Mac hacking competition winner mocks Apple security

Mac hacking competition winner mocks Apple security

Summary: It took the winner of the 'rm-my-mac' competition 30 minutes to gain root control of a Mac Mini using an unpatched OSX exploit

TOPICS: Hardware

Gaining root access to a Mac is "easy pickings", according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.

On 22 February, the Sweden-based Mac enthusiast set up his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

Participants were given local client access to the target computer and invited to try their luck.

Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later, this poor little Mac was owned, and this page got defaced."

The hacker who won the challenge, who asked ZDNet UK sister site ZDNet Australia to identify him only as Gwerdna, said he gained root control of the Mac in less than 30 minutes.

"It probably took about 20 or 30 minutes to get root on the box. Initially, I tried looking around the box for certain misconfigurations and other obvious things, but then I decided to use some unpublished exploits — of which there are a lot for Mac OS X," Gwerdna told ZDNet Australia.

According to Gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.

"The rm-my-mac challenge was set up similar to how you would have a Mac acting as a server — with various remote services running and local access to users... There are various Mac OS X-hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access. There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches — good examples for Linux are the PaX patch and the Grsecurity patches. They provide numerous hardening options on the system and implement nonexecutable memory, which prevent memory-based corruption exploits," Gwerdna said.

Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.

"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," Gwerdna added.

OS X has come under fire in recent weeks with the appearance of two pieces of malware and a number of serious security flaws, which have since been patched by the Mac maker.

In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.

"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common Unix platforms... If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," Archibald said at the time.

An Apple Australia representative said on Monday that the company was unable to comment at this stage. Representatives at Apple's Cupertino, California, headquarters could not be reached for comment.

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.

Topic: Hardware

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Very, very misleading title. A login shell was given to all hackers to start them off. That is not the same as just putting the machine on the net like the title, description and firt few paragraphs imply.

    Shame, Munir, for stooping to either 1) yellow journalism or 2) shilling for Bill.

    Editors, you should have caught this one. The even is worth covering, but it damages ZDNet's credibility to come up with such wildly incorrect titles and summaries.
  • This is rubbish! There were many easy ways for this Mac Mini to be hacked beacuse BASIC security measures on all macs were turned off or bypassed.
    More info on why this is a rubbish test
    <a href=""></a>
  • Half an hour, as opposed to the five minutes it would take on a PC. Ofcourse the little noob hacker would be able to take it out. The mac mini was not designed or set up with the security mac makes for it's servers to protect your files.

    THe hacker is a scumbag who thinks too highly of himself.
  • I would suggest that this so-called hacker take a look at this site instead:

    You can make up any excuses you like, but if you hack this truly proper test, then I would consider you pretty l33t ..anyone can hack a machine when they already have an account. Is this exploit important? Sure, any security vulnerability is a problem. But will my grandma care? No - she doesn't even know how to give accounts out to people.
  • this is a funny story,

    Heres the keys to my house
    see if you can break in..
    sad sad sad..
  • This article is BS, <>
  • I've asked the owner of the server to post the system logs and root shell history. Apparently he won't. These entries, among others, should tell us how and when the system was compromised.

    Until he produces those logs, his assertion that the system was compromised is fraudulent.
  • This "test" was pointless. Participants were given local client access. They were already "in" the computer! That is not a test of server security. How long would it take a hacker to gain access of any operating system if they were given client access? Not very long. A new test has been started that challenges hackers to actually break into a server running OSX. Here is the URL. Will you run the story? Probably not but I thought I would tell you about it anway.
  • The kid has a point, I would seriously like to see any of you gaining root access with or without a user account on a HP-UX server....
  • Yet another steaming triple coil by ZD and their handlers at MS.

    Microsoft can't fix their own pile of shit OS, so they are trying to pull OS-X into their cesspool to make them look like shit as well.

    The thinking class isn't deceived but the usual morons in the media and blindingly stupid Windows users will feel better and swallow this turd whole as usual.
  • OS X Hacked In Under 7 Minutes...
  • There you go another Windows drone too stupid to recognize a spoof when it hits em in the head.

    The only insecurity associated with OS-X is the fear and terror the competition feels at it's superiority in every way. That's why there is this concerted effort to make OS-X look look like (Windows) crap, even if the supposed breaches, worms and viruses are all vapourware and lies. If you bothered to investigate you'd already know this, just as Mac users know.

    Nobody ever went wrong by underestimated the gullibility or stupidity of Americans. Microsoft plays them like the moronic drones they are and has done so continuously for decades. Hey pretty soon Microsoft will release a vapourware security program to content with the vapourware malware stories they are hyping / inventing for OS-X. They'll sell it to Windrones to protect against this new threat so all Mac users can then be safe.
  • Some "IT of Course" (what an ass wipe) posted a link to the story about OSX being hacked in 7 minutes...It's a spoof you moron. Read the comments. The rabid Windows zealots are in their usual rare form. The same shit i have been listening to for years from "IT of course" guys. Something very odd is going on here. We'll see what happens with the real test. I somehow think if it happens it won't be as easy as 30 minutes. This test is set up on a Mac MINI & isn't even as secure as a home system according to the article that accompanies it. Maybe Munir Kotadia could take a shot at it since you should be some kind of expert when you write these kinds articles. This seems like nothing short of a smear campaign. Is OSX perfect. Nope. It's a hell of a lot more secure than the present state of Windows.
  • sigh... yes of course we all know that no computer is perfectly secure. But jezz guys this you really let the side down on this one. About the only thing breached in this article is ZDNet's credibility. You need to give your editors a rocket for puting deadlines and attention grabbing headlines ahead of allowing you the time to research your article.
  • It's finally coming out that Macs are complete
    shit. Just deal with it you morons. Mac has always been third-rate.
  • I have used Windows all my life, and as much as i have a distaste for Microsoft, and there shotty work in the past, they have done a good job with xp, compared to linux and every other OS. I believe XP has provided a good amount of credability. Although i am looking to learn linux and stick with it.

    One thing, you mate are an idiot, 5 min to hack a PC, good luck with my setup. Nothings perfect but you think you can hack a PC protected by a third party firewall in 5 min goodluck, basically you don't know what firewall i use. It's even funnier because you are having ago at crazy unsubstantiated comments by taking a swipe at windows with the same type of comments. Good one.

    Face it MAC finatics your OS is NOT propular enough to warrent the effort to write something for them, why would anyone bother, as much as this test was crap, the fact that there is not enough market share to warrent and decent attention.

    In my opinion MAC's suck, Linux Rules, Mirosoft is OK. I know MAC's are based on linux, but Mac's will end up the same as microsoft if they had the same market share.
  • I cannot take anyone's opinion seriously if they don't know that OS X is a derivative of FreeBSD and *not* Linux.
  • Jeez. Maybe one day I will do the same thing with my computer. It is a compaq labtop with XP home edition. I have just my account but I could enable the guest account for hackers to try their luck. I have taken special measures to secure my computer from hackers and did research and tried to hack my own computer for the sake of testing my security. I think that only a hacker that is both supreme and has staked my computer out for a long time could hack my computer in a half hour. Yet, a couple years ago I had used an Apple with OS 9 I found ways to hack it when I used it for a long time. I also had a very hard time figurung out how I could protect my Apple further. I found no popular software for hacker protection for my Apple. All in all I think that if there was more than one Apple for every 20 windows machines Apple would be screwed.