Security experts not surprised the Mac was hacked
One calls Mac 'as vulnerable as most other operating systems'
Macworld - Security researcher Dino Dai Zovi sent a shudder through the Macintosh community late last week when he successfully hacked the Mac with an exploit that he sent to a friend attending the CanSecWest security conference. By gaining shell access to a Mac by pointing the Safari Web browser at a specially-constructed Web page, Dai Zovi won a $10,000 prize from 3Com’s Tipping Point division -- and took a lot of Mac users by surprise.
But if the news of a hacked Mac was alarming in some quarters, security experts say they aren’t the least bit shocked.
"Literally any piece of code is going to have vulnerabilities and the Mac is no exception," said Ray Wagner, Gartner’s managing vice president in the secure business enablement group.
Thomas Kristensen, chief technology officer of security-research firm Secunia, agreed. "Mac systems are as vulnerable as most other operating systems, so anyone with reasonable skills should be able to compromise them," he said.
Most Mac users see their operating system as being much more secure than Windows. That’s true to a certain extent. But much of the Mac’s immunity from malicious attacks can be attributed to hackers going for the more widely used operating system to grab the most attention.
"If a hacker turned their attention to the Mac, it would suffer just as much as Windows," Wagner said. "Attacking the 95 percent of the market gets them more attention."
According to research Wagner did in the last year, an operating system would need to hit the 20 to 30 percent penetration level before it really becomes a target for hackers. This is the point where hackers will feel it is worth the time to expose a vulnerability.
However, in light of last week’s proof-of-concept exploit, Mac users shouldn’t worry that hacks are going to start flooding the market. "Just because there has shown to be a hack, that doesn’t mean there will be all kinds of hacks showing up all of a sudden," Wagner said.
Dino Dai Zovi, the man that found the exploit, hopes for a safer operating system for all Mac users. "I hope the increased visibility due to the publicity surrounding this incident causes more people to search for and responsibly report vulnerabilities in the Mac to help make it a safer platform for everyone," he said.
Dai Zovi said he came up with the hack in about nine hours from the time he got the call from his friend Shane Macaulay, who was attending the CanSecWest conference.
"In this instance, breaking into the Mac was not particularly difficult," Dai Zovi said. "I got lucky and stumbled across a reliably exploitable vulnerability rather quickly. In many other times in the past, I have spent much longer looking without finding anything. It often comes down to luck and an intuition for where software weaknesses may lie."
- QA Automation: Reducing Test Execution While Improving Coverage A leading capital investment firm in the US was in need of a comprehensive, cost effective and flexible solution to reduce their existing...
- Tablet, Laptop, or Desktop - Form (Factor) Follows Function Desktops, laptops, Ultrabooks, tablets, convertibles, and all-in-ones; suddenly hardware decisions seem a lot more complicated. To take advantage of these benefits, the savviest...
- The IT handbook for Windows 7 and Windows 8 migrations A comprehensive guide for IT departments making the switch from legacy versions of Microsoft Windows to Windows 7 and Windows 8. To date,...
- 7 Reasons Why Windows 8 is the Future Touch, cloud, BYOD and IT consumerization dominate the mindshare of IT managers. Windows 8 enters the scene with a host of features that...
- Cloud BI in Action: Recorded Webinar of Customer, Kony, Inc. See how Kony, Inc., a leading enterprise mobility company, is using TIBCO Jaspersoft for Amazon Web Services and Redshift to achieve embedded analytics...
- Cloud BI Overview: Jaspersoft for AWS Check out this overview of Jaspersoft for AWS, to easily and affordably build business intelligence solutions as well as embed visualizations and analytics... All Operating Systems White Papers | Webcasts