Jump to content

Just how safe is your hackintosh?

6 posts in this topic

Recommended Posts

I have come across some articles and doing my best to avoid a flame war. I am not trolling here. I love hackintoshing, custom macs, etc. I have been doing this since 2007. What I read recently from fireeye is disturbing. In case anyone is unaware, APT28 is a possible Russian cyber infiltration unit responsible for much of our enterprise data breeches.


Before I continue, I do not nor would I never use a hackintosh in a corporate environment. I do not wear a tin foil hat on my head. I do know that fighting malware is daily occurrence on Windows PCs from my own personal experience.


What I would like to know is if anyone has bothered to verify the tools we use for security? Let's face it. I love all of developers but an unusually high number are coming from Russia. Does that mean all Russians are bad? Not at all. Is it something that keeps me up at night? No. Do I have a cause for concern? Absolutely. I am slowly moving toward actual Apple laptops and Desktops especially after reading about the spying that is going on.


Does that mean my own country in which I love is innocent? No way. I love my country but I know "it goes on" everywhere. I don't want to go down that road. I am merely putting this out there: Have we tested these tools for security?

Share this post

Link to post
Share on other sites

i use clover as a bootloader. it's open-source but i must admit that i haven't reviewed the code for backdoors etc. yet. Audio works via DSDT-Fix. Also using Little-Snitch.


I think my hack is as safe/unsafe as a real mac.


Also i do not think that it is usefull do integrate backdoors etc. in hackintosh-specific kexts/bootloader etc. since they are used (most of them) just private and also by a very little number of people. You won't get much usefull information that way i guess.


Also: there are just a lot of russians (russia is big :P), also the population is not known to be the richest, so to run osx you might need to hack since you cannot afford a real mac.


My two cents: i think your data is much insecure when using icloud/google drive or else then by using a hackintosh. Also the best attempt the hack your hack would be via the bootlaoder or via the kernel (amd). all this data is opensource. 



Share this post

Link to post
Share on other sites

So the short answer is we do not know but it's open source so we can easily determine through viewing the code. That is IF one is compiling themselves and not downloading precompiled kexts and tools that may not be releasing their code.


Audio is sorta kinda different because of the way it just remaps what is already there. Not much to really hack in there. Where I am starting to focus are on the utilities we are using. Kext Utility, Kext Wizard, Chameleon Wizard, Anything on XXnyMac, etc. We simply do not know.


What can they steal from me? Well true. I am sure if you want to see selfies and other photos go for it. I have shown more off in public or on Facebook or etc. I guess my fear is my hack becoming a conduit for payload deliveries. It's a valid concern. I could use a packet sniffing tool but honestly I would not know how to decipher it (yet). Most of my custom mac friends wouldn't either. They would likely know how to get the machine running but that's about it. There are so many obscure ports out there anyway. It's hard enough to keep track of what I do know.


Conclusion: Inconclusive. More data required.

Share this post

Link to post
Share on other sites

if you want to be sure, you need to compile the boot loader yourself after reviewing the code. for Kext-Installation you do not need any utilities. they are just easy-to-use interfaces which work with OS X-internal tools.


OR you could trust that the software you use is backdoor-free . but that's not a problem with only mackintosh-specific tools but any software you didn't write yourself/reviewed the code and compiled it yourself (and even then your compiler could insert a backdoor because you didn't write it yourself).


if you wan to be 100% safe unplug your ethernet cable / disconnect your wifi.


It's like going to the mall. you could be run over by a car, your purse could be stolen, or else. to be 100% safe you ned to stay at home (in a bunker in that case :P)

Share this post

Link to post
Share on other sites

if you want to be 100% safe unplug your ethernet cable / disconnect your wifi.

No, to be 100% safe unplug you hack :P .

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By MacWiesel
      Hi there,
      I'm using a hackintosh for quite some time and I know that FileVault is near impossible to ever be ported but encryption should be essential these times.
      What are the best options for encrypting at least the user data (if not the whole system) without losing usability?
      In my case it goes even deeper: I want to use ZFS on an second HDD, encrypt that drive and move most of my user data there. Not the whole User Folder but only /Downloads, /Documents and stuff like that.
      Options I am aware of but do not now the best way of implementing it:
      needs second user for decryption (?)
        Legacy Filevault
      considered unsafe(?)
      this would lose file versioning
        My setup: 120 GB SSD for System, 2 TB HDD for user data.
      Thank you very much for your consideration.
    • By reifreak
      I have a Mac Mini running Yosemite 10.10.3. It's in a generally open area, so physical security is a bit of a concern. I'm the only user with an account on the system. I have guest access disabled. I have set a password on recovery mode. 
      Recently I've become suspicious that someone may be trying to get some files off my machine or gain access to install remote/spy software. I found that this had happened on one of my Windows-based PC's in the past, which is why I went with a Mac this time. I'll attach a log file that shows activity from the time I logged out of it yesterday until the time I logged in next (this morning at 8:35).
      I'm a noob to the Apple universe, so some parts of the log may look alarming to me but be harmless. I would be grateful to the community and anyone who could review the log file for anything out of the usual. I would like to call attention to a few entries:
      6/30/15 5:45:01.017 AM com.apple.xpc.launchd[1]: (com.apple.quicklook[56530]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook
      And this series:
      6/30/15 5:45:24.000 AM kernel[0]: hfs: mounted Recovery HD on device disk0s3
      6/30/15 5:45:24.864 AM mds[58]: (Volume.Normal:2464) volume:0x7fd628881000 ********** Bootstrapped Creating a default store:0 SpotLoc:(null) SpotVerLoc:(null) occlude:0 /Volumes/Recovery HD
      6/30/15 5:45:24.866 AM mdworker[56249]: (ImportBailout.Error:1325) Asked to exit for Diskarb
      6/30/15 5:45:24.868 AM mdworker[56398]: (ImportBailout.Error:1325) Asked to exit for Diskarb
      6/30/15 5:45:24.871 AM mdworker[56496]: (ImportBailout.Error:1325) Asked to exit for Diskarb
      6/30/15 5:45:24.873 AM mdworker[56397]: (ImportBailout.Error:1325) Asked to exit for Diskarb
      6/30/15 5:45:24.903 AM fseventsd[45]: Logging disabled completely for device:1: /Volumes/Recovery HD
      6/30/15 5:45:25.000 AM kernel[0]: hfs: unmount initiated on Recovery HD on device disk0s3
      6/30/15 5:45:26.920 AM softwareupdate_download_service[46785]:  securityd_message_with_reply_sync Failed to talk to secd after 4 attempts.
      6/30/15 5:45:26.920 AM softwareupdate_download_service[46785]:  SecOSStatusWith error:[-25291] The operation couldn’t be completed. (com.apple.security.xpc error 3 - <connection: 0x7f9ad3c45880> { name = com.apple.securityd.xpc, listener = false, pid = 0, euid = 4294967295, egid = 4294967295, asid = 4294967295 }: Connection invalid)   Another set of eyes on the log as a whole would be great. I know this is asking a lot of the community. All my techie colleagues that I usually go over these things with are strictly MS. Thank you in advance for the help!   2015 06-29 to 06-30 night log.rtf
    • By The_Moves
      Does anyone know when Apple will stop releasing Security Updates for OS X 10.7 (Latest 10.7.5 of course)?
      I've just setup an 2007 Macbook for a friend and 10.7 was the latest release I could put on there without hacking the OS. In my quick google searches, different terms, I couldn't find anything that pointed to a date for when OS X Lion would stop receiving security updates. The only hits were for Snow Leopard, one idiot blogger, and the WOW forum - nothing looking Apple official.
      Here is the latest security update from Apple:
    • By WhiteWitch
      Has anyone update to Security Update 2011-006 from 10.6.8 i've worked hard on my hackintosh hate to start again!