Mac OS X hacked under 30 minutes

Mac OS X hacked under 30 minutes

Summary: Mac OS X hacked in less than 30 minutes

SHARE:
update Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.

On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

Participants were given local client access to the target computer and invited to try their luck.

Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".

The hacker that won the challenge, who asked ZDNet Australia to identify him only as "gwerdna", said he gained root control of the Mac in less than 30 minutes.

"It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .

According to gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.

"The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server -- with various remote services running and local access to users... There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access.

"There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches -- good examples for Linux are the PaX patch and the grsecurity patches. They provide numerous hardening options on the system, and implement non-executable memory, which prevent memory based corruption exploits," said gwerdna.

Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.

"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," added gwerdna.

Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by the Mac maker.

In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia  that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.

"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.... If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," said Archibald at the time.

An Apple Australia spokeswoman said today it was unable to comment at this stage.

Topics: Apple, Hardware, Operating Systems, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

209 comments
Log in or register to join the discussion
  • Ya have a problem

    first off , why compare apples with pears hmm , this had nothing too do ms oparting system , but the Mac OS it self , if that is ya arguement for a belief in an OS , then with all due respects , ya avioding the main issue , and living on another planet .

    P.S take a holiday will ya !
    anonymous
  • OSX Insecure? Codswallops I say.

    Interesting accusation indeed. However one requires experience when dealing with the delicate spices of OSX security configurations.

    The attacker was able to have his way with this system because the end user logged the attacker in as god.

    It's all about education and luckily most Mac end users are quite computer savvy. We still have a long way to go as a community, education should be a key focus. A good place to start is a Mac Users Society.

    Remember MAC = beautiful AND awesome AND fast.

    Thanks,
    Melony
    anonymous
  • GET REAL

    Oh Man! Is this guy a total n3wb or what! Everyone knows this issue was patched last year at Bl4ckHat 2004. It was just a simple offset calcuation fix in the virtual table kernel pool. Not even critical.

    Looks to me like the OSX haters are at it again. Please give up i'm starting to feel sorry for you.

    PEACE OUT OSX4LIFE
    anonymous
  • Thanks for posting that story

    Just a quick note to say that I appreciate this story.

    Also, the idiots page on that site is haliourious, I hope to see some new comments up there once this story is more read!
    anonymous
  • Of course there are going to be vulnerabilities..

    Last time I checked operating systems, like every other piece of software is written by humans? That in itself guarantee's security vulnerabilities. To suggest mac osx is secure or more secure then any other main stream end user os is just fanboyism at it's best.

    ALL MAINSTREAM END USER OS's have security vulnerabilities.. regardless of who makes them.

    WAKE UP!
    anonymous
  • is this journalism?

    so ... an anonymous hacker, by unanounced means, has hacked os x by way of an unpublished and unidentified security hole.

    did he also see elvis?
    anonymous
  • ZD Net is a paid Microsoft site

    Both CNET and ZDNet are paid by Microsoft (e.g. for advertising, etc...) Every article they post about Apple are so biased. Check their past articles and decide for yourself.
    anonymous
  • A shrink might help you

    With comments like that , one has to think ya not very computer savvy just maybe a newbie , but don't worry . there's a shrink in ya local area , look then up .
    anonymous
  • some clarifications:

    from the website:
    "That's why I set up an LDAP server and linked it to the Macs naming and authentication services, to let people add their own account to this machine."

    and furthermore:
    "This is the place you add yourself an account on my Mac.

    To log in, simply SSH to rm-my-Mac.WideOpenBSD.ORG using the name and password you've choosen. It might take a while to log in as SSH is started from inetd and needs to generate keys upon startup.
    Username:
    Password: (pick a secure one)"

    let me get this right, he actually enables everybody to add his own home account? and gives them ssh access to his machine? and then he wonders that it is insecure?

    i dont know what to say...

    other that any normal mac user doesnt have to worry because that's such a stupid, non standard configuraation that it will never happen on their machine.
    ++ chris
    anonymous
  • What a fake..

    "hacked mac os x".. wake up people, what version was it? 10.0? the beta? or was it 10.4.3? who is outdated anyway..

    You guys have to bring in a bit more prove to say OS X is hacked.. sry lol.
    anonymous
  • agreed

    I believe people take too much for granted these days, like the virus issue.. to assume a mac is virus proof makes you an idiot. Why would anyone make a virus to attack 5% of the community, M$ has a larger userbase, so it's more likely to have viruses and "hackers" exploit the weaknesses of the majority used brand than the 2nd rate brands.

    I myself use Windows XP, and I find OS X primative personally, and this is coming from a professional software engineer, Apple has it's ups and downs just like Windows and *nix. It's not a fact of which is better but a fact of personal prefs, all operating systems have a weakness so please get off your anti-microsoft bandwagon and accept the facts!
    anonymous
  • No operating system can be secure

    No operating system can be secure unless you seriously cripple its functionality and API's.

    That being said, while there is no doubt OSX is very secure as opposed to, for example, Windows, the problem with OSX is that Apple is secretive about security issues; so it does not benefit from the openness of open source operating systems, like Linux (and this is regardless of OSX being based on BSD), nor does it have the punishing experience that Microsoft had to endure to get their act together and focus on its security issues (and, over time, be a bit more "forthcoming" about their efforts).

    So the question regarding the security of OSX is a matter of trust: Do you trust Apple or do you not? Security by obscurity only masks the underlying problem and, while in the short term, it may show to be somewhat effective, in the long run that effectiveness is almost negligible. And, ultimately, by keeping security matters quiet, Apple will be at their own discretion to put their efforts into what they deem is of most benefit to themselves, which does not necessarily mean to the benefit to the Apple community.

    And, finally, to point out to some of the more assertive comments on this board of virulent nature, bear in mind that the security issue with OSX is irrespective of whether OSX is a good operating system or the quality of Apple hardware. It should be in _your_ interest to be actively participating in these matters, rather than taking on a defensive and dismissive attitude (ie. "OSX rules, it is the most secure, you are just making this stuff up, stop saying bad things about Apple, nothing to see move along. w00t").
    anonymous
  • Pathetic

    How absolutely pathetic is this? Just give it a rest, you dont go off your tits every time microsoft has a small flaw.
    anonymous
  • See what I mean?

    See what I mean?
    anonymous
  • You have to be kidding !

    ~ When did apple say mac's are virus proof ?!?
    ~ Why make a virus in the first place ? - To be a little arse, like most window users are....(Well you any ways) !
    ~ "2nd rate brand" - Just because M$ has more users doesn't mean its a better 'brand' ! More like its cheaper !
    ~ So simplicity is "primitive" - I would hate to have your life !
    ~ The facts the apple fixes it "security flaws" within a matter of weeks, is what counts !
    ~ "professional software engineer" - You like to talk yourself up don't you... loser !
    anonymous
  • osx IS secure

    It's common knowledge that macos is the most secure operating system currently found on public networks. (Probably also the most secure operating system in classified environments - I think the NSA and CIA run macosx).

    To suggest that the Apple API requires crippling is fanciful at best. Among expert programmers the Apple API is regarded as rock solid and 94.86% total secure. It's closest competitor is OpenBSD which is around 89.52% internet secure according to popular calculations. The main reason the Apple API is so secure is due to the fact that the administator must login using a secure password before any sensitive (red-zone) memory can be accessed by the API. It's simple but beautiful at the same time.

    I think everyone can agree that OSX is much more secure then Windows. Just look at it's track record - no serious viruses at all. All we have seen so far are experimental prototypes developed by the worlds best virus crackers (Like KF). These viruses do not work at all in a real world environment. I think this is mostly due to the superior design choices the Apple Operating System decided to implement that just don't feature in other Operating Systems. Think non-infectable executable file format, PROTECTED MEMORY, secure file permissions (you can turn off the execute bit on all viruses), and much more. What really impresses me is how Apple managed to create such a rock solid and secure operating system but have time to make it so pretty aswell! Amazing!

    I completely trust Apple %100. What reason would I have not too? They have always kept their consumers best interests as the number one priority. The thing is Apple have designed macosx to be secure from the get go, they have nothing to hide. And besides they have released the complete source code for their operating system. This alone should prove that Apple have nothing to hide - no other company is confident enough to do this. I think this really makes MS jealous hence the zdnet articles.

    Mac users speak up about the operating system, because as mac users, we know we have the most god damn secure operating system on the planet, from first hand experience. Apple already thought about our interests when it designed the operating system as far as security concerns go.

    BTW there is nothing wrong with expressing pride in your choosen operating system providing it's the winning side (macos). Nobody is being defensive or dismissive, we just like to point out the facts as many Microsoft users are not familiar with reality.


    God Bless America
    anonymous
  • idiots?!

    did anyone see the idiots page on that website??????

    it looks perfectly reasonable, why would some moron put those things up???
    anonymous
  • ???

    I 'm not an Apple fanboy. In fact, I like Windows XP too, I just use OSX because Apple happens to sell the only 12" laptop that 's affordable for me. And yes, I think it 's good, maybe even better than Windows and a lot of Linux systems, but that depends entirely on what you want to do with it. I also never had any virus infections, malware or hacks while using Windows XP.

    That being said, I think this gwerdna person is trying to just get some press attention, and maybe discredit Apple because they 're selling proprietary software and making a profit off it while he 's at it.

    I 've seen the website. There 's no explanation whatsoever as to how this supposed takeover ever happened. Lesson number one in being credible: try to bring up at least some decent evidence.

    Other than that, he does have this machine configurated in a rather unusual way, to say the least.
    anonymous
  • MAC OS X hacked?

    I have been on Macs for years now and have no serious complaints about their products, including OS X, and I can't see myself ever going back to the MS world.

    I don't believe OS X is invulnerable and I am not complacent about security, but given the initial access level granted to the hackers for this 'challenge' their success can hardly be described as a real world threat. The only information the hackers should have been given was the IP address and the OS type. If they had hacked that at all, let alone in under 30 minutes, then I would be very concerned.

    Those who say that the only or main reason that OS X security has not been compromised yet is because of its small market share, should consider the kudos of being the first hacker to genuinely crack OS X. It would be instant fame. I bet that there are many dedicated hackers trying like buggery to crack OS X. I don't buy the small target and low interest explanation as the main reason OS X hasn't been cracked.

    There does seem to be an awful lot of Mac OS X security scare stories posted on this site, which then turn out to be just more FUD nonsense. Pity, because this site is otherwise a good source of info.
    anonymous
  • MAC OS X hacked?

    I have been on Macs for years now and have no serious complaints about their products, including OS X, and I can't see myself ever going back to the MS world.

    I don't believe OS X is invulnerable and I am not complacent about security, but given the initial access level granted to the hackers for this 'challenge' their success can hardly be described as a real world threat. The only information the hackers should have been given was the IP address and the OS type. If they had hacked that at all, let alone in under 30 minutes, then I would be very concerned.

    Those who say that the only or main reason that OS X security has not been compromised yet is because of its small market share, should consider the kudos of being the first hacker to genuinely crack OS X. It would be instant fame. I bet that there are many dedicated hackers trying like buggery to crack OS X. I don't buy the small target and low interest explanation as the main reason OS X hasn't been cracked.

    There does seem to be an awful lot of Mac OS X security scare stories posted on this site, which then turn out to be just more FUD nonsense. Pity, because this site is otherwise a good source of info.
    anonymous