A CLEVER TOOL USES APPLE’S VIDEOGAME LOGIC ENGINE TO PROTECT MACS

WIRED | 3/5/2019 | Lily Hay Newman
tiana_101 (Posted by) Level 3
Click For Photo: https://media.wired.com/photos/5c7dbbfdedfea42f35917d07/191:100/pass/butgame-01.jpg

Between new types of malware, egregious bugs, and universal threats like phishing, Macs are not the invulnerable lockboxes Apple once touted. But in thinking about how to defend Macs against a new generation of threats, researchers at the security firm Digita are taking advantage of features Macs already offer, to monitor threats in unexpected ways. And it's all powered by Apple's logic engine for videogames.

At the RSA security conference in San Francisco on Tuesday, Digita chief research officer Patrick Wardle is presenting GamePlan, a tool that watches for potentially suspicious events on Macs and flags them for humans to investigate. The general concept sounds similar to other defense platforms, and hooks into detection mechanisms—has a USB stick been inserted into a machine? has someone generated a screen capture? is a program accessing a webcam?—Apple already offers in macOS. But GamePlan, cleverly written with Apple's GameplayKit framework, collects all of this data in a centralized stream, and uses the videogame logic engine to process it.

GameplayKit - Care - Events - Action - Wardle

"GameplayKit takes care of evaluating events and spinning out an action," Wardle says. "So in PacMan, by default the ghosts are hunting PacMan, so that’s a rule. If PacMan eats a power pellet, the ghosts run away. That's another rule. So we realized that Apple has done all the hard work for us. Its game logic engine can also be used to very efficiently process events on a system and spit out a warning."

A rule could be "if a file is created in a certain directory and it’s created by a program that the user downloaded from the internet that isn't cryptographically signed as trusted by Apple: generate an alert." And rules can build on each other. Another might be, "if an unsigned program from the internet persists and accesses the webcam when the user is not...
(Excerpt) Read more at: WIRED
Wake Up To Breaking News!
Vote for gridlock, it's our only hope!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!