In 1999, Apple released a slew of new features with Mac OS 9, calling it "the best internet operating system ever." The idea was to unlock the full potential of the turquoise plastic iMac G3—the Internet Mac!—released in 1998. But 12-year-old Joshua Hill didn't have an iMac. To take advantage of all the new connectivity from his parents' mid-'90s Mac Performa, he needed a modem that would plug into the computer through one of its chunky "serial" ports. So, naturally, he swapped his holographic Han Solo trading card with a friend for a 56k modem and started poking around. Twenty years later, his childhood fascination has led him to unearth a modem configuration bug that's been in Apple operating systems all these years. And Apple finally patched it in April.

Hill, who is now a vulnerability researcher, is presenting the 20-year-old bug at the Objective by the Sea Mac security conference in Monaco on Sunday. The flaw could have potentially been exploited by an attacker to get persistent, remote root access to any Mac, meaning full access and control. This isn't as bad as it sounds, though, Hill says. The specific exploit string he developed only works on certain generations of OS X and macOS and Apple has added protections since 2016's macOS Sierra that made the bug prohibitively difficult (though still not technically impossible) to exploit in practice. And since Apple operating system adoption rates are always high, there isn't a significant population of truly retro Mac software out there to target.

"It’s not really a scary bug," says Hill, a cofounder at the mobile firewall maker Guardian. "But it is an extremely fun bug to work on. I had actually been playing with some of this stuff when I was a very young kid—my very first hack when I was 12 years old. I used some of my old tricks to basically find which places would be vulnerable."

Apple did not return a request for comment about Hill's findings or the historic nature of the bug.

The original version of the attack simply took advantage of a service Apple used to offer called Remote Access. Essentially, you could call up your computer from a phone or another PC, and control it remotely without even needing to enter a username or password. Ah, the '90s. Hill and a friend (the one who swapped a modem for the Han Solo trading card) would go to each others' houses nearly every day, because they were the only two kids at their school in Lexington, Kentucky, who had Macs. Hill realized that he could use Remote Access to secretly connect their two computers, and would be able to call into his friend's machine from afar and "have some fun," as he puts it.

Hill got his chance to perform the physical access attack while his friend was in the shower. The next day, he pretended to be sick so he could stay home while his buddy was at school and both sets of parents were at work. "I dialed in and I added a couple of additions to the novel he had been writing," Hill says, laughing.

Remote Access as it was conceived then is long gone from macOS. But Hill always remembered his first hack, and in 2017, while studying macOS and iOS's VPN protocols in his research for Guardian, he discovered an ancient bug that could replicate something similar. Devices like smartphones have a built-in modem to send and receive data between computers (mainly across the internet), and they aren't generally programmed to be compatible with other modems. But PCs are designed to be more customizable, and, especially in the early days of the internet, it was important that they be able to interoperate with modems from all different manufacturers that might essentially speak different languages. Hill found that these old modem configurations still underlie the network tools in Macs today, including those that automatically create network configurations for peripherals you might plug in—like an ethernet cable or a mobile USB hotspot.