View Full Version : Mac Air hacked in 2 minutes

tlr online
31-03-08, 19:18
We're discussing this in Mature General Chat, and I wanted to get your thoughts on it also. Three machines on a LAN. A Mac, Vista SP1 and Ubuntu. The challenge is to hack them. Now, how can a machine be hacked if it is not running any applications. i.e. sitting at desktop and/or idle. An exploit in Safari felled the Mac, but if Safari wasn't running on the remote machine at the time, how can this bug be exploited to root the box?

A laptop running a fully patched version of Microsoft's Vista operating system was the second and final machine to fall in a hacking contest that pitted the security of Windows, OS X and Ubuntu Linux. With both a Windows and Mac machine felled, only the Linux box remained standing following the three-day competition.

Shane Macaulay, who played a hand bringing down a Mac during last year's Pwn2Own contest, defeated the Vista machine using a previously unknown vulnerability in Adobe Flash. On final day of the CanSecWest conference in Vancouver, Macaulay spent the better part of four hours trying to get the exploit to work. (The delay prompted one spectator to playfully dub the difficulty "hacktile dysfunction.")

A MacBook Pro running a fully patched version of Leopard was the first to drop out (http://www.channelregister.co.uk/2008/03/28/mac_hack/) during day two of the race, when researchers from Independent Security Evaluators demonstrated a previously unknown vulnerability in Apple's Safari browser. With brand new boxes running both Ubuntu and Vista remaining, Macaulay spent day three switching back and forth between the two machines, trying to get his Flash exploit to execute properly. He was assisted by Alex Sotirov, a security researcher at VMware.

Initially thwarting Macaulay's efforts was the recently released Service Pack 1 for Vista, which he had neglected to install when testing the Flash exploit in the days leading up to the contest. Per the contest rules, each target machine had to be fully patched, and when the researcher first ran the code during the competition, new page protections added by Microsoft's security team prevented the exploit from properly executing.

"They had done some stuff in Vista to prohibit this form of attack from being successful on third party software," Macaulay said minutes after he finally commandeered the Fujitsu U810 laptop. "We had to do some porting to get around that issue."

Macaulay and Sotirov fashioned some javascript to circumvent the new measure, a feat that effectively allows them "to render that protection ineffective," Macaulay said.

It also allows them to pocket a $5,000 bounty from Tipping Point's Zero Day Initiative and keep the pricey Fujitsu laptop. Macaulay said he would probably sell the machine, which he and Sotirov autographed with a black Sharpie pen, on eBay.

Under contest rules, qualifying exploits on day one had to target default installations of the operating system itself and winners were allowed to walk away with the hacked box and a $20,000 bounty. Contest organizers gradually expanded the eligible attack surface on days two and three by allowing an vulnerabilities in an increasing number of third party applications. The bounty dropped to $10,000 on day 2 and $5,000 on day three. No one bothered competing on day one.


31-03-08, 19:51
^^ That is both cool and scary at the same time.:o

01-04-08, 01:22
^^ That is both cool and scary at the same time.:o

Ditto. I've not computer-savvy, so this is incredibly amazing ;)

01-05-08, 17:45
therefore, Linux ROX!!

01-05-08, 18:38
A security and firmware update has been released for the MacBook Air since the "hacking." Apple usually does not take these examples of security hacking lightly.

01-05-08, 18:41
A security and firmware update has been released for the MacBook Air since the "hacking." Apple usually does not take these examples of security hacking lightly.

Yeah I guess that is what's cool about Apple in the end. They always aim to improve their products and the OS is under constant update.

01-05-08, 19:03
well, with the introduction of Mac OS X, they changed their backend to BSD (Unix) - Linux is also based on Unix (however it always has been). I can't really fault Apple there. Given what I know about Linux, and what I know about Windows, I can assume that the hack of the Mac machine was only into the user account and not to the root. Under Linux, if a hack occurs it's more than likely to a user account, which does not have access to the root with out a sudo command, or a switch to the su (super user) mode. To switch to su mode, one would need the super user password - for security reasons it should not be the same as any user password. To invoke sudo mode to get to the root, some one needs the user's password, and the user needs to be in the list of "sudoers". Some Linux distros automatically add normal users to this list, others do not, and require someone to log in as root user to add a new user to this list. From the sounds of the hack done on the Mac, it used a third party program's flaw, rather than a password crack. So, if the Mac OS X backend behaves similar to Linux, it is my assumption that the hack would only affect the user account primarily and there is the added protection of needing passwords to get to the root of the system.

Windows on the other hand will allow anyone to move anything anywhere, total lack of security. A hack will affect not only user accounts, but could spell major disaster for the system if the hacker has destruction/sabotage in mind. Furthermore, the majority of viruses out there are designed specifically to target microsoft operating systems. They just so happen to be written by people who use non-MS operating systems as the malicious code will not affect the system it is written on. Therefore, MS has the added potential to get infected by a hacker.

Lets say that a person manages to hack into and implant a virus into a linux machine. As stated earlier, the hack as well as virus will most likely be contained to the user account. Given the nature of Linux being open source, anyone with experience in designing programs for linux (and there are many) will be able to quickly isolate and cure the infection. Booting recovery mode in linux only requires choosing that option at the bootloader screen, unlike windows which requires booting from the CD. A new user account can easily be created through recovery mode with a simple command like adduser bob.

01-05-08, 19:07
And they said no one can ever hack Mac's. :rolleyes:

ANYTHING is hackable nowdays.

KC Mraz
01-05-08, 19:17
It say that Vista was hacked via a third party software, Adobe Flash.
Does that mean that Vista is not-so-easy to hack by itself (without 3rd party software)? :confused:

01-05-08, 19:36
my take is this, it is easier to hack any system through vulnerabilities in third party software. The article stated that no one even attempted to hack the machine without the use of exploiting an application, no one entered the contest until the second day when the rules were expanded to allow attacks on browsers, email, and other common software. The vista hack was completed on the third day when the rules were expanded even further to allow attack on third party software. Mind also that the rules of the game stated that no previously known exploits could be used.

Mac OSX was hacked with an exploit of Safari Web browser
Vista was hacked with an exploit of Flash aided by java-script to circumvent the newly added protection provided by Vista's SP1

That same Flash exploit was attempted on the Ubuntu machine, but was failed.

So the question here remains, which fully patched OS that is completely idle will be most secure from hacking? My asessment is that this test did not capture the true picture of which is most secure.