Gosh. Gee whillikers, Space. Do you think those black hatters might just like to "stick a cigarette in the eyes of Mac users" to show them how unsafe they are???
That cigarette quote came from just such crackers David Maynor and Jon Ellch, who, to demonstrate the fragility of Mac's security, found it necessary to create a HOAX video of a Macbook being taken over via WIFI. The video was shown with great glee at the last Black Hat convention. They refused to tell people how they did it or to demonstrate the exploit live. It turned out they used an EXTERNAL USB WIFI card and a third party driver despite the existence of a perfectly good (and secure) built in WiFi card and drivers. They also PRE-installed a script to run on the targeted Mac.
"Daring Fireball's" John Gruber bought a brand new MacBook and challenged Maynor and Ellch to crack his out-of-the-box MacBook... if they could, it was theirs, free and clear. John Gruber still has the MacBook.
Another Mac challenge DID get hacked. A guy in Sweden put up a Mac Mini as a server and it was cracked in under 30 minutes. BUT, this idiot gave everyone wanting to "rm-my-Mac" a Local User Account, opened every port that is normally closed in a default install, and then used extremely weak passwords for his administrator account. An Australian cracker named Gwerdna (I wonder if his first name is Andrew? I also wonder how hardened his passwords are.) broke in and defaced the web site by escalating his privileges to administrator.
David Schroeder, the senior Apple systems engineer at the University of Wisconsin's IT department put up a Mac Mini as a Web server, using it straight out of the box with no firewall, no AV, nothing, bare naked, and challenged the black hatters to crack into it. Thousands of attempts were made over a period of 37 hours (the University required him to pull the challenge because of bandwidth usage) and NOT ONE SUCCEEDED.
David Schroeder . . . set up his own contest inviting security researchers and hackers to attempt to breach a Mac with open SSH and HTML ports and two user accounts. A critic of the original contest, Schroeder stressed that his challenge is more fair, but that most users will not likely even have those ports open."Mac OS X is not invulnerable--it, like any other operating system, has security deficiencies in various aspects of the software," Schroeder wrote. "However, the general architecture and design philosophy of Mac OS X, in addition to usage of open source components for most network-accessible services that receive intense peer scrutiny from the community, make Mac OS X a very secure operating system." - Source.
I think it is safe to say that the "black hatters" have given it a go and have failed miserably. Six years and counting... no malware!
Excellent smackdown.
Not sure if a poorly written driver is a HOAX? Windows suffers from 3rd party drivers all the time and gets a black eye from it.
One could argue the OS shouldn't allow such things.