MacOS 10.5 Leopard Phones Home, Reveals Little Snitch 2
Apple's Mac OS 10.5 Leopard 'loginwindow' process phones home to lcs.mac.com on port 443 which is only revealed by running the new Little Snitch 2 security monitoring tool.
read more | digg story
I find Alex's story a bit prematurely accusatory toward Apple, though he did seize a worthwhile opportunity for some healthy advocacy of Little Snitch. I just upgraded my license to 2.0, and it's well-worth the $13 :).
It's good to track these types of issues, but there are a lot of processes on OS X that'll communicate to other servers, even over SSL, including webdav client for idisk, Mail.app for .Mac Mail over IMAP. It's just that loginwindow isn't a process you'd typically expect to connect to some mac.com host, which happens to be lcs.mac.com, so it's definitely worth raising an eyebrow.
Engadget mentions some "secure magic" of the "Back to My Mac" feature, allowing a Mac linked to a .Mac account to control another Mac linked to the same .Mac account:
[...] On the back end of things, Leopard includes "Back to my Mac," which keeps track of your home Mac's IP address through various (and secure!) magicks [... Read More ]Apple has a page dedicated to the Back to My Mac feature. The requirements section is particularly interesting:
NAT-PMP? Interesting. Wikipedia gives us some interesting information about NAT-PMP, a protocol introduced by Apple in June 2005:
Requirements to use Back to My Mac
- A .Mac membership.
- Two or more Mac OS X 10.5 Leopard-based Macs that are configured for use with the same .Mac account.
- For screen sharing, a 128Kbps or faster bi-directional network connection between the computers (file sharing may be usable with slower connections).
- An AirPort base station, or third-party Internet router which supports UPnP or NAT-PMP.
It essentially automates the process of port forwarding.This may be wild speculation but could it be possible that loginwindow is sending public IP and ports information to .Mac, to enable other Macs linked to the same .Mac account to connect?
Included in the protocol is a method for retrieving the public IP address of a NAT gateway, thus allowing a client to make this public IP address and port number known to peers that may wish to communicate with it.
I don't find the mere fact that Leopard is sending data over an encrypted connection to lcs.mac.com a security concern in and out of itself. And until a crafty developer manages to extract information out of the perpetrating process before it sends its data over the encrypted connection, i won't just assume this is a privacy concern.
On the other hand, reading more about this "Back to My Mac" feature makes me nervous. A long time ago, I wrote a rant about Layers of Operating System Security, touting the fact that OS X had virtually no open ports on a default installation, dramatically reducing vectors of attack. Making this "Back to My Mac" feature available on default Leopard installations could, possibly, one day, present a vector of attack.
Let's hope Apple's got their proverbial sh*t together, and if not, let's hope some crafty ethical hackers manage to find holes and get Apple to plug them, before some zero-day exploit gets in the wild.