Topic: Hacking a Mac is easy  (Read 1537 times)

0 Members and 1 Guest are viewing this topic.

Offline Javora

  • America for Americans first.
  • Commander
  • *
  • Posts: 3002
  • Gender: Male
Hacking a Mac is easy
« on: March 06, 2006, 03:40:15 pm »
Looks like the Mac OS is no longer the most secure OS in town.  In fact it only took 30 minutes for someone to gain root access to the Mac OS.  Jobs must be in his office having fits.   ;D  Here is the story and link:

http://news.com.com/Mac+OS+X+hacked+in+less+than+30+minutes/2100-1002_3-6046197.html?tag=nefd.top



Quote
Mac OS X hacked in less than 30 minutes
By Munir Kotadia
Special to CNET News.com

Published: March 6, 2006, 11:17 AM PST


Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.

On Feb. 22, the Sweden-based Mac enthusiast set up his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later, this poor little Mac was owned, and this page got defaced."

The hacker who won the challenge, who asked ZDNet Australia to identify him only as "Gwerdna," said he gained root control of the Mac in less than 30 minutes.

"It probably took about 20 or 30 minutes to get root on the box. Initially, I tried looking around the box for certain misconfigurations and other obvious things, but then I decided to use some unpublished exploits--of which there are a lot for Mac OS X," Gwerdna told ZDNet Australia.

According to Gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple Computer.

"The rm-my-mac challenge was set up similar to how you would have a Mac acting as a server--with various remote services running and local access to users...There are various Mac OS X-hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access. There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches--good examples for Linux are the PaX patch and the Grsecurity patches. They provide numerous hardening options on the system and implement nonexecutable memory, which prevent memory-based corruption exploits," Gwerdna said.

Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.

"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," Gwerdna added.

Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by the Mac maker.


In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.

"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common Unix platforms...If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," Archibald said at the time.

An Apple Australia representative said on Monday that the company was unable to comment at this stage. Representatives at Apple's Cupertino, Calif., headquarters could not be reached for comment.

Munir Kotadia of ZDNet Australia reported from Sydney.

Quote

Offline Death_Merchant

  • Commander
  • *
  • Posts: 3639
  • Gender: Male
Re: Hacking a Mac is easy
« Reply #1 on: March 07, 2006, 10:30:31 am »
What the article fails to mention: ssh was enabled and a webpage was set such that remote users could setup a local account.

This was a privilege escalation hack. Serious? Sure, but only if someone has physical access to the machine or was granted remote access.

FYI: ssh and almost all ports are off on MacOS X by default.
"In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move." - Douglas Adams (1952-2001)

Offline Javora

  • America for Americans first.
  • Commander
  • *
  • Posts: 3002
  • Gender: Male
Re: Hacking a Mac is easy
« Reply #2 on: March 07, 2006, 12:06:35 pm »
Wow I didn't know that either, thanks for pointing that out.   :thumbsup:

Offline Death_Merchant

  • Commander
  • *
  • Posts: 3639
  • Gender: Male
Re: Hacking a Mac is easy
« Reply #3 on: March 09, 2006, 11:53:30 am »
FYI: Dave Schroeder, a senior systems engineer at the University of Wisconsin, launched a Mac hack challenge after the misleading CNET article.

Details from Dave Schroeder on his Mac OS X Security Challenge, now discontinued (at the behest of his university):

  • The response has been very strong, and the test has illustrated its point.
  • Traffic to the host spiked at over 30 Mbps.
  • Most of the traffic, aside from casual web visitors, was web exploit scripts, ssh dictionary attacks, and scanning tools such as Nessus.
  • The machine was under intermittent DoS attack. During the two brief periods of denial of service, the host remained up.
  • The test machine was a Mac mini (PowerPC) running Mac OS X 10.4.5 with Security Update 2006-001, had two local accounts, and had ssh and http open with their default configurations.
  • There were no successful access attempts of any kind, including during the 38 hour duration of the test period, nor have there been any claims of success.
  • The site received almost a half a million requests via the web.
  • There were over 4000 login attempts via ssh.
  • The ipfw log grew at 40MB/hour and contains 6 million events logged.
  • Several social engineering attempts were received, including one purporting to be from the government of Sweden, which apparently uses GMail. ;-)
  • More test results and information may be published at a future date.
"In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move." - Douglas Adams (1952-2001)

Offline Bonk

  • Commodore
  • *
  • Posts: 13298
  • You don't have to live like a refugee.
Re: Hacking a Mac is easy
« Reply #4 on: March 09, 2006, 06:06:19 pm »
Yeah, but has apple figured out the floppy disk yet?  :P

After MacOS 7 I think they just gave up on it under the guise of obsolescence.

I wonder why there has never been a FreeBSD hacking challenge...  ;)

Offline Just plain old Punisher

  • Vice Admiral
  • *
  • Posts: 36927
  • Gender: Male
  • I'm not facist, I just like wearing jackboots
Re: Hacking a Mac is easy
« Reply #5 on: March 09, 2006, 07:08:07 pm »
What's a floppy disk?

"Sex is a lot like pizza.  If you're not careful you can blister your tongue". -Dracho

Offline Mr_Tricorder

  • 3D modeler /animator
  • Hot and Spicy
  • Lt. Commander
  • *
  • Posts: 1040
  • Gender: Male
  • Trekkie at Large
    • My myspace page
Re: Hacking a Mac is easy
« Reply #6 on: March 09, 2006, 08:05:20 pm »
What's a floppy disk?

Strong Bad can tell you all about floppy disks here http://www.homestarrunner.com/sbemail143.html

Offline Commander Maxillius

  • You did NOT just shoot that green sh-t at me?!?
  • Lt. Commander
  • *
  • Posts: 2299
  • Gender: Female
Re: Hacking a Mac is easy
« Reply #7 on: March 18, 2006, 12:13:40 pm »
floppy disk (noun, archaic (1975-1998)) 1. Removable data storage media containing 160 to 1440 kilobytes.  2. (for Macintosh users) see "coaster", "drink holder", "frisbee"
I was never here, you were never here, this conversation never took place, and you most certainly did not see me.