Hackers looking to bite the Apple in Computer Security

del.icio.us |Digg it |Netscape |reddit |StumbleUpon |Yahoo MyWeb |Print This Post
Add this to your favourites

The Apple community has, since the beginning of time or well… atleast since its inception, has largely been immunie to attacks that regularly plague the internet community. Remember Nimda, Blaster, Slammer… yup. While you spend your time cursing Microsoft or your not so smart Anti Virus solution so prone to failure from zero day attacks, the Apple fanboys respond — they don’t have to worry about such nonsense. Apple’s general lack of concern towards viruses and malware was based on solid grounds. Their core kernel, based on secure Unix components for its underlying Operating System foundation, in itself makes the mac less vulnerable to malicious code. The other significant factor was that the Apple base wasn’t simply big enough for hackers to devote their attention to. Hackers crave attention … they want headlines also if possible bring in some moolah through their efforts among other things. The Apple community comprised of less that 5% of the overall PC market,so why not spend as much time, maybe even less creating something that will affect the remaining 95%.

However that is all changing. The iPod craze is translating into more customers for Apple. According to Apple’s most recent earning statement, Apple sold a bit north of 830,000 Macs in their last quarter, up 6% from their previous quarter. Apple’s market share is still in the single digits, but I can say for a fact that Apple is back. Thus, the slow but steady growth in the number of Mac users, is starting to make it an attractive target for malicious hackers.

And, we are starting to see this happen. This interest is translating into the discovery of more system vulnerabilities. Security vendor Internet Security Systems found that there were three times as many vulnerabilities found for the Macintosh in May of this year as there. Security supplier McAfee found that the number of vulnerabilities for the Macintosh went up 228 percent, compared to a 78 percent increase for Microsoft Windows, from 2003 to 2005.

In February 2006, the first worm designed for Mac OS X appeared. Named “OSX/Leap.A,” it is an instant messaging worm capable of infecting Mac applications. In addition, a handful of other attacks, focusing on items such as the Apple’s Safari browser and the Mac’s Bluetooth connectivity, have taken place.

In November 06, we see the release of a new worm for Apple named ‘Opener’. As first reported on The Mac Observer October 25, security experts discovered the virus entitled ‘Opener’, or ‘Renepo’ (opener spelled backwards), disguising itself as a shell script.

Mr. Cluley said Renepo is a self-propagating worm that doesn’t use e-mail as a carrier. Instead, it first needs to get root access to a system, but once run will begin seeking out other drives and systems on the network to which it can copy and spread. “Once on a drive, it does a number of things including turning off system accounting and logging, the OS X firewall, software auto-updates, and the OS X security program LittleSnitch,” said Mr. Cluley. “It also creates a new admin-level user which can be used for subsequent system access. It turns on filesharing, and copies some key system files making them world-writeable. It creates a huge back door. It’s a smart worm” . The worm also installs a number of pieces of software, such as ohphoneX (a voice and video sharing program for OS X), John the Ripper (a password cracker) and dsniff (a password sniffer). It scans the swap file, Samba and VNC (virtual network computing) connections for passwords and creates a folder in which to store this, IP numbers of other infected computers and other data found on the hard drive.

Hacker’s new found interest for Apple products does not seem to be restricted to the iPods, but there has also been an influx of interest in other Apple products, such as the iPod and iTunes. Perhaps this is why Apple reported in October that some of its new video iPods were infected with the RavMonE virus.

Hackers love Windows

While one can indulge in a debate about the merits of the different operating systems, there is no controversy about which platform interests hackers the most. Security software supplier McAfee found that there have been about 2,000 viruses developed for the Mac compared to more than 70,000 for the PC.

An examination of trends in the security space sends a mixed message about the impact of these viruses. The number of definitions, which are basically virus fingerprints, has been rising. From 1999 to 2002, McAfee’s database held around 50,000 definitions, but the company passed the 200,000 mark earlier this year. However, the number of serious problems stemming from virus attacks has dropped dramatically. In 2004, McAfee counted 48 virus outbreaks of at least moderate severity, but that number dropped to only 12 in 2005, and this year, the number stands at zero.

ISS ranks vulnerabilities as “critical,” “high,” “medium” and “low.” Of the 5,300 vulnerabilities recorded so far in 2006, 0.4 percent were deemed critical (i.e., could be used to form a prolific automated worm); 16.6 percent were deemed high (could be exploited to gain control of the host running the software); 63 percent were medium (could be used to access files or escalate privileges); and 20 percent were low (vulnerabilities that leak information or would allow a denial-of-service attack).

Changing Focus

These numbers illustrate another shift in the hacking community. “The hackers are focusing less on operating system vulnerabilities, and more on higher level items, such as application holes,” Burton Group’s Lindstrom told TechNewsWorld. These attacks are potentially more damaging (as they include such exploits as identity theft) and are harder to track down than traditional problems, such as viruses. ISS found that 3,219 vulnerabilities that were not operating system specific were reported this year.

Consequently, all users, even those with Macs, need to be more vigilant in maintaining their systems.The Macintosh is a tantalizing platform for hackers, especially because of the perception some have that it is bulletproof, perhaps the most secure platform on the market. In fact, Apple has continually focused on this superiority as part of its marketing efforts.This air of invincibility is likely to be tempered soon. Current trends indicate that, going forward, Mac users can almost certainly expect to see an increase both in the number of vulnerabilities discovered in the technology and in the code designed to exploit them. Is the Macintosh the ‘new apple in hackers’ eyes?’

Meanwhile, check out this video where two security researchers Ellch and Maynor targeting a specific security flaw in the Macbook’s wireless “device driver,”

Credits and further information

1. Technewsworld article on Macs, Hackers and the Computer Security Game

del.icio.us |Digg it |Netscape |reddit |StumbleUpon |Yahoo MyWeb |Print This Post