Results 1 to 15 of 22
Thread: What if...
-
11-29-2018, 08:51 PM #1
- Member Since
- Nov 29, 2018
- Posts
- 21
- Rep Power
- 2
What if...If at some point in the past my MBP's (early 2015 model) had been hacked and the MAC address of the network card and WIFI had been compromised, then how much protection does a VPN, or the OSX firewall actually provide? Most relevantly: does the fact that an attacker has access to those base level addresses of the hardware etc. mean that so long as I'm connected to the internet I'm accessible when they use Terminal commands remotely to try and access my mac? Would changing the user account password become the one critical way to prevent this kind of attack? (I note that when using terminal I'm always prompted for the user account pw)..
Regards
Macced
- 11-29-2018, 10:49 PM #2
- Member Since
- Nov 28, 2007
- Location
- Nambucca Heads Australia
- Posts
- 25,235
- Your Mac's Specs
- iMac, i7 4GHz, 32GB memory, 1TB Blade, macOS Catalina,
- Rep Power
- 32
Maybe just don't go on the 'net.
Make sure you are using WPA2 or stronger and a new 18 digit password including number/s, capital/s etc.Using OS X.7 or later make a bootable USB thumb drive before running Installer!
11-29-2018, 10:51 PM #3Knowing the MAC address means nothing. Your router already has a firewall on it, so you are all set. If you've disabled all of the sharing on your Mac then no one can get in. The VPN is useful when on public WiFi, but less necessary on your own home network. You should only be prompted for your password on the Terminal when you run privileged commands, not all the time.
Change any and all of your passwords if it comforts you.--
Regards
...Ashwin
11-29-2018, 10:57 PM #4
- Member Since
- Nov 29, 2018
- Posts
- 21
- Rep Power
- 2
11-29-2018, 11:02 PM #5
- Member Since
- Nov 29, 2018
- Posts
- 21
- Rep Power
- 2
Thanks for the reply. I'm actually not using a broadband router. My sole two means of internet access are mostly cellular, via the personal hotspot of my tethered iPhone 5s running iOS 12.1 and the iOS version of the same VPN service my MBP runs. Occasionally I use my campus WPAII network, but even then I just connect and then immediately turn on my VPN before doing anything online. So, in light of the now clarified internet access (no router firewall) and just OS-x inbuilt firewall, where do I stand in terms of vulnerability to remote access. If a person had my user account password, whats preventing them commanding my system via terminal or other methods?
11-29-2018, 11:28 PM #6
- Member Since
- Jan 01, 2009
- Location
- Winchester, VA
- Posts
- 7,078
- Your Mac's Specs
- MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
- Rep Power
- 27
Change your user account password.
Jake
11-30-2018, 10:33 AM #7
- Member Since
- May 21, 2012
- Location
- Pawtucket, RI, US
- Posts
- 6,995
- Your Mac's Specs
- L2014 Mac mini macOS 15, iPhone 8+ iOS 13, 12.9" iPad Pro 1 iPadOS 13, Pencil 1
- Rep Power
- 14
Hands on access to your device?
-- Bob --
Please backup. Everything has a life cycle, unexpected and warning free. Nothing will last as long as you want it to.
12-01-2018, 01:44 AM #8
- Member Since
- Nov 29, 2018
- Posts
- 21
- Rep Power
- 2
Thanks MacInWin. It seems a bit pointless given the fact they can see everything I type in real time at present..... Perhaps change it after another clean install from the USB drive??
Also: Am I to assume from your reply that it is possible to command another mac remotely via terminal commands if the address is known??
- - - Updated - - -
Hi Ferrarr - No, they don't have physical access.
12-01-2018, 11:17 AM #9
- Member Since
- Jan 01, 2009
- Location
- Winchester, VA
- Posts
- 7,078
- Your Mac's Specs
- MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
- Rep Power
- 27
You said,
If a person had my user account password, whats preventing them commanding my system via terminal or other methods?Jake
12-01-2018, 07:58 PM #10
- Member Since
- Nov 29, 2018
- Posts
- 21
- Rep Power
- 2
I've actually got MalwareBytes running as we speak, and like this and all previous scans in/around the last clean install it always finds nothing. Though now I'm on the Free version as my 'pro' trial period expired. This just means I don't have the real time protection, but it still checks for the same full db of viruses/malware right?
Per post #1 you'll also see I did do a complete wipe / reinstall (Disk erase after using CMD-Option and booting from a USB High Sierra installer). On that point, is it possible that a rogue app could have survived the restart by residing in the recovery partition which seems to be impossible to get rid of with the disk erase function?? If so would re-partitioning the drive be my best option? (I read that this gets ride of everything including the recovery partition). Is it even possible to write to the recovery partition (assuming they have access to any/all tools?)
Thanks again for your advice... its good to get the input of those more experienced here.
12-01-2018, 10:38 PM #11Rocky97GuestMAC addresses aren't accessible externally. This means websites cannot see your MAC address, this also means that a MAC address contains no meaningful info to outsiders.
Yes, if someone was to gain access to your WiFi network, it is possible your personal details yu enter on websites could be sniffed most importantly, but also, your computer could possibly have data accessed through means of finding vulnerabilities through port scanning etc. Therefore just ensure your wifi network is secure by using WPA2 level authorisation. Also it is best if you do not use a default password, these can easily be discovered through online databases, etc. Be careful about your choice of WiFi password, do not useca real word, dictionary brute force attacks are not difficult these days.
12-02-2018, 07:52 AM #12
- Member Since
- Nov 29, 2018
- Posts
- 21
- Rep Power
- 2
Thanks Rocky. I'm actually just using the 'USB only' 4G tethering to my iphone for internet and rarely the campus WIFI which is WPAII.. Good point though regarding the length of the password. I was reading on hacker forums that 8 characters gets cracked in 4 hours whereas 18 is up to 16 years....
What I really need here is someone whose pretty 3L33t with the whole hacking thing and who knows what the Mac's vulnerabilities are... Nobody yet has been able to reply and confirm whether rogue software can be put on the recovery partition, or whether partitioning is the one sure fire way to clear it out.... I'm all ears
12-02-2018, 08:59 AM #13
- Member Since
- May 21, 2012
- Location
- Pawtucket, RI, US
- Posts
- 6,995
- Your Mac's Specs
- L2014 Mac mini macOS 15, iPhone 8+ iOS 13, 12.9" iPad Pro 1 iPadOS 13, Pencil 1
- Rep Power
- 14
The sure way to clear it out, is to have your own bootable USB drive, and not relying on the Recovery partition.
-- Bob --
Please backup. Everything has a life cycle, unexpected and warning free. Nothing will last as long as you want it to.
12-02-2018, 09:59 AM #14
- Member Since
- Jan 01, 2009
- Location
- Winchester, VA
- Posts
- 7,078
- Your Mac's Specs
- MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
- Rep Power
- 27
Yes, that is correct. Except that there are no viruses for macOS at this time, so it's not checking for something that doesn't exist. And because no known vectors for a virus to attack are known, it can't even check for potential activity on those non-existent vectors. But don't worry about ti, if a weakness is discovered or a virus created, it will be headline news and you can worry about viruses then.
Per post #1 you'll also see I did do a complete wipe / reinstall (Disk erase after using CMD-Option and booting from a USB High Sierra installer). On that point, is it possible that a rogue app could have survived the restart by residing in the recovery partition which seems to be impossible to get rid of with the disk erase function?? If so would re-partitioning the drive be my best option? (I read that this gets ride of everything including the recovery partition). Is it even possible to write to the recovery partition (assuming they have access to any/all tools?)
Thanks again for your advice... its good to get the input of those more experienced here.
No need to be paranoid about this, and no need to do anything beyond what has already been suggested...change passwords.Jake
12-02-2018, 08:11 PM #15
- Member Since
- Nov 29, 2018
- Posts
- 21
- Rep Power
- 2
Are you trying to say theres no viruses affecting the mac OS at present? Or do you mean no viruses that use WIFI access that the real time protection is presumably there to protect against?
First, anything is POSSIBLE, but the probability of a rougue actor getting to the recovery partition and doing harm is virtually nil. The recover partition is very small, under a GB, and holds a minimal boot system and the utilities to execute a re-install of the OS, if that is needed. And the partition is normally hidden except to system activity, so a nefarious actor would have to find some way to force your system to boot into that partition, gain control over it, install the malware of choice, then reboot the system to your regular partition and somehow find a way to get to the application in that hidden partition to run it. All of that requires full access to your machine, not some remote access. OK, can it be done? Yes, potentially. Is it reasonable to think you are a victim or potential victim of such an attack. Absolutely not. Don't sweat that avenue as it has so many obstacles to make it work that if the bad guy could do that, he could just walk off with your machine in toto.
No need to be paranoid about this, and no need to do anything beyond what has already been suggested...change passwords.
So, on that point, and if you are not feeling like an emotive retort: If they had the user account pass and could thus potentially command the mac remotely via terminal, is there not any command that can be used to reboot and load from a specified volume (such as the recovery partition)? Is that why you say 'OK, can it be done? YES potentially" ??
Regards,
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)