Black Hat: Mac OS X 'Catching Up' To Windows Security
In a Wednesday presentation at Black Hat USA entitled "Macs in the age of APTs", researchers from IT security consulting firm iSec said Mac OS X authentication falls short when it comes to defending against APTs.
Specifically, Mac OS X networks are significantly more vulnerable to network privilege escalation attacks, which are exploited frequently by advanced persistent threats. “Almost every OS X server offers weak or broken authentication methods,” said Alex Stamos, iSec co-founder, during the Black Hat presentation, adding that these kinds of attacks were just “two notches above trivial.”
The researchers said that the Mac OS X platform contained a gaping security hole in the authentication protocols that enabled hackers to execute brute force attacks. During the presentation, Paul Youn, researcher at iSec Partners, detailed a login keychain attack unique to the OS X platform that can be used to brute force the user’s passwords.
The attack targets even non-privileged users, decrypting the contents of the login keychain and giving the attackers access to network credentials, Youn said.
“Hackers are quite advanced. Users pick bad passwords so that attack might be very successful,” Youn said during the Black Hat presentation. “Once you compromise a machine, you have access to that user’s information. There’s quite a bit that is immediately available.”
If Macs seem to be less targeted with advanced persistent threats, that's probably because Mac OS X occupies between 6 and 8 percent of the PC market share, Youn said.
"That’s very different than having a secure operating system," he said. "That means not many people are interested in attacking Mac users."
And because Mac users are less targeted, they’re also less wary when it comes to social engineering, according to Youn. "If they haven’t felt more vulnerable, that might make them more susceptible to social engineering,” he said. “These targeted attacks, they don’t care what OS you’re running.”
Meanwhile, Youn said that Mac users are becoming increasingly accustomed to clicking through applications that are unsigned, while fewer Macs run antivirus. He added that only about 20 percent of Mac OS X users feel vulnerable to cybercrime.
“Apple’s marketing isn’t helping either,” Youn said. “Apple perpetuates this feeling.”
That said, the recently updated Mac OS X 10.7 Lion comes with a slew of security features that put it on more par with Windows.
One of those improvements in Mac OS X Lion is with its application sandboxing feature. In addition, the updated and more comprehensive address space layout randomization (ASLR) feature in Lion had pretty much tied with the Windows platform as well, Stamos said.
“So how does Mac stack up to Windows? The OS X is catching up," Stamos said. "They’ve done a huge amount of work to making exploits hard."