Mac OS X easy to crack, says researcher

Discussion in ' News Discussion' started by MacBytes, Mar 13, 2009.

  1. MacBytes macrumors bot

    Jul 5, 2003
  2. steveza macrumors 68000


    Feb 20, 2008
    Some people need to get out more :rolleyes:
  3. r.j.s Moderator emeritus


    Mar 7, 2007
    Really, if it is so easy to crack, why haven't we seen any actual exploits?
  4. Sehnsucht macrumors 65816

    Sep 21, 2008
    :rolleyes: Yeah, OK whatever.

    Brings to mind that old line, "Nobody wants to hack Macs because nobody uses them." :rolleyes:

    Plenty of people use Macs. :rolleyes:

    Hackers will hack anything that can be hacked. :rolleyes:

    If OS X were really as "easy to crack" as this dude claims then, yes, it would have already been breached by a massive attack launched from Redmond. :D :D
  5. MistaBungle macrumors 6502a


    Apr 3, 2005
    I do agree with that line somewhat that deals with us being ignored by the scene since there aren't that many.

    I mean, iPhones and Touchs have been hacked, so it isn't like they are ignoring Apple altogether but I don't think OS X is going to be a big target as this guy claims.
  6. supmango macrumors 6502

    Feb 17, 2008
    "Things will be more difficult once Mac OS X 10.6 Snow Leopard arrives, as its version of Address Space Layout Randomisation will be much more effective (making it far harder to determine the location of specific routines), and writable memory will be marked as non-executable."

    So, Apple IS doing something about what they are talking about. I wonder why they didn't speculate on the statement "It is practically certain that not all of these flaws have been fixed, and that there are more waiting to be found"; seems a little biased to me. :rolleyes:

    I am also with those of you who point out that if it were so easy to hack a Mac, why don't more people do it? Hacking is not about profit or affecting the most users (like a virus), it is about competence and competition. Clearly, a Mac is an area that people simply just stay away from because there are so few vulnerabilities and the challenges make it not worth their time.
  7. goMac macrumors 603

    Apr 15, 2004
    "For example, if a routine doesn't check the length of a string properly, it can be written to an area of memory that's too short to hold it, resulting in other values being overwritten.

    If an attacker can cause the contents of that string to include values that correspond to a useful set of machine code instructions and have that deposited at a location that will be executed, it is possible to gain control of the system."

    Really? That's the attack?

    That's called a buffer overflow attack and that's possible on every single system on the market.
  8. HyperZboy macrumors 65816

    Feb 7, 2007
    This Just In...

    "Many security and IT experts on crack, says researcher"

  9. aarond12 macrumors 65816


    May 20, 2002
    Dallas, TX USA

    This "researcher" needs to put his money where his mouth is.

    If he's talking about having physical access to the machine, then yes, Mac OS X is incredibly easy to hack. I know this from first-hand experience.

    I was on an overseas flight with my PowerBook G4 freshly-updated to Mac OS X 10.5.0. I was bitten by the bug that caused all accounts to be demoted to Standard Users. Without my Mac OS X DVD and without access to the Internet (as I was at 35,000 feet on my way to Tokyo), I was able to break into OS X and elevate my permissions on the two accounts I had installed to Administrator-level users. (No, I will not divulge how to do this.) :rolleyes:

    If he's talking about remote access to the system, then he's wrong. Dead wrong. I've run scanners, sniffers, etc., on my OS X machines (and iPhone, just for good measure!), and there are no significant vectors of insecurity.

    If he's found something new, then great! Share it with Apple and get the problems resolved. Otherwise, **** and GBTW.

  10. wheelhot macrumors 68020

    Nov 23, 2007
    Haha, you got a point there :D, considering how bad Apple tarnished MS image, MS would take anything bad they can portray Apple with.
  11. dashiel macrumors 6502a

    Nov 12, 2003
    i don't. there were what, 20 million mac users in 2006/2007 and apple has increased market share since then, maybe as much as doubled it. then you take in to account that apple users are statistically more affluent; many windows boxes in the market are work machines that aren't connected to the net and/or have no intrinsic value (no bank numbers, no social security, etc...). finally take in to account there are way too many apple users think "more secure" means they don't have to do anything.

    so you have a large (though not a dominant market share) population of high-value targets, who aren't expecting to get attacked and it's supposedly fun and easy to do. that's like saying i'd rather hunt for a lion in africa than at the local zoo.
  12. rfruth macrumors regular


    Feb 5, 2007
    If some script kiddie knows the root password anything is possible -
  13. scaredpoet macrumors 604


    Apr 6, 2007

    One other "plus" for cracking a Mac: ever noticed that people with Macs like to brag about their uptime or about hw they leave their machines running for weeks? The stability inherent in the underpinnings of OS X means those computers stay on a lot longer than Windows machines. The same reasons that hackers like to find weaknesses in high availability servers makes Macs just as attractive: a stable platform to use as a "supernode" to marshall your millions of Windows zombie boxes and issue commands to your botnets.

    For this reason and others, I no longer buy the security-by-obscurity argument. There are compelling reasons for cracking a Mac, and even if their market share is small, they would be valuable assets in a botnet... if only they were so easy to crack.... :D
  14. dejo Moderator


    Staff Member

    Sep 2, 2004
    The Centennial State
    Assuming the root account has been enabled... (it's disabled by default, except on Mac OS X Server).
  15. Krevnik macrumors 68040


    Sep 8, 2003
    On top of what the other poster said:

    Elevation uses the user's password, so if they exploited to get user access on the machine, they still need to exploit to root, or crack the user's password (reasonable to assume the user is an admin on the box).

    To get on the box in the first place, services need to be enabled. Right now, the only port open on a normal install is the mDNS port. Thankfully, that service is sandboxed in 10.5, meaning it runs with near-zero permissions (really only getting read permissions to specific parts of the main drive).
  16. rfruth macrumors regular


    Feb 5, 2007
  17. Krevnik macrumors 68040


    Sep 8, 2003
    Huh, so your argument hinges on someone who /already has root access/ enabling the root account? Why in the world would they turn on the account they already have access to? Why not just do whatever they were going to do (trash the place, install malicious packages) right then while they had access and be done with it?
  18. rfruth macrumors regular


    Feb 5, 2007
    No my argument hinges on someone (the script kiddie) knowing more than the average user does yet you hear over & over again that OS X is safe and malware isn't a problem so no precautions are needed when the message should be that X is solid but the user needs to do their part (physical security important, port forwarding etc.)
  19. Krevnik macrumors 68040


    Sep 8, 2003
    Yet you linked to a KB article discussing how to enable root. A script kiddie who doesn't know your admin password (or already have root access) cannot use that to enable root on your system if they have user-level access.

    If they already have root access or your admin password, they can enable it, sure, but then again, they already have root access at that point and don't need to.
  20. Winni macrumors 68030


    Oct 15, 2008
    It's more lucrative to write an exploit for Windows. Over 900 million machines on the planet run Windows, and most of those machines are used in companies -> that's where the data is that you want to steal, that's where the money is, that's where high speed Internet connections for your bot nets are.

    I don't have a doubt that OS X is easier to crack than Vista. Vista's got a bunch of new security layers especially designed to protect it from memory modifications that previous Windows versions didn't have.

    But who has says that there are no successful exploits already out there and being used? If it comes from a clever criminal mind, nobody would notice it. Those guys want to come back anytime they want, and they want to stay in control over your system for whatever reason. They're no script kiddies who only want to wreck havoc.

    Most Mac users live in a dangerously false sense of security and pride themselves because of their ah-so-secure system. Well, we have a saying in Germany: "Hochmut kommt vor dem Fall" - Pride/Arrogance comes before the fall.
  21. nagromme macrumors G5


    May 2, 2002
    Definitely more lucrative. But criminals don't attack ONLY the #1 MOST lucrative target. They attack any lucrative target they can. That's why convenience stores get robbed, not just banks. That's why malware attacks multiple different versions of Windows, not just the most-installed. (Not to mention Linux.) And plenty of educational institutions, scientific and government projects, and large media companies have lots of Macs worth attacking. Macs are a smaller target, and that's a very good reason to use a Mac... but they ARE still a target.

    Correction: there are plenty of script kiddies who WANT to wreak havoc on Mac... they just haven't been able to. The world is filled with millions of sad, angry kids, many of which "hate" Macs for whatever 1990s reason peer pressure has drilled into them.

    You're right, there could, by some chance, be only ONE type of Mac exploiter: ones that stay secret and undetected and attack very few targets, carefully chosen. But the world has a LOT of people in it, and it's far more likely that the Mac's would-be attackers include the full spectrum, from those simply seeking prestige (which a Mac exploit offers better than Windows) to those seeking mass infection for botnets, to those seeking mass intrusion to harvest for identity theft.

    Meanwhile, there are two very different things people talk about, and it's important to acknowledge the difference:

    1. An individual person breaking into an individual Mac (either sitting there in person or remotely). Of course individual Macs HAVE been successfully attacked, by methods that start with guessing the password and work their way up to more sophisticated methods.

    2. Mass attacks that spread through the Internet: malware. Viruses and worms. These are what most users REALLY worry about, because one person can attack thousands of machines at a time instead of just one. There has NEVER been a successful virus or worm on Mac. There have been a couple of failures (they required lots of user help and only affected specific non-standard Mac installs--like the iChat worm a couple years back) and a couple lab experiments.

    So while no OS is perfect, or will ever be--and while BOTH Vista and OS X have specific security advantages that the other lacks--the reality remains that you are safer on OS X.

    I doubt that will change: someday OS X will probably have its first real-world virus or worm. (I keep waiting--it's been about 8 years now.) It will then have ONE. And it will be quickly known, and patched by the community within hours and then by Apple within days.

    Then there are Trojans--but no platform is ever protected from them, because a Trojan is simply a lie. Make a useful program to wipe the user's hard drive before they sell the computer. Call it "HD Eraser" and charge $5 and it's legitimate software. Call the same thing "System Accelerator" and it's a destructive lie. Make it do TWO things, one useful and one not, and it's still a destructive lie. A Trojan horse.

    As for individuals personally hacking into your machine--yes, that's a possibility on any platform, and lets all hope that Windows and Mac alike keep squashing bugs and patching flaws. Because every OS had flaws, and always will.

    So the reasons why Macs are safer are complex--it's not just design, it's not just obscurity--both help. And it's NOT perfect safety--and I've never seen a Mac user claim it was. (Though I often see Windows users CLAIM that Mac users claim that. Funny.) It is, however an imperfect safety (which is the best we can have in this world) that leaves you better off than Windows users. For the last 8 years and still today.

    (And better off doesn't just mean free from attack, it means free from spending time, effort or money defending your machine, and bogging it down with constantly-running, constantly-updating anti-malware apps. The single thing I hate most about running Windows is the anti-malware updaters always chugging away when I wake the system.)

    Meanwhile, neither OS is sitting still... but Apple is advancing faster, and with Snow Leopard their OS is getting leaner, more efficient, less code-bloated and less legacy-burdened. These are all good things for security, and good things for making flaws easier to fix when found. And they are all the opposite of the legacy-plagued massive code-base that is Windows, driven by thousands of programmers and layers of managers. I don't see much future reason to predict OS X will get worse relative to Windows.

    P.S. ... Which brings to mind one amusing common argument for choosing Windows: the situation could reverse someday! Macs could one day have numerous mass attacks and need multiple anti-malware apps, while Windows users might all run lean and safe. Seems unlikely, but we can't see the future! Granted. So some people suggest staying with the less safe OS.... just to be on the safe side :D
  22. MisterMe macrumors G4


    Jul 17, 2002
    You are ignoring valid points already made in this thread. The vast majority of Windows computers in business are used by wage slaves. They have no critical data on them unless you think that secretaries' high scores in Solitaire is mission-critical data.
    Vista is a tiny portion of the installed base and most certainly an even smaller portion of the mission-critical installed base. That said, you don't get away with the assertion about what you doubt or don't doubt. What you believe is irrelevant. There are zero exploits of MacOS X. You can't get less than zero.
    Wild speculation is not an argument.
    How many years have you people been saying this now? I'm waiting.
  23. rfruth macrumors regular


    Feb 5, 2007
    Not too long ago I was a wage slave & there was lots of juicy docs, spreadsheets e-mails etc. on my & others (XP) computers - what really gets me are comments like there are zero exploits of Mac OS X - what are you people smoking and where can I get some ?!
  24. jayducharme macrumors 68040


    Jun 22, 2006
    The thick of it
    So in other words, the author's premise is possibly valid, but only until Snow Leopard comes out? Why didn't the author publish this sooner, when Leopard was released, so that Apple could fix the flaws he found?
  25. IJ Reilly macrumors P6

    IJ Reilly

    Jul 16, 2002
    We're getting it from Apple, and you can get as much of it for yourself as you like from the same connection. I'm sure you can arrange a back-alley meeting if would make you feel like it's illicit. ;)

    This has already been explained in detail above, but all of the OSX exploits demonstrated thus far have been essentially theoretical, meaning they haven't been packaged into deliverable viruses or worms. It has always been a source of amusement to me how Windows geeks can insist that the theoretical ability to exploit OSX outweighs the very real ability to exploit Windows. And they say Mac owners live in a fool's paradise.

Share This Page