Communications of the ACM
Stealthier Mac Attacks
A security expert at the recent Black Hat DC computer security conference demonstrated a technique for attacking the Mac operating system OS X without leaving any evidence. Similar attacks have plagued Windows and Linux machines for years, but creating such an attack on a Mac required a greater level of sophistication. Vincenzo Iozzo, a student at Italy's Politecnico di Milano, says the technique allows an attack to compromise the machine without leaving an imprint on the permanent memory, meaning evidence of the attack will vanish as soon as the machine is turned off. This technique could be used in combination with another software flaw to replace a legitimate version of a Web browser with a malicious one that records the user's keystrokes and sends them to the attacker. Iozzo says the attack can only be detected using software that looks for intrusions on a network. Predicting where to inject code is difficult due to a security feature in OS X that stores the variables needed to keep the attack untraceable in random locations within the memory. However, Iozzo discovered how to anticipate where the variables would be stored.
Independent security researcher Dino Dai Zovi says there are few Mac attacks that are sophisticated enough to need this kind of stealth, but warns the technique could be used to bypass advanced antivirus software in the future.
From Technology Review
View Full Article
No entries found