2018 Black Hat: Bypassing MacOS Firewalls

At a Black Hat 2018, Patrick Wardle, research officer at Digita Security and founder of Objective-See (Mac oriented security company), demonstrated how it is relatively easy to bypass macOS firewalls.

The main problem is that effectivenes of macOS firewalls is limited because it block/monitors only incoming connections while there is no monitoring over outgoing network traffic, Wardle stated at a BlackHat convention.

“That means if a piece of malware does get on your system in some way, even if your Mac firewall is on, it’s not going to filter or block that (outbound) connection,” Wardle stated.

While testing third-party firewall products for macOS, he found that most of them are letting whitelisted procesess to do whatever they are design to do, regardless of potential security problems. In the particular case of third-party macOS firewalls, if firewall software recognizes the process (that appears legitimate) the firewall let it through.

“Basically, you could just name your malware the same name of the process,” Wardle explained. “The firewall isn’t even looking at the path, just the name.”

“An attacker could easily exfiltrate data to an iDrive account,” Wardle said. “A firewall would see this traffic and allow it because they fully trust that domain.” “Today our computers are so connected, that invariably there’s going to be some traffic that’s basically going to be allowed out – even if the firewall is set to be very restrictive,” he explained for the article.  “From that it can intelligently choose a variety of ways to surreptitiously utilize either those same trusted protocols for the same trusted processes to piggyback off them, so if there’s a firewall sitting there, it’s going to see that request going through and say, ‘Hey, this is a DNS requests from the daemon, I have to let it go though,’” he stated. “Such bypasses could be easily added to existing macOS malware to allow [attackers] to perform undetected bi-directional network communications – even on systems protected by firewall products.”

Experts are not aware of any publicly known or prsent malware that could bypass macOS firewalls.

Recent Articles

Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy...

COVID-19: SentinelOne Offers Free Platform Access

As the world battles COVID-19, enterprises are coping with immediate work-from-home needs and the challenges of protection beyond the network perimeter, says...

XSS vulnerability in the HTML Data Processor for CKEditor 4.0

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web...

Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled...

Photon: Light and Fast Web Crawler

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. 160 requests per second while extensive...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox