“I’m a total Apple fanboy,” said security consultant Dino Dai Zovi during his talk yesterday afternoon at the SOURCE Boston computer-security conference. “If Apple made clothes, I’d probably dress in them.”
But part of being an Apple fanboy for Dai Zovi means hacking Macs, and he says that OS X is often easier to hack than Vista or Linux.
Apple enthusiasts often extol the security of the Mac operating system, and they rarely run antivirus software. Dai Zovi agrees that Macs generally face less attack from malware authors, but he said that’s not due to the impenetrability of OS X. The Mac may be safer, but it’s not necessarily secure, he said, comparing the situation to leaving your front door unlocked because there aren’t many thieves in the neighborhood.
Today, about 10 percent of browsers run on OS X, so it’s just not profitable for malware authors to go after Macs, Dai Zovi said. However, the situation could change if Apple continues to gain market share.
In his talk, Dai Zovi demonstrated an OS X attack that allowed him to take control of the built-in camera on a MacBook. He also outlined several ways that attackers could exploit flaws in OS X. For example, he said that many exploits require attackers to locate data stored in a computer’s memory. Vista and Linux use randomization to make this hard to do, and, while OS X does randomize some data, other things are relatively easy for an attacker to find.
Dai Zovi said that Apple has a chance to improve security with its forthcoming Snow Leopard update to OS X. Without improved security, he worries that people may start worming in to Apple’s computers. “Writing exploits for Vista is hard work,” he said. “But writing exploits for Mac is fun.”
A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?
Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.
A startup says it’s begun releasing particles into the atmosphere, in an effort to tweak the climate
Make Sunsets is already attempting to earn revenue for geoengineering, a move likely to provoke widespread criticism.
10 Breakthrough Technologies 2023
These exclusive satellite images show that Saudi Arabia’s sci-fi megacity is well underway
Weirdly, any recent work on The Line doesn’t show up on Google Maps. But we got the images anyway.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.