Skip to content

Posts tagged ‘system’

24
Jul

OS X Lion Released, Brings Improved Security

As you will know by now, Apple has release Lion (OSX 10.7) to the orgasmic jubilation of Mac fans everywhere. Ok, perhaps I exaggerate, but Lion was probably the most anticipated release of OSX since Leopard. Critics will argue that the number of major new features are limited, but in my opinion it’s the refinements that make Lion a great update. And for what it’s worth, the Mac App Store update process went perfectly smoothly on my iMac.

Most importantly, however, are the security improvements that Apple have made to the OS. Leopard and Snow Leopard already had some of these features, but they were not fully developed. In Lion, it seems, many of those issues have been fixed. In fact Lion has been said by several security researchers to now offer superior security over competing operating systems. I’ve said for a while that Apple will wait until OSX is really stable before properly addressing security. It appears Lion is the start.

I’ll start off with the most user-visible security features:

  1. FileVault 2: Whereas FileVault on Snow Leopard only encrypted users’ home folders (using disk images), leaving the System and Applications vulnerable to attack, Lion now has true block-level Full Disk Encryption (XTS-AES 128 algorithm). FileVault 2 also supports full disk encryption of external USB and FireWire drives. One key new feature is Lion’s “Instant Wipe”, which will allow you to wipe the hard-drive should your computer fall into the wrong hands. Similar to iOS devices, this may tie in to the new Find My Mac functionality.
  2. Privacy Controls: Apple has sprinkled around some additional privacy controls, giving the user more say in how their data is stored or used. There’s now full control of which applications can make use of the Location Services features of OSX.
  3. Apple ID Authentication: This is an interesting feature that makes it easier for users to share content with others. Normally actions like Screen Sharing and File Sharing require the connecting user to have an account on the system. Now, you can simply add their Apple ID as an authorised account to give them selective access. It will be interesting to test how this actually works in practice.
  4. Application Sandboxing: Lion’s sandboxing capability has been greatly improved. Safari, for example, has been updated to include sandboxing, meaning that website content loads in a separate process with limited functionality. This help prevent malicious websites from gaining access to the underlying system. Apple is encouraging third party software developers to start sandboxing their applications.
  5. Full ASLR: This is a big one. Address Space Layout Randomization is a technique to make exploitation of vulnerabilities more difficult by not using fixed memory addresses for key data areas. In Snow Leopard, ASLR was half-baked and essentially broken. In Lion, it appears that Apple have finally implemented full ASLR (covering 32 and 64-bit application), although how well is yet to be fully determined. Either way this will present an additional barrier to exploits.
All in all, some significant improvements over Snow Leopard. The security push isn’t over yet, however, and I’m sure we’ll be seeing a bit more from Apple as OSX develops. This doesn’t mean vulnerabilities won’t be found in OSX, but it will make it that much harder for workable exploits to be developed. I anticipate we’ll start seeing a lot more vulndev attention being committed to OSX this year.
8
Jul

Mac OS X “Lion” and the Dangers of Restoring from a Partition

With the release of Mac OS X 10.7 “Lion”, Apple is changing the way we’ll be doing system upgrades. Lion will only be available to Snow Leopard users electronically through the Mac App Store, and thus it will no longer be possible to purchase a physical install DVD. Before I go into the intended topic of this post, allow me to <rant> about how I’m not too keen on this decision. As a result, it’s no longer possible to install OSX on Macs that don’t have an internet connection (yes, these do exist!). Even for those who do, many don’t have very fast internet connections, or may have extremely low usage caps. I know that UK internet providers still offer entry-level packages 5Mbit lines and stupidly low 1-5 GB monthly limits. Lion is likely to be about 4GBs in size. Oh, you want to install OSX on more than one Mac? Suuure, just download the 4GB install package on each Mac.</rant> You get the point…

The real thing I wanted to talk about is Apple’s solution to system re-installation or recovery, and specifically the security implications thereof. Installing Lion will cause it to create a small ‘recovery’ partition on your primary drive, which is essentially a partition equivalent of an install DVD. If you have a problem with your main OSX partition, and need to run repair utilities or reinstall, you just boot from the recovery partition. Sounds really useful actually, as you don’t need to worry about having a DVD handy. But where this solution brings ease-of-use and convenience, it also brings some security risks.

Although Mac OS X is still largely unaffected by malware, the winds of change are indeed upon us, and it’s unrealistic to assume the Mac will remain virus-free forever. As viruses get more complex they find ever-improving ways of making themselves persistent on a system. There are countless examples of Master Boot Record viruses on Windows where the only sure-fire solution is to completely wipe the hard drive and reinstall from CD/DVD. Because once your system is infected, good security practice forces you to assume that any file or executable is compromised. So, how does this affect a bootable recovery partition? If I were a virus writer, I’d make pretty darn sure that I infect a core installer file on the recovery partition so that any  installation will have my virus. The nice thing about DVDs is that even if you insert them into an infected computer, they can’t be changed, and so you have complete confidence (barring a very advanced/rare firmware virus) that wiping and reinstalling from DVD yields a fresh and clean install of your system. As a security professional, I don’t think I’ll be able to trust a recovery partition like that.

But wait, there’s more. Viruses are a concern, but if you’re a smart user they’re not really a problem. We can run anti-virus, disable Flash, Java and Javascript, etc, and as long as you browse safely and don’t open random executables you’ll be perfectly fine. What about an attacker with remote or physical access to your computer? If I remotely hack into someone’s Mac, either due to a vulnerability or a weak password, all I have to do is modify a few files in the existing system and the recovery partition, and boom, persistent back door! The user can reinstall OSX all they want… my back door will simply be reinstalled with it.

But wait, there’s more. Even if your computer is completely secure from remote attacks, the same goes for someone with physical access to your Mac. Now, as a disclaimer, I have to point out that anytime an attacker gets physical access to any computer it’s game over. Even if you use FileVault, I may not be able to log in to your computer (unless some kind of cold boot attack is still possible), but I can easily boot your computer from a USB stick (or remove your hard drive if you have a Firmware password), trojan your recovery partition and corrupt your primary boot partition (similar to an Evil Maid attack). What are you going to do? Reinstall Mac OS X from my trojaned recovery partition of course! It’s not like you have a choice.

Any system compromise can lead to the installation of a persistent backdoor for the lifetime of the recovery partition on that hard drive. I don’t want to sound overly critical; I am probably one of the most fervent Apple supporters you’ll ever meet (with good reasons too), but not to the extent it stops me from thinking about potential impacts. I appreciate that Apple is trying to make things easier for Joe User. Being able to download updates electronically is awesome, and I honestly believe many would take advantage of that (myself included), but users should be given the choice. Particularly in situations like this where not having a physical install medium can have an impact on both usability and security.

My guess (or maybe hope) is that if Apple is not going to sell install DVDs itself, we may be allowed to burn our own install DVDs after downloading Lion from the Mac App Store. Either way, it is fairly trivial to burn the Lion installer onto a DVD – but users shouldn’t have to (or sometimes can’t) resort to a hack like that. Take heed, Apple.

[Update 21/07/11] Ok, so Apple isn’t going to allow users to burn their own DVDs, but they have confirmed that Lion will be available on a mini USB drive in August (for $69).

css.php