# Hacking into a mac?



## infinity8 (Feb 19, 2006)

I've been curious about the topic of hacking and have been doing google searches on the topic, but couldn't find a definite answer, if it was possible to hack into Mac's OSX and taking control of it, without the user being aware. Would any ehmacers know if it was possible.


----------



## John Clay (Jun 25, 2006)

Sure, it's possible. Anything is possible. I can't imagine hacking OS X would be any harder than hacking another UNIX-based OS. As for specifics, I haven't a clue.


----------



## Wako (Oct 11, 2006)

Most hackers wouldn't be able to hack into an OS X machine. Script-kiddies can't, so that rules out 95% of the "hacker" population. There was, I believe, a school security competition at one point, and it was reported that one of the guys there hacked a Mac mini in less than 30 minutes. First, 30 minutes is huge compared to how long it takes to hack into a WinBox. Second, the hack isn't what you'd expect. It wasn't hacked from the internet to the computer, but from the computer itself, to gain privileges on it, and the mini wasn't set up with _any_ kind of enhanced security. I think it was running 10.3, but I can't remember for sure.

That said, hacking from the internet to your computer and gain access to it will be next to impossible if you run a network with a firewalled router (assuming you're not unlocking ports). It still is possible, but very unlikely... unless double-click on a program designed for that and give it your admin password and authorisation...

So if you run a network with a firewalled router... Please do change the password on it. If you leave it to the default, it's a breeze to jump on your network and get all your computer's MAC addresses... and more.


----------



## John Clay (Jun 25, 2006)

If you've got physical access to the machine, it's possible to bypass passwords in under a few minutes, depending on a few things.


----------



## The Doug (Jun 14, 2003)

I'm more curious about why this question has been asked, than the actual answer.


----------



## Kosh (May 27, 2002)

I remember doing something like that in University with a bunch of Unix PCs, but they were all on the same network and obviously didn't have any security on them to prevent other machines from accessing others. Unix has some interesting commands.


----------



## Darien Red Sox (Oct 24, 2006)

If someone is after credit card numbers and e-mail paswords thay can easley hack your router if the conection is open and view all the infomation that is sent through it. It is not a good idea to wip out the charge card at Atarbucks and start buying stuff.


----------



## eMacMan (Nov 27, 2006)

By default SSH, ARD (Apple Remote Desktop) etc. are turned off on all versions of OSX. 

Still its a good idea to go into System Prefernces and confirm this. Robust User passwords are also a good idea.


----------



## CanadaRAM (Jul 24, 2005)

You are at risk 
If you are filesharing, 
if you are using remote accesd software 
if you have P2P software, 
if you are running an FTP server on your machine 
if you are running a webserver on your machine, 
if the hacker has physical access to your machine, 
if you are sending wirelessly through an insecure WiFi connection,
if the hacker tricks you into voluntarily providing information, 
if you haven't changed the admin password on your router/gateway, 
if the router is not correctly set up to block ports
etc. etc.


----------



## slowzuki (Jun 6, 2006)

The mac mini hacker challenge was a mac mini connected to the internet that you could telnet into. The hackers were all given user accounts before starting and it still took them 30 minutes.

This situation doesn't occur frequently. You are much more likely to share a cc number or plain text password over an unsecure network connection.


----------



## MacDaddy (Jul 16, 2001)

Our web/email server was hacked recently. The hacker put a file on our server to redirect people to a PayPal phishing site when they clicked the link in the email.

They got in using a dictionary attack to gain root access (I have mentioned this should not be enabled to begin with!!!). Thankfully a good samaratin let me know about the file and I removed it.


----------



## Script Kiddie (Jan 30, 2003)

MacDaddy said:


> ... They got in using a dictionary attack to gain root access ...


Your root password must have been pretty weak to have fallen to a dictionary attack.


----------



## Script Kiddie (Jan 30, 2003)

Darien Red Sox said:


> If someone is after credit card numbers and e-mail paswords thay can easley hack your router if the conection is open and view all the infomation that is sent through it. ...


Only if you are silly enough to pass credit card information over an unencypted link.

If you are connected to a web site via https the cipher code cannot be broken just because someone has "hacked into your router". The encrption is done on the host and cannot be unencrpted by any party except the server - the parties which exchanged keys. Read up on "man in the middle" attacks. SSL solved that one.

Think about it. Every router between you and the web site you are connected to is not assumed to be secure. Does'nt matter if the one in the starbucks is hacked or not.

Passing sensitive information without encryption... now thats definately asking for it.


----------



## MacDaddy (Jul 16, 2001)

Script Kiddie said:


> Your root password must have been pretty weak to have fallen to a dictionary attack.


it is a word in the dictionary followed by 3 characters ([email protected]#$%^&*().
I have always thought it could be better, but the guy above me is really in charge and doesn't listen to any of my suggestions anyway.

I am guessing a dictionary attack because of the user names they were also trying that were not part of our system.


----------

