At a Black Hat 2018, Patrick Wardle, research officer at Digita Security and founder of Objective-See (Mac oriented security company), demonstrated how it is relatively easy to bypass macOS firewalls.
The main problem is that effectivenes of macOS firewalls is limited because it block/monitors only incoming connections while there is no monitoring over outgoing network traffic, Wardle stated at a BlackHat convention.
“That means if a piece of malware does get on your system in some way, even if your Mac firewall is on, it’s not going to filter or block that (outbound) connection,” Wardle stated.
While testing third-party firewall products for macOS, he found that most of them are letting whitelisted procesess to do whatever they are design to do, regardless of potential security problems. In the particular case of third-party macOS firewalls, if firewall software recognizes the process (that appears legitimate) the firewall let it through.
“Basically, you could just name your malware the same name of the process,” Wardle explained. “The firewall isn’t even looking at the path, just the name.”
“An attacker could easily exfiltrate data to an iDrive account,” Wardle said. “A firewall would see this traffic and allow it because they fully trust that domain.” “Today our computers are so connected, that invariably there’s going to be some traffic that’s basically going to be allowed out – even if the firewall is set to be very restrictive,” he explained for the article. “From that it can intelligently choose a variety of ways to surreptitiously utilize either those same trusted protocols for the same trusted processes to piggyback off them, so if there’s a firewall sitting there, it’s going to see that request going through and say, ‘Hey, this is a DNS requests from the daemon, I have to let it go though,’” he stated. “Such bypasses could be easily added to existing macOS malware to allow [attackers] to perform undetected bi-directional network communications – even on systems protected by firewall products.”
Experts are not aware of any publicly known or prsent malware that could bypass macOS firewalls.
Kali Linux for Raspberry Pi 4 Relased
Offensive Security just introduced Kali Linux for Raspberry Pi 4, completely upgraded and re-engineered. This is the first model with…
Magic Eye Enables Robots To Improve Their Object Discovering Capacity
Another MIT-created procedure empowers robots to rapidly distinguish items covered up in a three-dimensional haze of information, reminiscent of how…
3 Cybersecurity Conferences of 2019 You Must Attend
As we know security takes a team, and it’s a journey. Boost your security approach by networking and knowledge sharing. Defcon When: 9-11 August, 2019…
Macrocomm announced as sponsor of IoT Forum Africa 2019
Macrocomm has been announced as a Bronze Sponsor of the Internet of Things Forum Africa 2019. This year, IoT Forum…