Tuesday, 8 October 2013

Apple's own Encryption Mechanism allows hacker to create an Undetectable Mac OS X Malware

In the past, there was a general belief that Macs is much more secure than Windows PCs, but now Mac malware is a serious threat to the security of users’ computers and information.

One of the reasons behind the increase in Mac related Malware attacks is the fact that Apple products are popular with many prominent businessmen and influential politicians.
Daniel Pistelli, Reverse Engineer and lead developer of Cerbero Profiler, former developer of IDA Pro comes up with another interesting research, and explained The Hacker News, the basic details behind the technique he used to create an undetectable malware for Mac OS X.

Apple implements internally an encryption mechanism to protect some of their own executable like "Dock.app" or "Finder.app". This encryption can be applied to malware as well. If one does, anti-malware solutions can no longer detect the malware because of the encryption, but OS X has no problem loading such malware.



This same protection mechanism can be used on existing malwares that are already detected by Anti-malware products, to make them completely undetectable. Those same anti-malware products can no longer detect the malware because they don't understand it's encrypted.
Currently, it’s true that there are fewer malware programs that are targeting Mac OS X  versus Windows. However, that doesn’t mean that Macs are totally secure.
To mitigate this problem Daniel suggests Anti-Malware product makers to either support the actual decryption , alternatively, to trust encrypted executables only when signed by Apple. Read complete technical details about the method on Daniel's Blog.

The events of recent years have led many users to question just how secure Mac really is.

1 comment: