We Spoke to an Ex-NSA Hacker Who Has Organized the First-Ever Mac Security Conference

Despite their reputation, Mac computers have bugs, vulnerabilities, and even malware targeted at them. With their rising popularity in the workplace, it’s “the perfect” time for a Mac-only security conference.

|
Sep 28 2018, 2:58pm

Image: Patrick Wardle

In a famous mid 2000s Apple commercial, Justin Long plays the part of the hoodied, hip Silicon Valley inhabitant.

“I’m a Mac” he says, tucking his hands in his blue jeans while wearing sneakers.

Next to him, looking like a caricature of a corporate drone, John Hodgman sneezes—he’s got a virus.

“You better stay back, this one’s a doozy,” he says.

Unfazed, Long says he’s going to be “fine” because viruses hit “PCs, not Macs.”

The commercial perfectly represented what for a long time has been an unequivocal truth: Mac computers, generally speaking, were more secure than the average Windows PC. And for years, Apple played this up advertising that its machines don’t get “PC viruses.”

While Apple doesn’t make that claim anymore—and it might no longer be even true—the popular belief has persisted: people still believe Macs are more secure.

In reality, just like any other hardware and software, Macs do have bugs, vulnerabilities, privacy-invading apps that slipped through App Store checks, and malware (even ransomware.) Just last year, researchers uncovered a piece of spyware that infected hundreds of Mac computers for over 13 years. The FBI indicted the alleged creator of the malware.

Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzo@motherboard.tv

That’s why now is the “perfect time” for a security conference exclusively dedicated to Macs, according to Patrick Wardle, the ex-NSA hacker who’s organizing the conference.

“People are peeking behind the curtain and realizing that the facade of Mac security is not always what it's cracked to be,” Wardle told Motherboard in a phone interview. “Any company that designs software is going to have issues—but Apple has perfected the art of a flawless public facade that masks many security issues.”

Read more: The Life, Death, and Legacy of iPhone Jailbreaking

Wardle would know. After hacking primarily Windows computers at Fort Meade, for the last few years Wardle been finding several issues in MacOS, so many that he considers himself a “thorn” on Apple’s side.

But his conference is not an exercise in shaming or finger pointing, Wardle said he hopes to educate and teach people about Mac security, especially now that so many companies are using Macs as their corporate computers.

The conference is called Objective By the Sea, a wordplay on Objective-See, the name of Wardle’s suite of free Mac security products (which is itself a wordplay on Apple’s main programming language called Objective-C.) It will be held in Maui, Hawaii on November 3 and 4.

The conference will be free for residents of Hawaii, and for patrons of Objective-See. That’s why Wardle said he can’t afford to pay for all speakers to attend, but he had no trouble finding people who wanted to participate.

“Turns out everyone wants to come to Maui,” he told me laughing.

“Any company that designs software is going to have issues—but Apple has perfected the art of a flawless public facade that masks many security issues”

One group that doesn’t want to come to Maui, at least for now, is Apple. Wardle said he reached out to the company, essentially offering it carte blanche to talk about whatever it wanted. But the company, so far, has not responded, according to him.

“I thought it would be an olive branch. I know I’m a pain in the ass but now I’m hopefully giving you a justification for your work to send you to Hawaii,” Wardle said. “I'd love to give them a platform to tell their story.”

Asked about Wardle’s offer, an Apple spokesperson told me only that “Apple is not on the list of speakers.”

Nonetheless, Wardle said that there will be current Apple security employees in attendance.

Objective By The Sea will feature talks on leveraging Apple’s game engine to detect attacks, MacOS backdoors, Apple’s secure boot process, and more.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.