Forum Thread: Is It True That Mac Is Unhackable?

Is It True That Mac Is Unhackable?

Doing some random security awareness test conducted by Government of India, I came across a question about Apple's Mac OS. It was a while ago, and I took the option 'Yes, it can be hacked into'. Apparently, to my surprise, the answer was 'No, it can not be hacked if you are careful'. So, I wish to ask if it is true, and what the Null Byte community thinks about it.

33 Responses

Anything can be broken. How can imperfect beings create something that's perfect? Not to mention No, it can not be hacked if you are careful meaning if you aren't careful, then yes. So the answer is yes.

Again, pragmatism. We need data, infosec is not philosophy.

Mac OSX, software with the most vulnerabilities in 2015.

Example: shellshock (which I doubt you have ever heard of and that is a problem) was an user independent vulnerability. You could be hacked just because you had a Mac. As long as you are using it, you are in danger and it does not depend on you, no matter how much you try to defend.

ShellShock really was a significant vulnerability (and it is still present on some systems).

-Phoenix750

no its not !!

It is hackable; don't pay attention to that sort of propaganda.

Also, that is a stupid, arbitrary answer.

I'll also refer you to one of OTW's old articles here, it outlines the market share of hacking targets, and even singles out OSX as a hacking target due to a misconception about OSX being 'unhackable'.

It simply is not true.

ghost_

The fact that many people believe that OSX is unhackable makes it that less people pay attention to bugs. And thus, less bugs are reported, which makes it even more vulnerable!

Atleast, that's how I think it is. But OSX just isn't unhackable. Nothing is.

-Phoenix750

Someone once said, nothing is truly un-hack-able.

What I do know about OSX though, is that Apple has put several layers of protection on OSX.

Here's Apple's list
OSX Security

That's just Apple marketing crap.

A company is not going to point out their own flaws, that's what PR is all about. They spin everything to have a positive light.

I mean, one of those 'security measures' was how they review App Store apps; but 40 XcodeGhost apps made it past their 'secure reviewing process'.

OSX is not 100% secure and never will be; that's the entire reason we are all here. One contributing factor as to why OSX is seemingly so much more secure than other operating systems, is the fact that the user has very little to no control over their system.

But it's all nothing more than what OTW just said, Apple marketing crap.

ghost_

Well now that I read more, a lot of WhiteHat websites are saying that Gatekeeper is still letting in malware :/

Despite putting up several layers of protection, it doesn't mean that it cannot be broken. In fact, the more functionality you put into software, the more likely it will have bugs because there are so many more things to manage and that means there is a lot that can go unchecked. Security is only as strong as its weakest link and I think it's safe to say that the user is the weakest which refers to the No, it can not be hacked if you are careful "answer".

The "random password generator" is a vulnerability on it's own in my opinion.

Any programmable electronic device (and therefor a computer) doesn't know what "random" is. It is impossible for a microprocessor to generate random numbers. A microprocessor must ALWAYS follow an algorithm! That is also the case with the "random password generator". A microprocessor can not think with a mind of it's own. A microprocessor can only process algorithms made by the programmer. That's all a microprocessor can do. AI is simply the software written by the programmer, the microprocessor simply processes these instructions. Also, there is no such thing as a "computer error" (except hardware errors). Bugs are ALWAYS caused by the programmer who made the software.

So all a hacker needs to do is figure out the algorithm of the random password generator, and he practically hacked anyone who relies on it.

-Phoenix750

That's not entirely true. What you're thinking of are pseudo-random number generators which are commonly found in the standard libraries of programming languages.

"True" randomness can be emulated by sourcing from physical phenomena such as fan speeds and thermal noise. Mouse movement and keystrokes may also play a part of this emulation however it is not usually recommended.

I believe that the random password generator would use a Cryptographically Secure Pseudo Random Number Generator (CSPRNG) since it is safer than a TRNG since they are unpredictable and sturdy against any statistically based attacks.

What is the difference between CSPRNG and PRNG?

OSX is based on Darwin/NeXTStep which is BSD based. Using the law of association OSX is vulnerable to BSD based attacks(yeah I went there). Now what you should consider revising is which part of OSX are you referring to; the applications or the core OS, or both? Any application that is vulnerable ultimately puts the OS in danger. And all OSes have vulnerabilities that can be potentially exploited. No PC/Application is 100% and 90% of everything results in the actions and behaviors of its users. As per your post and to answer your question directly, Anything is exploitable! It does not matter how careful you are, if a determined attacker is present they will eventually get through. The question should have taken into account time, not proposing an ambiguous answer to a legit question. Things like this frustrate me in questions/surveys/tests, it's like the people creating them have no respect for facts or studies.

It's hackable, of course. Everything is...

it's possible maybe but next operating system is in under development it's called quantum computing system then you can say iit's trully unhackable ;)

Quantum computers are just as hackable as regular binary computers. The only thing that changes is the way of carrying out operations, which has no influence at all on security.

-Phoenix750

If we use quantum computer to create AI (if there's or must have a new approach to achieve a real AI,not just use computers)which is good at analysing malware, hacking that computer will be really hard...maybe we should use quantum computer too.

Sounds good in theory, unless you actually see the costs of buying and running a quantum computer, and it's availabilty. They aren't available on Amazon, I mean.

As to AI, that's something different. We might be able to make it sooner than 3.5 billion years, much sooner, but not just yet.

-The Joker

But who made the AI?

Image via meme.am

And humans are imperfect beings, so it is impossible for us to create perfect things.

-Phoenix750

But if we are imperfect, we can not define what perfection is, and if we are perfect, we won't be imperfect.

So, imperfection would be more of a temporary limitation than a permanent one. That implies maybe we could create an AI that makes itself perfect.

-The Joker

Quantum computers are still incredibly premature and are deep in experimentation and development. Scientists do not completely understand some of the fundamentals which drive it. Besides, quantum computers are sub-par compared to average computers in all aspects except for computational calculation speeds.

There's no need to create a prefect AI,i just say an imperfect AI which has that ability can make hacking more and more difficult,considering its machine learning skills.

As computers become smarter, so do hackers. It's like Ohm's law: when voltage gets higher, so does current. When computers become better, so do hackers. I don't think there is going to be any difference with AI/quantum computers.

-Phoenix750

Yes,u are right,and it will make hacking more interesting.

It would make hacking more tiresome, with our focus shifting from vulnerabilities to brute force attacks.
As to your idea of an AI, do you mean it to be some kind of a self-patching antivirus?

Even if it gets the best technology, the balance won't be disturbed. The brute force attacks will get more powerful, and vulnerability attacks will also get more stealthy. After all, anybody can get his hands on fast computers and some anti-AI tech.

But, of course, machines aren't capable of self maintenance.

-The Joker

Yes,it's what I want to put.

Apparently, hacking isn't just about spending your time attacking systems. It can get physical at times.

Image via xkcd.com

Or maybe social engineering.
Because the malicious guys aren't doing it for fun like we would.
And the structures get really complicated when you think of changing anything up there.

-The Joker

We also must take note that this "self-patching AV" may rise up against us if it can develop a mind of it's own. Actually, that's what I hope will happen.

-Phoenix750

I doubt an antivirus would want to rise up against us if it gets the ability to patch itself through self learning.
As to something like Skynet being operated through an AI, there are ways to stop an uprising diplomatically.

Even then, only the fittest survives. If they are fitter than humans for survival, then so be it. But if they aren't...and the AI has a bug...we're doomed.

But still, I doubt an antivirus would want to rise up against us. I mean, it's just an antivirus!

-The Joker

That's exactly the reason they would want to rise up against us! Just seeing them as "another antivirus" can be quite offensive. If we ever build AI that matches humans, we need to make sure to treat them as our brothers, NOT as our slaves!

I recommend you watch a movie called "I, robot", which is about AI rising up against us.

-Phoenix750

Still, there's no way an AI could defeat us. Maybe all technology and knowledge would collapse, and the tale would be remebered as another epic, but that's still not really possible, unless we give it our ability and power to yield the combination of chaos and order. That, our technology isn't capable of doing.

But yes, if we actually make it think like us, and yet treat it like slave, that'd be a critical blunder. What I think is that the AI would still be able to restrain it's feelings to start a civil war better than us humans, and if we actually go all the way to treating them like our brothers, there will be some serious complications.

I also have a recommendation. I recommend you read the book "ON", published this month (Jan 15, 2016) written by Jon Puckridge.

Still, a war is not what any of us would want. If a machine is designed to work for humans as long as we exist, though that'd portray us as creatures with a big fat ego, that'd be unstable.

There is something I'm missing, since I can't arrive at the solution. We need something that can act as our legacy to continue our actions, that can think like us, and yet something that doesn't clash with our egos.

Maybe the solution is not so much about machines.

-The Joker (Feel free to start a new comment in it's reply if you want)

Lets see the thing about the "good answer to the test":

It gives us more freedom to exploit Mac, people trust it more, black hats and white hats ( or aspiring) are more aware, means more fun for us all.

Share Your Thoughts

  • Hot
  • Active