :rolleyes:

    Plenty of people use Macs. :rolleyes:

    Hackers will hack anything that can be hacked. :rolleyes:

    If OS X were really as "easy to crack" as this dude claims then, yes, it would have already been breached by a massive attack launched from Redmond. :D :D
     
  5. macrumors 6502a

    MistaBungle

    Joined:
    Apr 3, 2005
    #5
    I do agree with that line somewhat that deals with us being ignored by the scene since there aren't that many.

    I mean, iPhones and Touchs have been hacked, so it isn't like they are ignoring Apple altogether but I don't think OS X is going to be a big target as this guy claims.
     
  6. macrumors 6502

    Joined:
    Feb 17, 2008
    #6
    "Things will be more difficult once Mac OS X 10.6 Snow Leopard arrives, as its version of Address Space Layout Randomisation will be much more effective (making it far harder to determine the location of specific routines), and writable memory will be marked as non-executable."

    So, Apple IS doing something about what they are talking about. I wonder why they didn't speculate on the statement "It is practically certain that not all of these flaws have been fixed, and that there are more waiting to be found"; seems a little biased to me. :rolleyes:

    I am also with those of you who point out that if it were so easy to hack a Mac, why don't more people do it? Hacking is not about profit or affecting the most users (like a virus), it is about competence and competition. Clearly, a Mac is an area that people simply just stay away from because there are so few vulnerabilities and the challenges make it not worth their time.
     
  7. macrumors 603

    Joined:
    Apr 15, 2004
    #7
    "For example, if a routine doesn't check the length of a string properly, it can be written to an area of memory that's too short to hold it, resulting in other values being overwritten.

    If an attacker can cause the contents of that string to include values that correspond to a useful set of machine code instructions and have that deposited at a location that will be executed, it is possible to gain control of the system."

    Really? That's the attack?

    That's called a buffer overflow attack and that's possible on every single system on the market.
     
  8. macrumors 65816

    Joined:
    Feb 7, 2007
    #8
    This Just In...

    "Many security and IT experts on crack, says researcher"


    :D
     
  9. macrumors 65816

    aarond12

    Joined:
    May 20, 2002
    Location:
    Dallas, TX USA
    #9
    Whatever

    This "researcher" needs to put his money where his mouth is.

    If he's talking about having physical access to the machine, then yes, Mac OS X is incredibly easy to hack. I know this from first-hand experience.

    I was on an overseas flight with my PowerBook G4 freshly-updated to Mac OS X 10.5.0. I was bitten by the bug that caused all accounts to be demoted to Standard Users. Without my Mac OS X DVD and without access to the Internet (as I was at 35,000 feet on my way to Tokyo), I was able to break into OS X and elevate my permissions on the two accounts I had installed to Administrator-level users. (No, I will not divulge how to do this.) :rolleyes:

    If he's talking about remote access to the system, then he's wrong. Dead wrong. I've run scanners, sniffers, etc., on my OS X machines (and iPhone, just for good measure!), and there are no significant vectors of insecurity.

    If he's found something new, then great! Share it with Apple and get the problems resolved. Otherwise, **** and GBTW.

    -Aaron-
     
  10. macrumors 68000

    Joined:
    Nov 23, 2007
    #10
    Haha, you got a point there :D, considering how bad Apple tarnished MS image, MS would take anything bad they can portray Apple with.
     
  11. macrumors 6502a

    Joined:
    Nov 12, 2003
    #11
    i don't. there were what, 20 million mac users in 2006/2007 and apple has increased market share since then, maybe as much as doubled it. then you take in to account that apple users are statistically more affluent; many windows boxes in the market are work machines that aren't connected to the net and/or have no intrinsic value (no bank numbers, no social security, etc...). finally take in to account there are way too many apple users think "more secure" means they don't have to do anything.

    so you have a large (though not a dominant market share) population of high-value targets, who aren't expecting to get attacked and it's supposedly fun and easy to do. that's like saying i'd rather hunt for a lion in africa than at the local zoo.
     
  12. macrumors regular

    rfruth

    Joined:
    Feb 5, 2007
    Location:
    Texas
    #12
    If some script kiddie knows the root password anything is possible -
     
  13. macrumors 603

    scaredpoet

    Joined:
    Apr 6, 2007
    #13

    One other "plus" for cracking a Mac: ever noticed that people with Macs like to brag about their uptime or about hw they leave their machines running for weeks? The stability inherent in the underpinnings of OS X means those computers stay on a lot longer than Windows machines. The same reasons that hackers like to find weaknesses in high availability servers makes Macs just as attractive: a stable platform to use as a "supernode" to marshall your millions of Windows zombie boxes and issue commands to your botnets.

    For this reason and others, I no longer buy the security-by-obscurity argument. There are compelling reasons for cracking a Mac, and even if their market share is small, they would be valuable assets in a botnet... if only they were so easy to crack.... :D
     
  14. Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #14
    Assuming the root account has been enabled... (it's disabled by default, except on Mac OS X Server).
     
  15. macrumors 68020

    Krevnik

    Joined:
    Sep 8, 2003
    #15
    On top of what the other poster said:

    Elevation uses the user's password, so if they exploited to get user access on the machine, they still need to exploit to root, or crack the user's password (reasonable to assume the user is an admin on the box).

    To get on the box in the first place, services need to be enabled. Right now, the only port open on a normal install is the mDNS port. Thankfully, that service is sandboxed in 10.5, meaning it runs with near-zero permissions (really only getting read permissions to specific parts of the main drive).
     
  16. macrumors regular

    rfruth

    Joined:
    Feb 5, 2007
    Location:
    Texas
    #16
  17. macrumors 68020

    Krevnik

    Joined:
    Sep 8, 2003
    #17
    Huh, so your argument hinges on someone who /already has root access/ enabling the root account? Why in the world would they turn on the account they already have access to? Why not just do whatever they were going to do (trash the place, install malicious packages) right then while they had access and be done with it?
     
  18. macrumors regular

    rfruth

    Joined:
    Feb 5, 2007
    Location:
    Texas
    #18
    No my argument hinges on someone (the script kiddie) knowing more than the average user does yet you hear over & over again that OS X is safe and malware isn't a problem so no precautions are needed when the message should be that X is solid but the user needs to do their part (physical security important, port forwarding etc.)
     
  19. macrumors 68020

    Krevnik

    Joined:
    Sep 8, 2003
    #19
    Yet you linked to a KB article discussing how to enable root. A script kiddie who doesn't know your admin password (or already have root access) cannot use that to enable root on your system if they have user-level access.

    If they already have root access or your admin password, they can enable it, sure, but then again, they already have root access at that point and don't need to.
     
  20. macrumors 68030

    Winni

    Joined:
    Oct 15, 2008
    Location:
    Germany.
    #20
    It's more lucrative to write an exploit for Windows. Over 900 million machines on the planet run Windows, and most of those machines are used in companies -> that's where the data is that you want to steal, that's where the money is, that's where high speed Internet connections for your bot nets are.

    I don't have a doubt that OS X is easier to crack than Vista. Vista's got a bunch of new security layers especially designed to protect it from memory modifications that previous Windows versions didn't have.

    But who has says that there are no successful exploits already out there and being used? If it comes from a clever criminal mind, nobody would notice it. Those guys want to come back anytime they want, and they want to stay in control over your system for whatever reason. They're no script kiddies who only want to wreck havoc.

    Most Mac users live in a dangerously false sense of security and pride themselves because of their ah-so-secure system. Well, we have a saying in Germany: "Hochmut kommt vor dem Fall" - Pride/Arrogance comes before the fall.
     
  21. macrumors G5

    nagromme

    Joined:
    May 2, 2002
    #21
    Definitely more lucrative. But criminals don't attack ONLY the #1 MOST lucrative target. They attack any lucrative target they can. That's why convenience stores get robbed, not just banks. That's why malware attacks multiple different versions of Windows, not just the most-installed. (Not to mention Linux.) And plenty of educational institutions, scientific and government projects, and large media companies have lots of Macs worth attacking. Macs are a smaller target, and that's a very good reason to use a Mac... but they ARE still a target.

    Correction: there are plenty of script kiddies who WANT to wreak havoc on Mac... they just haven't been able to. The world is filled with millions of sad, angry kids, many of which "hate" Macs for whatever 1990s reason peer pressure has drilled into them.

    You're right, there could, by some chance, be only ONE type of Mac exploiter: ones that stay secret and undetected and attack very few targets, carefully chosen. But the world has a LOT of people in it, and it's far more likely that the Mac's would-be attackers include the full spectrum, from those simply seeking prestige (which a Mac exploit offers better than Windows) to those seeking mass infection for botnets, to those seeking mass intrusion to harvest for identity theft.

    Meanwhile, there are two very different things people talk about, and it's important to acknowledge the difference:

    1. An individual person breaking into an individual Mac (either sitting there in person or remotely). Of course individual Macs HAVE been successfully attacked, by methods that start with guessing the password and work their way up to more sophisticated methods.

    2. Mass attacks that spread through the Internet: malware. Viruses and worms. These are what most users REALLY worry about, because one person can attack thousands of machines at a time instead of just one. There has NEVER been a successful virus or worm on Mac. There have been a couple of failures (they required lots of user help and only affected specific non-standard Mac installs--like the iChat worm a couple years back) and a couple lab experiments.

    So while no OS is perfect, or will ever be--and while BOTH Vista and OS X have specific security advantages that the other lacks--the reality remains that you are safer on OS X.

    I doubt that will change: someday OS X will probably have its first real-world virus or worm. (I keep waiting--it's been about 8 years now.) It will then have ONE. And it will be quickly known, and patched by the community within hours and then by Apple within days.

    Then there are Trojans--but no platform is ever protected from them, because a Trojan is simply a lie. Make a useful program to wipe the user's hard drive before they sell the computer. Call it "HD Eraser" and charge $5 and it's legitimate software. Call the same thing "System Accelerator" and it's a destructive lie. Make it do TWO things, one useful and one not, and it's still a destructive lie. A Trojan horse.

    As for individuals personally hacking into your machine--yes, that's a possibility on any platform, and lets all hope that Windows and Mac alike keep squashing bugs and patching flaws. Because every OS had flaws, and always will.

    So the reasons why Macs are safer are complex--it's not just design, it's not just obscurity--both help. And it's NOT perfect safety--and I've never seen a Mac user claim it was. (Though I often see Windows users CLAIM that Mac users claim that. Funny.) It is, however an imperfect safety (which is the best we can have in this world) that leaves you better off than Windows users. For the last 8 years and still today.

    (And better off doesn't just mean free from attack, it means free from spending time, effort or money defending your machine, and bogging it down with constantly-running, constantly-updating anti-malware apps. The single thing I hate most about running Windows is the anti-malware updaters always chugging away when I wake the system.)

    Meanwhile, neither OS is sitting still... but Apple is advancing faster, and with Snow Leopard their OS is getting leaner, more efficient, less code-bloated and less legacy-burdened. These are all good things for security, and good things for making flaws easier to fix when found. And they are all the opposite of the legacy-plagued massive code-base that is Windows, driven by thousands of programmers and layers of managers. I don't see much future reason to predict OS X will get worse relative to Windows.

    P.S. ... Which brings to mind one amusing common argument for choosing Windows: the situation could reverse someday! Macs could one day have numerous mass attacks and need multiple anti-malware apps, while Windows users might all run lean and safe. Seems unlikely, but we can't see the future! Granted. So some people suggest staying with the less safe OS.... just to be on the safe side :D
     
  22. macrumors G4

    Joined:
    Jul 17, 2002
    Location:
    USA
    #22
    You are ignoring valid points already made in this thread. The vast majority of Windows computers in business are used by wage slaves. They have no critical data on them unless you think that secretaries' high scores in Solitaire is mission-critical data.
    Vista is a tiny portion of the installed base and most certainly an even smaller portion of the mission-critical installed base. That said, you don't get away with the assertion about what you doubt or don't doubt. What you believe is irrelevant. There are zero exploits of MacOS X. You can't get less than zero.
    Wild speculation is not an argument.
    How many years have you people been saying this now? I'm waiting.
     
  23. macrumors regular

    rfruth

    Joined:
    Feb 5, 2007
    Location:
    Texas
    #23
    Not too long ago I was a wage slave & there was lots of juicy docs, spreadsheets e-mails etc. on my & others (XP) computers - what really gets me are comments like there are zero exploits of Mac OS X - what are you people smoking and where can I get some ?!
     
  24. macrumors 68020

    jayducharme

    Joined:
    Jun 22, 2006
    Location:
    The thick of it
    #24
    So in other words, the author's premise is possibly valid, but only until Snow Leopard comes out? Why didn't the author publish this sooner, when Leopard was released, so that Apple could fix the flaws he found?
     
  25. macrumors P6

    IJ Reilly

    Joined:
    Jul 16, 2002
    Location:
    Palookaville
    #25
    We're getting it from Apple, and you can get as much of it for yourself as you like from the same connection. I'm sure you can arrange a back-alley meeting if would make you feel like it's illicit. ;)

    This has already been explained in detail above, but all of the OSX exploits demonstrated thus far have been essentially theoretical, meaning they haven't been packaged into deliverable viruses or worms. It has always been a source of amusement to me how Windows geeks can insist that the theoretical ability to exploit OSX outweighs the very real ability to exploit Windows. And they say Mac owners live in a fool's paradise.
     

Share This Page