Black Hat: Machiavelli – Demo rootkit for Mac OS X

On the last day of the Black Hat security conference, IT security expert Dino Dai Zovi presented his Machiavelli rootkit for Mac OS X.

In keeping with the "divide and conquer" principle and disguised as a Remote Procedure Call (RPC) subsystem, Machiavelli smuggles itself into the Mach kernel, the foundation of Mac OS X. It installs a local agent which, while nearly invisible to the user, can be controlled remotely via the network. Installing the rootkit requires admin rights and even Dai Zovi himself doesn’t think that Machiavelli has uncovered a flaw in Mac OS X.

Dai Zovi also plans to release additional tools, for example iChatSpy (for recording iChat conversations), SSLSpy (for capturing SSL traffic) and iSightSpy (for taking pictures with the webcams integrated in Apple notebooks and displays).–/news/113901

Leave a Reply