To find out how secure Apple’s OS X operating system is, a Swedish-based Mac fan set up his Mac Mini on the Internet, and invited hackers to try and break through the computer’s security and gain root control.
Just six hours later, a hacker called “Gwerdna” had won the “rm-my-mac” competition by gaining the necessary access, altering the Website to read, “This sucks. Six hours later this poor little Mac was owned and this page got defaced.”
In an interview with ZDNet Australia, ‘gwerdna’ said that he managed to gain root control of the Mac in less than 30 minutes, using some unpublished exploits “of which there are a lot for Mac OS X” to hack the machine.
Gwerdna added that the hacked Mac could have been better protected, but even that wouldn’t have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.
Declaring the OS X as “easy pickings” for hackers looking for vulnerabilities, gwerdna observed that OS X doesn’t HAVE the market share to really interest most serious bug finders.
This opinion was shared by security researcher Neil Archibald, who said: “The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.”
“If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems,” he added.
It wasn’t a hack!
The University of Wisconsin wasn’t impressed, calling the story, “woefully misleading” and pointing out that it wasn’t a “genuine hack” but a “privilege escalation for a legitimate user.”
Dave Schroeder of the University of Wisconsin explained that because anyone logging on was allowed to set up a local account on the Swedish machine (accessed via ssh), the exercise was more like breaking into a different user account while sat behind the computer. And that is much easier then hacking into a fully protected system over the Internet.
In other words, the machine was not hacked from the outside (via the Internet), it was hacked from within – a big distinction.
In response, the University has launched another competition in which hackers are challenged to break into an OS X system connected to the internet.
Their Mac OS X Security Challenge invites users to alter the web page at test.doit.wisc.edu by Friday.
Either way, all this attention adds up to something of a double edged sword for Mac fans, who enjoy far less grief from hackers and virus writers than their Windows counterparts.
Understandably, they’re keen to see their platform of choice flourish, but the more successful Apple becomes, the higher the risk becomes that they’ll be targeted by hackers.