Depending on the lens you view him through, Patrick Wardle (former hacker for the NSA and macOS security expert) is either your best friend or your worst nightmare.
Most people (whether fans of Apple or not) will readily concede that the company works hard to make their products as secure as possible. Unfortunately, at this year’s Def Con hacker convention in Las Vegas, Wardle made a presentation that is currently sending shockwaves through the Apple user community. He exposed a major security flaw in the company’s products that impacts many of their secondary defensive measures.
Normally, when an Apple device detects an action that is potentially malicious, Apple’s OS will block it, then display an alert box to let the user know.
Unfortunately, as Wardle demonstrated, it is a trivial task for a hacker to generate a “synthetic click” to dismiss the warning box. This could be done in the blink of an eye, or with only slightly more effort, and be made utterly invisible to the end-user.
As Wardle puts it, “The ability to synthetically interact with a myriad of security prompts allows you to perform a lot of malicious actions. Many of Apple’s privacy and security-in-depth protections can be trivially bypassed.”
This is hardly a new trick. Over the years, several malware strains have used synthetic clicks to dismiss warning boxes, so Apple is certainly no stranger to the strategy. In response, they have given their OS some ability to detect and ignore synthetic clicks, but as Wardle demonstrated, it’s far from perfect and even a fully updated High Sierra system was not completely protected.
Wardle concluded his presentation with the following: “I wasn’t trying to find a bypass, but I uncovered a way to fully break a foundational security mechanism. If a security mechanism falls over so easily, did they not test this? I’m almost embarrassed to talk about it.”
Apple has not yet responded to Wardle’s presentation.