Tag: guard

Apple gatekeeper security broken

dottedborderemmelinagnome9thmarch2014 011FORMER NSA and NASA staffer Patrick Wardle, who heads up research at security start-up Synack, he has found a way to bypass protections in Apple Macs without getting caught.

Download files, known as .dmg files, for products including Kaspersky, Symantec, Avast, Avira, Intego, BitDefender, Trend Micro, ESET and F-Secure are all sent over unencrypted HTTP lines, rather than the more secure HTTPS. For some reason they trust Apple’s Gatekeeper security technology to recognise the digital signatures they sign in.

Anyone who intercepts a download to corrupt it won’t get away with it, as the Gatekeeper will see that the vendors’ original signature has been altered and ignore it.

But Wardle noticed that the Apple Gatekeeper software doesn’t check all components of Mac OS X download files. This makes it possible to sneak a malicious version of what’s known as a ‘dylib’ (dynamic libraries) file into legitimate downloads done over HTTP to infect Macs and start stealing data.

Dylibs are designed to be re-used by different applications; they might be used for actions such as compressing a file or using graphics capabilities of the operating system.
If an attacker can “hijack” the dylib processes used by Mac apps, however, they can carry out nasty attacks and send user data to their own servers, the researcher explained.

It is not that easy to pull off. The attacker would have to get on the same network as a target, either by breaching it or simply logging on to the same public Wi-Fi.

They would also have to inject a legitimate yet vulnerable application into the download and shuffle around the content of the .dmg so that the injected legitimate software is shown to the user.

At the upcoming CanSecWest conference in Vancouver, he will be explaining 101 things you can do with an evil dylibs ajd discover which Coldplay and U2 single the Mac owners is listening to.

Wardle reverse engineered the iCloud protocol and set up a command and control server on a secondary malicious iCloud account, meaning the connection he used to “steal” from his own PC would also be trusted.

You would think that Jobs’ Mob would be worried about it all, but apparently Wardle said they did not really care.

He said that they didn’t seem to understand the full ramifications of it. It would mean that Apple would have to re-architect OS X and expand Gatekeeper’s capabilities to fully address the issues raised by his new class of attack.

Wardle was miffed that the security companies were placing users at risk with unprotected downloads of their software installers and failing to protect against more advanced attacks like his own.

 

PCKeeper lets customers pick their own price

buckguardA software outfit called PCKeeper has come up with a novel way of flogging its product.

It’s not setting a sale price – instead letting the customer decide what they want to pay.

The company said that it is experimenting with the same idea which allows for musicians and artists to allow their fans to pay what they want for music or art.

It is a radical concept for software because companies usually fear not getting their development costs back.

In this case it took a team of nearly 150 people almost two years to create and support the program so they want to make their money back.

The software normally has a retail price of $39.99 but will be available to customers for as low as $1.00. The idea is being tested out between June and July and it is not clear if it is just a marketing gimmick or if the company really is serious about it as a long term option.

PCKeeper’s communications manager, Ilias Melikov, said that letting people choose their own price is an interesting way to open up the product to consumers who price shop and also build trust with those customers once they use the software and see just how useful it is.

Still, even if the idea is canned after a month it could create regular users.