”Like stealing candy from a baby” according to the winner of the latest “Hack A Mac” Challenge, who also exposed a new Mac flaw, gained access to a secure Mac, and planted another new virus on Mac OS X.
Hot on the heels of a successful Mac hacking challenge in February, on March 5th it happened again.
A new day, a new Mac security exploit, and another new virus. When will it end? When will Apple respond? Is Windows truly more secure than Linux or Mac OS X?
On Sunday, a Dubai-based Mac enthusiast set up a brand new Mac mini as a server to test Mac OS X’s vaunted reputation as a secure operating system.
By way of email, hackers were invited to attempt to break into the Mac mini, gain root control, change and delete files, and deface a web page target.
Within 30 minutes after the competition began, it was over. The winner was a French Mac user who defaced the Mac mini’s web page with this text: “Macs suck. This little Mac could not keep the ports closed.”
For privacy reasons, the hacker who won the Dubai Open Port Challenge can only be identfied as “niessuhmij.” In an exclusive email interview with Mac360, “niessuhmij” said he was able to crack into the Mac mini in less than 7 minutes.
He said, “Macs are easy to crack. I would have been able to break in faster, but I got a call on my cell…”
Mac OS X has long been considered a very secure operating system, though increasingly under attack by hackers and journalists, both looking to claim a reputation in the technology community.
“Once I got in, and that only took two minutes, I had to look around for some obvious, unpublished, highly secret exploits. There are hundreds, maybe thousands for Mac OS X, “niessuhmij” told Mac360.
Apple’s Mac OS X operating system has come under fire in the past few weeks as multiple viruses and worms have appeared that affect serious security flaws which remain unpatched.
“Hacking Mac OS X is like taking candy from a sleeping baby,” “niessuhmij” said. In addition to hacking the Mac in record time, “niessuhmij” also planted yet another Mac another virus using a new and potentially fatal exploit in the flawed operating system.
Apparently, even root access isn’t necessary to plant a virus in Mac OS X, as “niessuhmij” utilized a technique known only to Federal Bureau of Investigation paranormal experts, NSA security experts, and University of Alabama, Birmingham IT students. This exploit places a dangerous virus in the Mac’s StartUpItems folder.
When the Mac is rebooted, it automatically runs the virus, and bypasses all popular security tools such as Norton, Virex, and Sophos.
Why has the Mac suddenly become a target for viruses, worms, hackers? Market share. The Mac’s market share has increased from 3-percent to approximately 4-percent of all PCs sold in the US.
“The critical turning point for hacker attacks is 4-percent market share,” said technology writer Munir Kotadia, an intern for ZDNet Australia.
Security researcher Archibald Neilsen told Mac360 that he has been credited with finding numerious vulnerabilities in Mac OS X, and knows many more which could be used and exploited by hackers.
“The most dangerous expolit is called the “me-know-root” vulnerability,” said Neilsen. Basically, a Mac user turns on root access, and publishes the login ID and password on a web page.
“Not many people know that a Mac can be hacked that easily,” said Robert Wagner, a senior vice president in Gartner’s security group. Graham “Les” Cluley, a security consultant at anti-virus firm Sophos, said, “Mac owners are shellshocked at this news.”
Is it true that Mac OS X is no longer a secure operating system? Mac users everywhere are being cautioned that more exploits are on the way. Apple vice president, Phil Schiller, is quoted by an anonymous source who reads CNet News as saying, “The only secure Mac is turned off.” He urged Mac users everywhere to unplug their Macs.
The original challenge was sponsored by the Dubai Port Authority which set up the Mac mini, and provided contestants with login IDs and passwords, which is a common practice with security challenges.