iPhones-Macintosh computers become apples of hackers' eyes

[Nipun Mohta]

LAS VEGAS: Security specialists said that hackers are taking increasing aim at iPhones and Macintosh computers as the hot-selling Apple devices gain popularity worldwide.

Hackers have historically focused devious efforts on computers using Windows operating systems because the Microsoft software has more than 90 percent of the global market, promising evil-doers a wealth of targets.

Macintosh computers have been gaining market share and catching the interest of hackers, according to Zero Day Initiative (ZDI) security vulnerability analyst Cameron Hotchkies.

"There are more eyes looking over Apple products for vulnerabilities," Hotchkies told AFP at a notorious annual DefCon gathering of hackers in Las Vegas.

"It has slowly been growing as a target people are more and more interested in."

Hotchkies specializes in Apple software as part of a ZDI team devoted to scrutinizing programming holes and crafting "patches" to prevent hackers from exploiting weaknesses.

More than a thousand people crammed into his DefCon talk about hacking Apple software. He was peppered with technical questions at the close of the session.

"There are a lot more people getting into it and really getting their hands dirty," said Hotchkies, who noted an obvious spike this year in the number of DefCon attendees toting Macintosh laptops.

"I've been seeing a lot of reverse engineering on the Apple platform."

Part of the reason for increased popularity of Macintosh computers is that Apple has made the machines friendlier to running programs popular on Windows-based machines.

Hackers experienced with attacking Windows programs can apply some of their know-how to software modified to run on Macintosh computers.

Developers that re-craft Windows programs for Macintosh systems might not be adept at building security components on the latest Leopard operating system used in Apple machines.

"Windows developers take their code and make it work on Apple," Hotchkies said. "They could take potential vulnerabilities with them or possibly create new ones because they are working on an entirely different platform."

Apple's Safari operating system is the basis for internet browsing using iPhones, which are basically handheld mini-computers with telephone, music, and video viewing capabilities.

It took about a month for someone to hack a first-generation iPhone after its release, but an iPhone 3G was cracked within hours of the start of sales in July.

The hack is crowned a "jail break" because it liberates iPhone models from the shackles of deals Apple has with telecom giants providing exclusive service to the devices in varying countries.

"It shows people are getting proficient at analyzing Apple software," Hotchkies said.

"There are people looking at the iPhone. We pass vulnerabilities on to vendors, and when I communicate with Apple the first thing they ask is if we've tested it on the iPhone. They don't want to be surprised."

Apple engineers are also addressing "legacy issues," protecting old software from new threats, according to Hotchkies.

Source : http://economictimes.indiatimes.com/Infote...how/3349318.cms

[tsupersonic]

The Mac and iPhone are going to become targeted as the userbase gets larger and larger. It's not a question of if, but when...

[Flae_qui]

now worry... Apple products are better at protecting viruses and such LOL... all i can say is "you asked for it apple"

[Menge]

it was bound to happen sooner or later. i just hope that Apple can stand the heat when it comes (for my own sake)

[Beastage]

A self replicating worm that can spread through holes in various osx version will be catastrophic , remember the Blaster worm?

[Gary2MBz]

I hope they could take it better than the DNS exploit cause that was just silly the way they could not fully patch it.

[shadowmatt]

Apple's Safari operating system

For a bunch of experts I would expect them to know Safari is the web browser, OSX is the OS. But then again this is old news, OSX can be hacked, any OS can.

The jailbreak is not so much a security hack, rather than emulating the iTunes process and the later ones to unlock the baseband. The DevTeam are not hackers, they are a development team who are trying to open up the iPhone to new markets, applications and all sorts of other goodies.

[instant.human]

so what? we were safe for quite some time, the userbase gets larger, we are an aim for hackers, thats life, learn how to protect your computer and dont worrie. =)

m2c

[Shadrack]

Anti-virus makers rejoice.

[techbeck]

Wow, took me an hour to stop laughing my ass off. I hope iPones and Macs get hacked like crazy. It would make all these arrogant egotistical fanboys shut up finally.

[PyX]

Finally, it'll only make Macs and iPhones more secure.

They already hired a security engineer for the iPhone (which I think was an ex-hacker) and it is said that Snow Leopard will contain a bunch of new security features.

It's good news IMO, because Macs have too rarely been tested. I can't wait to see how my machine performs :p

[Simon Veteran]

It will be interesting to see if OS X can hold up against viruses better than Windows can. Many people think Windows has a lot of vulnerabilities, but it's also the only OS that's been targeted on a large scale. With OS X gaining market share, we'll see more of a balance. But the real question, a question many people have been asking for years, is whether or not UNIX-based systems are as stable and secure as they're considered to be.

I personally think that OS X is more secure than Windows, but not because Apple made it. Look at what it's based on. UNIX has been around for a long time, it has always been used quite commonly for servers, and increasingly is being used for desktop (counting Linux as UNIX, as well). If it wasn't a target before OS X came around, I'd be very surprised.

However, Apple has more than UNIX under it. Many other services aren't as commonly used, and I think they will become the targets. Safari has proven in the past to be quite vulnerable in some situations, who knows what else could let an unwanted pest onto your PC. But Apple has also learned from Microsoft's mistakes in the past. I'd say anyone who is willing to defend Vista for its added security features would be stupid to say OS X is probably more insecure. UAC is the same as granting administrator privileges, OS X has protected memory, and encryption is also included. I don't think OS X users will ever need to worry more about security than Windows users do, simply because an OS distributor such as Apple would be idiots if they didn't take on the same security measures Microsoft does. Besides, Apple will never have more market share than Microsoft unless OS X is opened up to computers other than ones Apple make themselves; if OS X gets more market share than Windows in its current form, the market will become very unhealthy. Do you want to see 50% of the world with an Apple logo on it?

So, I guess you could say I'm not worried. The only thing that this will do is fork out the hackery a little bit. Where there could have been a Windows vulnerability, there is now a Mac one, because the hackers are spreading themselves out more. And in the end, this will just benefit everyone: critical exploits seem to be found more frequently by security firms who will keep it protected and hand the information directly to Apple or Microsoft, than guys sitting in their basements hacking away, and Apple learns from Microsoft while Microsoft learns from Apple. Security is a mutual goal for everyone (except those working to find problems).

Oh, and by the time Apple gets a significant amount of market share, I don't think security will be much of a worry to anyone. Software in the last five years is significantly more secure than software in the 5 years prior. We're learning, and it's only a matter of time before we get pretty close to perfect, and I'm sure perfect is possible.

[PL_ Veteran]

With the bases being so similar, I hope BSD (and in turn, Linux) doesn't become targeted.

Apple's Safari operating system

:|

[dyn]

I hope they could take it better than the DNS exploit cause that was just silly the way they could not fully patch it.

They know a lot more about DNS than you do apparently ;)

DNS is one big exploit since it doesn't have any form of security whatsoever. The patch released by any of the big DNS vendors will not patch fully: not now and not in the future since it's a design flaw of the DNS protocol. You might want to read more on DNS and on this particular DNS exploit. Dan Kaminsky has more information on this subject on his site www.doxpara.com. If you want to fix this form of exploits (there are a lot of ways to exploit this bug and the patch only covers 1 of them) the best thing you can do is redesign DNS and the second best thing is implement DNSSEC.

Please do some homework before making accusations/assumptions because that looks really silly.

The JailBreak hack is a hack, not a security exploit. Also there are a lot more things that define security than just marketshare alone. Security is a set of measures not just one measure! As long as Apple cooperates and fixes the reported security issues than there's nothing to be really worried about. If there are fundamental security flaws (part of the security model used in the OS flaws) than one should be worried. OS X uses UNIX as it's core which comes with a lot of security stuff Windows doesn't have or hasn't implemented fully. Those things can actually make a big difference. However, there simply is no OS in the world with 0 security (related) problems: every OS has security (related) problems. It's more about how the OS and the OS-maker handle these security (related) problems.

It will be interesting to see if OS X can hold up against viruses better than Windows can. Many people think Windows has a lot of vulnerabilities, but it's also the only OS that's been targeted on a large scale. With OS X gaining market share, we'll see more of a balance. But the real question, a question many people have been asking for years, is whether or not UNIX-based systems are as stable and secure as they're considered to be.

Webservers mostly run Linux. Webservers are the most targeted systems on the planet so Windows really is not the only OS which has been targeted on a large scale. I think UNIX systems over the years have proven to be stable and secure. Most of the targeted systems for a hack actually are UNIX or UNIX-like systems. Corporations like banks and such mostly only use such systems so it's more lucrative to hack those systems than some Windows server in a small company.

However, Apple has more than UNIX under it.

I think this might indeed become more of a problem than the UNIX it's based on. Time will tell.

Edited August 11, 2008 by dyn