Hacker Gains Root Access To Mac OS X In 30 Minutes

Mon Mar 6, 2006 :: 4:40 PM ET (13:40:35)

It took a hacker less than 30 minutes to gain root-level access to Mac OS X, according to a report from ZDNet.  The hacker who penetrated the system called the Mac "easy pickings."

The security breach took place on February 22 after a Swedish devotee of the Mac set up a Mac Mini as a server and invited all takers to try to compromise the system's security to gain root-level control.  Once a hacker has gained root access to a computer system, the attacker can install applications, delete files and folders, and use the computer for any nefarious purpose.

The competition was over in a matter of hours after a hacker, who asked to be identified only as "Gwerdna," gained access to the server in question and defaced the Web site with a message that read, "This sucks."  Six hours later this poor little Mac was owned and this page got defaced."

Gwerdna told ZDNet that it took him a mere 30 minutes or less to gain root control of the Mac.  "It probably took about 20 or 30 minutes to get root on the box," Gwerdna said.  "Initially, I tried looking around the box for certain misconfigurations and other obvious things but then I decided to use some unpublished exploits -- of which there are a lot for the Mac OS X."

Taking Aim at Macs

Although Gwerdna said that the Mac Mini could have been protected more effectively, he also said that, even had the machine been configured for better security, it would not have stopped him because the vulnerability he exploited has yet to be published and Apple has not released a patch for it.

The winner of the hacking contest went on to say that there is a limitation on what hackers can do with unknown and unpublished vulnerabilities because there are countermeasures that systems administrators can employ to tighten security -- even for unpublished software flaws.

Although Gwerdna said that Mac OS X contains unpatched vulnerabilities that would permit a hacker to infiltrate Apple's operating system, he said that the relatively small number of Macs in use -- in contrast to the vast number of PCs running Windows -- is the reason more hackers do not try to exploit them.

"Mac OS X is easy pickings for bug finders," he told ZDNet.  "That said, it doesn't have the market share to really interest most serious bug finders."

Flawed Apples

News of this contest comes on the heels of Macs being hit by two viruses and a critical security flaw.  Security experts called the Leap and Inqtana viruses relatively harmless because of their limited scope, but rated the security flaw in Apple's Safari Web browser as critical.

Discovered by Michael Lehn, a graduate student and research assistant at the University of Ulm in southern Germany, the Safari vulnerability could have allowed attackers to disable a Mac computer after tricking the user into accessing a phony Internet site that contained malicious code.

Up until the point that Apple patched the flaw, the Safari browser's default configuration was set to open and run compressed files automatically.  Attackers could exploit the flaw when Mac users downloaded files in which malicious software had been disguised to appear as safe.

Apple issued a security update last Wednesday to fix 20 Mac OS X vulnerabilities, including the Web-browser problem and a similar flaw in Apple's Mail client.  The update also patched iChat, Apple's instant-messaging application, which now relies on an Apple technology called "download validation" to warn users of unknown or unsafe file types during transfers.

Lessons Learned

"The lesson here is that if we look at Mac OS X and compare it to, say, Windows XP, we find that, in terms of the number of vulnerabilities, they are actually quite comparable," said Vincent Weafer, senior director at Symantec Security Response.

What might surprise many is that both Apple's Mac OS X and Microsoft's Windows have roughly the same type of vulnerabilities in a similar volume, said Weafer.

But he did say that direct comparisons are not possible because both companies report vulnerabilities and security updates differently -- and Apple ships more applications with Mac OS X than Microsoft does with Windows.

Weafer also said that hackers are not capitalizing on vulnerabilities in Mac OS X to the same degree they are trying to exploit flaws in Windows. Weafer estimated that there are between 100,000 to 200,000 Windows viruses compared to 200 or so Mac viruses.

According to Weafer, the number of Mac vulnerabilities discovered and the possibility they will be exploited will gradually rise as a direct result of an increased interest in Mac OS X.  Weafer urged Mac users to make sure they have installed antiviurs and antispyware applications and are updating them regularly.

In response to the mis-information of this show of "skills", University of WI did things right