OSX Hacked in Under 30 Mins

[betasp]

Apparently they turned on SSH and allowed people to try to get in that way. Seems they used flaws in SSH to get in. Looks like someone left a door wide open and let a hacker walk in.

[mikeyj]

OSX Hacked in Under 30 Minutes

Source: ZDNet Australia

rm My Mac

This is exactly what I have been saying since day one, your OS is not secure just because no one cares to try and hack the few of them out there.

Discuss. Go.

:no: I must admit that i'm very reluctant to believe such an attempt was successful in such a short period of time with no substantial amount of information as to how it was accomplished.. I'm very reluctant to buy into this Mac hack theory. Give more info. :angry:

if i remember correctly did apple or some other organization offer some $$$ for whoever could hack OSX? if the hacker really did hack that mac mini shouldn't he be getting the $$$ by now?

He's not getting any $$$, because he probably has no proof that this actually occurred.

[Si Veteran]

Threads merged

[mikeyj]

Is this suppose to be new? We all know that all OSes have security vulnerabilites.

At least when hackers hack windows OSes, they usually have some sort of information detailing how they compromised the OS. With the mac mini hack, there appears to be no information leading to how they really accomplish such a hack.

[Toastyone]

I love OSX :p almost to the point of being a fanboy, but if you think that you can just hook your computer up with no firewall and running Apache, MySQL and PHP with ports open and all and you think you are going to still be in a steel plated safe internet haven you are mistaken :rolleyes:

[chimera963]

Pretty funny, a lot of mac fans. well, I believe it that he hacked the OS that fast. IMO mac's and there OS is junk so... LA LA LA

well **** off then you bloody retard. everything has bugs and holes, i don't care, i have a mac and pc in front of me atm, both are virus free and all, with no protection, its called BEING CAREFUL. Also, if your scared about hackers, back-up your stuff.

eventually OS X will fall to the same unstability and insecurity as windows, so what? just live with it.

Apparently they turned on SSH and allowed people to try to get in that way. Seems they used flaws in SSH to get in. Looks like someone left a door wide open and let a hacker walk in.

i don't know much about that, but i think it was like closed down shortly after coz it was illegal, but im not sure, maybe someone could shed some light on this.

[xxdesmus]

well **** off then you bloody retard.

You're done. This isn't about personal attacks so both of you leave your flame crap out of this thread.

[Cyber Dog]

update Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.

On February 22, a Sweden-based Mac enthusiast set his Mac Mini as a server and invited hackers to break through the computer's security and gain root control, which would allow the attacker to take charge of the computer and delete files and folders or install applications.

Within hours of going live, the "rm-my-mac" competition was over. The challenger posted this message on his Web site: "This sucks. Six hours later this poor little Mac was owned and this page got defaced".

The hacker that won the challenge, who asked ZDNet Australia to identify him only as "gwerdna", said he gained root control of the Mac in less than 30 minutes.

"It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for Mac OS X," gwerdna told ZDNet Australia .

According to gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.

"The rm-my-mac challenge was setup similar to how you would have a Mac acting as a server -- with various remote services running and local access to users? There are various Mac OS X hardening guides out there that could have been used to harden the machine, however, it wouldn't have stopped the vulnerability I used to gain access.

"There are only limited things you can do with unknown and unpublished vulnerabilities. One is to use additional hardening patches -- good examples for Linux are the PaX patch and the grsecurity patches. They provide numerous hardening options on the system, and implement non-executable memory, which prevent memory based corruption exploits," said gwerdna.

Gwerdna concluded that OS X contains "easy pickings" when it comes to vulnerabilities that could allow hackers to break into Apple's operating system.

"Mac OS X is easy pickings for bug finders. That said, it doesn't have the market share to really interest most serious bug finders," added gwerdna.

Apple's OS X has come under fire in recent weeks with the appearance of two viruses and a number of serious security flaws, which have since been patched by the Mac maker.

In January, security researcher Neil Archibald, who has already been credited with finding numerous vulnerabilities in OS X, told ZDNet Australia that he knows of numerous security vulnerabilities in Apple's operating system that could be exploited by attackers.

"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.? If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," said Archibald at the time.

An Apple Australia spokeswoman said today it was unable to comment at this stage.

http://www.zdnet.com.au/news/security/soa/...39241748,00.htm

[Vice]

https://www.neowin.net/forum/index.php?showtopic=439753

[Cyber Dog]

https://www.neowin.net/forum/index.php?showtopic=439753

Congrats, why isn't it in the news section? I don't read the Mac section because I personally have better ways to spend my cash than on owning one, and I certainly don't care what people do to "customize and support" them. :)

[Vice]

Congrats, why isn't it in the news section? I don't read the Mac section because I personally have better ways to spend my cash than on owning one, and I certainly don't care what people do to "customize and support" them. :)

Touchy aint ya?.

A simple search is all that is needed.

[Rudy]

OSX has its share of flaws just like any other OS, we're just lucky they're not being exploited yet

[chrisgeleven]

I don't really call this news. The hackers were given a local user account by the person running the competition. And SSH was turned on, which is off by default on OS X. If you give a hacker an easy way to even get onto the computer, then of course at some point they will be able to do some damage.

Call me when a hacker finds a way onto a OS X computer without having a user account created for them. Oh and with SSH turned off

[comctrl6]

Assuming it was properly configured with all the tools that OS comes with, ... :blink:

Please enlighten us why? :huh:

Please let me.

One fact that the ZDnet article failed to mention is that they were giving away local user account to everybody who wanted it, so anybody could access the machine through SSH. Therefore, this was not a remote exploit, it was a local exploit. If you really want to challenge yourself and "hack" a Mac go here.

Give me local access on Windows, Linux or any operating system and I'll find a way to gain administrator (root) access in 30 minutes. This proves nothing. It might prove that there are local "unpublished" exploits for the Mac, but you have to be inside the machine first to be able to use them.

Mac OS might not be the most secure OS out there - and it isn't, no system is - but by default it is secure enough. Besides the test was done on a desktop machine. Do the test on a server Mac and we'll see who can hack it. I might be wrong but the US Army won't go wrong. I'm sure of that one fact.

According to the article the hacker's name was "gwerdna." Now that sounds pretty random until you write it backwards: Andrew G. Matter fact here's his/her/its website. I am probably wrong but a "hacker" who might use that name is not really a hacker. At least not a good one.

Edited March 6, 2006 by comctrl6

[markwolfe Veteran]

One fact that the ZDnet article failed to mention is that they were giving away local user account to everybody who wanted it, so anybody could access the machine through SSH. Therefore, this was not a remote exploit, it was a local exploit. If you really want to challenge yourself and "hack" a Mac go here.

I am not an expert, but I am pretty sure that an attack that is carried out from an external PC through a service such as SSH is a "remote" attack. I don't believe it matters if there is an account created for that user or not. I may be wrong, though.

Also, I think that the box was 'owned' in a medium fashion. The cracker had some priveleges, it seems, if they were able to change the web page. But they lacked the power to "rm" the entire PC, which was the point of this user's so-called experiment.

Everyone must remember, that this was set up to challenge people to compromise the system. Not sure if current fink, apache, etc were used. But it is obvious they weren't set up right (meaning how a real server should be) since they granted user accounts to any anonymous user.

I have no doubt that a Mac can be set up very securely. As can *BSD. As can Linux. As can Windows (they even had a "hack iis 6" server online for several months as a security test/challenge.

Quite frankly, this thread can do without the name-calling, OS-gloating and fanboy-isms

[comctrl6]

I am not an expert, but I am pretty sure that an attack that is carried out from an external PC through a service such as SSH is a "remote" attack. I don't believe it matters if there is an account created for that user or not. I may be wrong, though.

You have to look at this way: The potential "hackers" did not have to find a way inside the computer, they already had a way, hence SSH. They could easily log into the machine through SSH. Up to here, the users have done nothing wrong, they could get in. After getting in, this "gwerdna" person was able to get root access. He didn't have to find a way inside the computer.

Anyway, I do agree that we can do without any name calling and fanboyism. If I have done any of that, I apologize. We have to keep in mind that these are just software applications written by humans. Since humans aren't perfect, their software won't be perfect either.

[Hills420]

Allowing SSH does not make it a fair test.

[chopyaedoff]

Lets see if any other OS can withstand so long.

Good ol' Macs.

[markwolfe Veteran]

Anyway, I do agree that we can do without any name calling and fanboyism. If I have done any of that, I apologize.

I wasn't singling you or anyone out, and I am sorry if my earlier quote of your comment made it appear that my whole post was directed at you. :ermm:

[comctrl6]

I wasn't singling you or anyone out, and I am sorry if my earlier quote of your comment made it appear that my whole post was directed at you. :ermm:

No offense taken. :)

[mircleman]

I don't really call this news. The hackers were given a local user account by the person running the competition. And SSH was turned on, which is off by default on OS X. If you give a hacker an easy way to even get onto the computer, then of course at some point they will be able to do some damage.

Call me when a hacker finds a way onto a OS X computer without having a user account created for them. Oh and with SSH turned off

Exactly as already been said mac is the most secure o/s out PERIOD END OF DISCUSSION, is it hack prrof no but most secure yes, enough said.

[fudgetunnel]

Exactly as already been said mac is the most secure o/s out PERIOD END OF DISCUSSION, is it hack prrof no but most secure yes, enough said.

:no:

[xxdesmus]

Exactly as already been said mac is the most secure o/s out PERIOD END OF DISCUSSION, is it hack prrof no but most secure yes, enough said.

hardly, but that's another story.

Any OS can be hardened to the point of being very secure, but any OS can also be pathetically vulnerable when used by a person who doesn't know any better.

[.Neo]

Cool, I might write an article myself where I claim to have hacked Windows XP under 30 seconds.

[dougal.s]

Will you people chill!

Very few details are given out about how the experiment was run, but based on my experience of setting up linux servers, I can offer a few notes on this.

1. OS X uses the same standard tools a most other *NIX OS'. Apache, PHP and SSH are all standard packages under OS X. Therefor, if OS X can be hacked, linux can be hacked.

2. Giving SSH access. This is a bit like me leaving the front door of the house open, and asking someone to break into the locked fuse cupboard in the basement, not exactly secure practice.

3. The Firewall in OS X is OFF by default, and I get the impression he hadn't turned it on.

4. Linux used as a web server will undergo a series of changes and tweaks to harden it against attacks. My personal favorite of these is disabling direct access to the root account, and only allowing access via su or sudo from certain user accounts. Giving this to everyone would just be dumb, even if they did not know the root password.

So basically.........it looks as though he had a poorly setup *NIX server and gave people a fairly good head start as far as access goes.

How many websites running on *NIX servers do you see hacked? I think something like 45% of the webs servers are running linux, including Neowin's IIRC. The Apple XServes run OS X, albeit a server variant, but if you have ever touched it, it has the same base code, a few extra tools for administration purposes, and all the consumer apps stripped out. You don't see the front page of Apple.com hacked with 'I pwnd joo n00b5!!111 lollerskatez!!!!11111eleven!!11' do you?!?!?

If you look at my sig you'll see the specs of my server, and a link to my blog. That blog is hosted on that server. If I believed it was easy to hack, I wouldn't allow it! I also have my Mac Mini running as a web server (On a different world-facing port), and so far it hasn't been hacked. Although, until now, I haven't really advertised it.

Happy Flaming :)

Dougal.