Manufacturers are looking into methods that might speed up Internet of Things (IoT) deployment, but many are neglecting experts’ warnings about the possibility that IoT devices can be used as next-gen cyber weapons to invade smart homes and organizations. The lack of interest in providing devices with robust security from the design stage is somewhat peculiar.
While organizations are gradually automating infrastructures, I think looking into stronger security mechanisms should come naturally. Unfortunately, this can’t be said about buyers’ expectations in gadget specifications. The more vulnerable the device they buy, the greater the chance of compromising their home or organization, as all connected gadgets are in fact ideal entry points for hackers. This includes macOS-operating devices, in spite of the built-in security settings.
One amazing (and possibly little-known) fact is that Macs can be turned into home-automation systems, provided the operating system is not older than 10.3, since older versions have restricted software options. However, if the device is hacked, criminals can exploit the Mac to pilfer keychain passwords, and mess with the IoT-enabled thermostat, entertainment system, coffee machine, lights, smart TV, and other linked devices. The zero-day vulnerability that enables hackers to steal keychain passwords is even now present in a number of macOS versions.
Theoretically, Macs can protect themselves by blocking the installation of unsigned applications. However, there are ways to get around this feature and run rogue applications anyway, as some are legitimate, although accepted in the store.
Macs can easily be compromised through an infected IoT infrastructure. Once a criminal is inside the network, he can compromise all integrated devices, including a connected Mac. In spite of the security settings, Macs are not immune to phishing attacks, Trojans, and keyloggers, and still include kernel vulnerabilities.
Despite Apple’s patches and security updates for Safari, iCloud, and code execution vulnerabilities, a very large number of Macs are still susceptible to firmware attacks, arbitrary code executions, and unidentifiable exploits. The ThunderStrike and ThunderStrike 2 attacks demonstrated how targeting the vulnerabilities in the Extensible Firmware Interface could let hackers install stealthy malware and replace firmware.
Hackers already have a precedent of breaching Apple’s servers to steal iCloud credentials, trampling on Apple’s two-factor-authentication protection. This enabled access to Apple’s Find My Device function, which they used to encrypt devices and take full control over them until ransom in bitcoin was paid.
The continuous growth we’ve seen in Mac malware variants is alarming, validating security experts’ concerns that 2018 will bring a growing interest in Mac attacks through sophisticated cyber tactics. To protect their devices from malicious attacks, Mac users can install Bitdefender’s absolute protection against new and unknown threats.