Just how safe is your hackintosh?

[Uptown_J]

I have come across some articles and doing my best to avoid a flame war. I am not trolling here. I love hackintoshing, custom macs, etc. I have been doing this since 2007. What I read recently from fireeye is disturbing. In case anyone is unaware, APT28 is a possible Russian cyber infiltration unit responsible for much of our enterprise data breeches.

 

Before I continue, I do not nor would I never use a hackintosh in a corporate environment. I do not wear a tin foil hat on my head. I do know that fighting malware is daily occurrence on Windows PCs from my own personal experience.

 

What I would like to know is if anyone has bothered to verify the tools we use for security? Let's face it. I love all of developers but an unusually high number are coming from Russia. Does that mean all Russians are bad? Not at all. Is it something that keeps me up at night? No. Do I have a cause for concern? Absolutely. I am slowly moving toward actual Apple laptops and Desktops especially after reading about the spying that is going on.

 

Does that mean my own country in which I love is innocent? No way. I love my country but I know "it goes on" everywhere. I don't want to go down that road. I am merely putting this out there: Have we tested these tools for security?

[dreadkopp]

i use clover as a bootloader. it's open-source but i must admit that i haven't reviewed the code for backdoors etc. yet. Audio works via DSDT-Fix. Also using Little-Snitch.

 

I think my hack is as safe/unsafe as a real mac.

 

Also i do not think that it is usefull do integrate backdoors etc. in hackintosh-specific kexts/bootloader etc. since they are used (most of them) just private and also by a very little number of people. You won't get much usefull information that way i guess.

 

Also: there are just a lot of russians (russia is big ), also the population is not known to be the richest, so to run osx you might need to hack since you cannot afford a real mac.

 

My two cents: i think your data is much insecure when using icloud/google drive or else then by using a hackintosh. Also the best attempt the hack your hack would be via the bootlaoder or via the kernel (amd). all this data is opensource. 

 

greetz

[Uptown_J]

So the short answer is we do not know but it's open source so we can easily determine through viewing the code. That is IF one is compiling themselves and not downloading precompiled kexts and tools that may not be releasing their code.

 

Audio is sorta kinda different because of the way it just remaps what is already there. Not much to really hack in there. Where I am starting to focus are on the utilities we are using. Kext Utility, Kext Wizard, Chameleon Wizard, Anything on XXnyMac, etc. We simply do not know.

 

What can they steal from me? Well true. I am sure if you want to see selfies and other photos go for it. I have shown more off in public or on Facebook or etc. I guess my fear is my hack becoming a conduit for payload deliveries. It's a valid concern. I could use a packet sniffing tool but honestly I would not know how to decipher it (yet). Most of my custom mac friends wouldn't either. They would likely know how to get the machine running but that's about it. There are so many obscure ports out there anyway. It's hard enough to keep track of what I do know.

 

Conclusion: Inconclusive. More data required.

[dreadkopp]

if you want to be sure, you need to compile the boot loader yourself after reviewing the code. for Kext-Installation you do not need any utilities. they are just easy-to-use interfaces which work with OS X-internal tools.

 

OR you could trust that the software you use is backdoor-free . but that's not a problem with only mackintosh-specific tools but any software you didn't write yourself/reviewed the code and compiled it yourself (and even then your compiler could insert a backdoor because you didn't write it yourself).

 

if you wan to be 100% safe unplug your ethernet cable / disconnect your wifi.

 

It's like going to the mall. you could be run over by a car, your purse could be stolen, or else. to be 100% safe you ned to stay at home (in a bunker in that case )

[Mr. Xtreme]

if you want to be 100% safe unplug your ethernet cable / disconnect your wifi.

No, to be 100% safe unplug you hack .

[Biso007]

Why to bother our hacks .. you are already not safe since that moment you decided to use a smart phone