I am a Mac user along with four of my roommates. Several days ago, a couple of these roommates were using their Macs to work on a project together for a business class. The interesting thing is that, while they were operating on separate machines, they were working on identical screens. In other words, they were screen sharing. With Mac operating systems Leopard and Snow Leopard, an individual can authorize access to their computer screen from a different machine. According to the Apple website, “You can access the other computer as if it was the computer you were using,” adding, “While you share the computer’s screen, you can control everything that happens on that computer, such as opening documents or applications; opening or closing windows; and even shutting off the computer.” As Apple explains, this can be a helpful tool if an individual wants to access a computer when they cannot physically be at that computer, or if a person wants to fix a problem on another computer, or like my roommates, work on a presentation or project together.
I am in agreement with Apple in that this could be a very useful tool. That being said, as with all technology, it can only be an asset if it is secure. With screen sharing, there certainly seem to be vulnerabilities that could detract from the application’s security. Thus, my goal as a user would be to ensure that confidentiality is maintained between me and those who I authorize, and also that those authorized individuals can be trusted to preserve the integrity of the information I am sharing.
As a hacker, my goals would obviously be to ruin the integrity, availability, confidentiality depending on the particular objective of my attack, which would presumably prey on the vulnerabilities. Regarding screen sharing, it seems that there is a risk for the integrity and confidentiality of the shared information to be breached. In authorizing access to another individual, that person now has control over information that they can not only share as they see fit, but can also manipulate at will. Therefore, a great degree of care should be included in the decision to authorize someone so that only trustworthy people can gain access.
Furthermore, while I am by no means a computer expert, it seems likely that a proficient hacker could readily hack this application on the computer of another person in their network in order to gain access without receiving authorization. While this may be more difficult that I perceive, my experiences in this class and the apparent prevalence of security breaches lead me to believe that such an attack is probably possible.
Therefore, my recommendation is that people who screen share are cautious about who they invite to share their machine and to encrypt the sensitive information they share. While this cannot eliminate all threats, it can significantly decrease the probability of an attack and lessen the damage in the event that one does occur.
Source: http://docs.info.apple.com/article.html?path=Mac/10.5/en/14066.html
Posts
This comment has been removed by the author.
ReplyDeleteI think that OIT actually uses this kind of application when they try to fix users' problems remotely (I think that my roommate had her computer fixed like this last year). While I agree that it could indeed be a useful application, it would certainly present some risks. I'm not really sure how the program/tool itself works, but hopefully there are some strict sort of permissions needed to enable this kind of remote controlling of one's screen.
ReplyDeleteScreen-sharing is definitely growing, though. There is a video-conference program called ooVoo that has this feature in its premium package. Again, while it would be useful for file-sharing, or watching a video clip or looking at a picture together while at two different locations, I think that people should use it carefully and be very selective as to whom they decide to share their screens with.
Screen sharing sounds like a great idea for working on a group project or any other sort of thing, but it is also kind of scary to me. It seems like it would be way too easy for someone to be able to take advantage of this and access your screen without you wanting them to. While it guards against being able to delete files and shut down the computer, it doesn't prevent anyone from seeing all sorts of things in your computer. I'd assume they have done a lot of research and testing to cut down on security risks, but I would think before long, hackers will find a way around this.
ReplyDeleteScreen sharing doesn't seem to be a new application for computers. If OIT is doing it, then I am sure it has been used for a while, by high tech institutions in order to catch people doing malicious activities on the computer, like stealing music. By Apple making this accessible to everyone else, they need to go above and beyond to keep it secure. Because they are such a huge corporation, hey have the money, resources and intelligence to ensure security.
ReplyDeleteI do agree that it's a little discomforting to literally have someone on your computer with you and also that you must be selective with who you allow to have access. I am hoping that these programs will have very specific criteria laid out in the authorization process and that maybe private notifications could be sent to each user's computer stating what the other users are looking at. I have handed out my iTunes username and password to several people that I trust, but it doesn't allow me to specify what they can and can't have access to. I know it's only music, but for the Screen Sharing I think it would be a good idea to clarify what the other users can see.
I think that this article is a little misleading, as it doesn't discuss the ways in which this program is used to share screens. It isn't as easy as hacking into a computer and changing one setting and then you have remote access to the computer. In order to access the screen of another computer you first must notify the computers at the same time that you want to perform this action and second you must have the rights to access this computer. Also, I feel as though they aren't stressing the real importance of screen sharing. It is primarily used by IT managers and computer experts that want to fix Macs or Macbooks that for whatever reason aren't able to be opened or accessed. This has made personal businesses that fix Macs and Macbooks rise. One of my friends was discussing with me that his Step Dad actually runs his own business that fixes problems with Mac computers from his home. This allows him to fix all problems from his own home and has made problem fixing significantly easier.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteBeing able to remotely fix someone's computer is awesome, but it proves even more the point that it would be easy to use this software to carry our malicious actions on another person's computer. If someone can get in to fix a computer from a remote location, then it is probably not just as easy but nearly as easy to break a person's computer from a remote location.
ReplyDeleteIt could also be really easy for someone to set up a scam posing as a computer technician. Without any personal contact, the service that you take your broken computer to could easily be a hacker in a basement stealing data off of your computer while he or she claims to be fixing it remotely.