Inqtana.d Installs on Macs Using Bluetooth
'Mac OS X' has been found with a 'proof of concept' exploit called
"Inqtana.d Bluetooth'. The exploit on the affected Macs provides hackers
with a root account in the PC. It has not yet spread in the wild, cannot
collate up-to-date installations of Mac OS X and is loaded on a 'Mac OS X
system' through 'Bluetooth' from a PC or PDA executing 'Linux'. Internet
security and privacy firm, 'Intego' has issued a security memo on this
The exploit can have a negative impact on 'Mac OS X 10.3 and 10.4' that do
not have security updates installed. While the 'Bluetooth' is on it
affects the attacking computer within its range, which by default is 10m
or 30ft. However, repeaters and/ or antennas can extend the range.
'Inqtana.d' exploits the "rfcomm" security flaw in 'Bluetooth' software.
Contrary to previous executors of 'Inqtana.d', this one works without
'user interactive'. It creates a user account called "bluetooth", which
enables access at the very root to be used for malicious purposes. The
account is instantly available and there is no need to restart 'Mac OS X
Intego informed that the 'Inqtana.d' installs other software. The new user
account consists a "backdoor", which allows the malicious user to log in
via that account with the help of 'Ethernet' or 'Airport'.
After the exploit is installed, there is no need of the 'Bluetooth'. Users
with updated 'Mac OS X systems' and a security update can protect
themselves from this vulnerability.
Apple's security solution '2005-005' in 'Mac OS X 10.3' saves from this
vulnerability. Apple's 'Mac OS X 10.4.7' update saves from this
vulnerability in PCs running 'Mac OS X 10.4'. Intego recommends users to
load these updates at the earliest if they have not done as yet and also
use the subsequent versions. But if the machine is already compromised
before applying them then the damage and "backdoor" will remain.
As for advise to Mac users, they should use appropriate security programs
to protect themselves from such attacks and regularly employ security
updates to make sure their OS X is safe for use.
Related article: Insiders Still the Greatest Risk to Data Security
» SPAMfighter News - 10/30/2006