By Munir Kotadia, 7 March 2006 09:00
NEWS
Gaining root access to a Mac is "easy pickings", according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.
On 22 February, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.
Participants were given local client access to the target computer and invited to try their luck.
Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his website: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".
The hacker that won the challenge, who asked silicon.com sister site ZDNet Australia to identify him only as "gwerdna", said he gained root control of the Mac in less than 30 minutes.
He said: "It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits - of which there are a lot for Mac OS X."
According to gwerdna, the hacked Mac could have been better protected but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.
He said OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system: "Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders."
Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by the Mac maker.
In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, said he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.
He said: "The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common Unix platforms. If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems."
An Apple Australia spokeswoman said today the company was unable to comment at this stage.
Munir Kotadia writes for ZDNet Australia
Comments
There are 4 comments. Join the discussion
1. Michael Parker
By giving the hackers a local access account which could be accessed using SSH you are effectively putting them in front of the machine which makes such a task much easier.
The machine wasn't hacked from the outside by just being on the internet, it was effectively hacked from within, by someone who was allowed to have a local account on the box - which just isn't a situation which is going to happen in the real world, so the competition was quite daft from that point of view.
You might like to note that a new OS X hacker competition has been launched by the University of Wisconsin. The challenge is to deface a web page set up on mac which has two local accounts, ssh and http open (more than most macs have), but hackers are not given an account like the previous competition did.
It will be very interesting to see if anyone manages to hack this mac, which has a much closer to real-life setup.
Now i wonder what would happen if you set up a windows PC in a similar configuration and invited hackers to have a go at it!
2. Graham Coles
Not a very informative article.
Firstly, there are no viruses on macs, the two 'viruses' referred to are trojans that need to ask permission to be installed on the system!
And as far as being hacked in 30 minutes, yes, there are vulnerabilities with OS X, but if you are stupid enough to give attackers ssh access to local accounts on your machine, you're defeating over 90% of your security before you even start.
Most competent people who set up computer systems on the net only give local access to people who should have it. Attackers normally have to gain access to the system themselves.
An alternative test lasted 38 hours without a breach (http://test.doit.wisc.edu/). Guess what, default configuration but no local accounts created for hackers ... funny what a difference that makes.
3. anonymous
So, we'll be looking for someone called Andrew with a surname beginning with "G" then?
4. anonymous
I agree with the other comments.
This alleged 'hack' would better be described as a *local* privilege escalation exploit.
£10 says the guy couldn't gain root without having been already given access.
Theres a lesson here, Don't give accounts on your box to hackers. doh.
shrug...