July 29, 2009 / 10:16 PM / 10 years ago

Mac flaw could let hackers get scrambled data

* Mac expert shows how hackers can steal encrypted data

* Demonstrates method at conference for security experts

By Jim Finkle

LAS VEGAS, July 29 (Reuters) - A Mac security expert has uncovered a technique that hackers could use to take control of Apple Inc (AAPL.O) computers and steal data that is scrambled to protect it from identity thieves.

Prominent Mac researcher Dino Dai Zovi disclosed the software flaw at the Black Hat security conference in Las Vegas, one of the world’s top forums for exchanging information on Internet threats.

About 4,000 security professionals are in attendance, including some who are really hackers. While experts ferret out software flaws to fix them and protect users, hackers use the same information to devise pranks or commit crimes.

Attacks on Apple computers are extremely rare, but security experts say that will change as Macs gain market share on PCs running Microsoft Corp’s (MSFT.O) Windows operating system.

Some hackers have already released programs that attack Macs, including one earlier this year that was spread to a small number of machines via pirated software.

It is not illegal to publish software that can be used to hack into computer systems, though it is against the law to use it to break into them.

Dai Zovi, a security researcher and co-author of “The Mac Hacker’s Handbook,” said on Wednesday that once hackers start to put substantial resources into targeting Apple’s computers, they will be at least as vulnerable as Windows machines.

“There is no magic fairy dust protecting Macs,” he said in an interview.

The technique — dubbed “Machiavelli” — exploits a vulnerability in the Mac OS X kernel, the heart of the machine’s operating system. It only works on machines that have already been victimized, such as ones attacked with the pirated software. It can take control of Apple’s Safari browser, logging passwords to financial accounts and data on bank statements, Dai Zovi said.

An Apple spokeswoman could not be reached for comment.

SECURITY LOOPHOLES

Apple is the fourth-largest U.S. PC maker and continues to take market share. It held 9 percent of the U.S. market in the second quarter, according to Gartner.

“They are advancing. Our concern is that they are just not advancing as fast as they are gaining market share,” said Charlie Miller, co-author of “The Mac Hacker’s Handbook.”

Still, they said the Mac’s operating system will be an easier nut to crack once hackers start to focus on it. That is because it has a lot more code in it than Windows, leaving room for more vulnerabilities and bugs that hackers can exploit, the two experts said.

“Everyone is on their toes,” Miller said.

Reporting by Jim Finkle; Additional reporting by Gabriel Madway; Editing by Richard Chang

0 : 0
  • narrow-browser-and-phone
  • medium-browser-and-portrait-tablet
  • landscape-tablet
  • medium-wide-browser
  • wide-browser-and-larger
  • medium-browser-and-landscape-tablet
  • medium-wide-browser-and-larger
  • above-phone
  • portrait-tablet-and-above
  • above-portrait-tablet
  • landscape-tablet-and-above
  • landscape-tablet-and-medium-wide-browser
  • portrait-tablet-and-below
  • landscape-tablet-and-below