Apple Mobile Devices Vulnerable to Old FlawAdded: Saturday, August 6th, 2011
Category: Bit Torrent Freedom > The Industries Of Records, Gaming, Software, Movies
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2010, www.extrattorrent.com
The industry experts warn that users of Apple mobile devices will need to upgrade the software of the devices in question (particularly on iPhones and iPads), unless they want to be vulnerable to a nine-year-old flaw that the company has just got around to fixing.
The flaw in question enables anyone to snoop the secure traffic of information from unpatched iPhones and iPads through a very simple tool. The reports are that it took 9 years for the insecurity experts at Apple to develop a patch for the bug. Meanwhile, the patch is released only for the iPhone 4, iPhone 3G and 3rd and 4th-generation iPod Touch. Those who don’t patch their devices or use older models of phones are warned that the hackers can effortlessly intercept and decrypt secure traffic.
The industry experts point out that all the user needs to do is to take their device into a public Wi-Fi hotspot to be targeted. Meanwhile, Apple really has little excuse for this security howler. As it was found out, a nine-year-old bug was discovered back in 2002. Microsoft consequently patched the bug in its Windows’ cryptographic component the same year, but Apple somehow failed to check SSL vulnerabilities when writing the code, and didn't release any patches afterwards. When the revision of a traffic sniffing tool was issued a while ago, it was noted that devices running iOS became wide open. Moreover, the snooping tool was so easy to use that a housewife could use it to crack unpatched iPhones.
It seems that when Jobs was releasing the mobile device, the developed software contained a feature where its SSL certificate parsing simply didn’t care to check the basic Constraints parameter of other certificates in the chain, so if an attacker signed a new certificate through a legitimate end entity certificate, it would mean that they could get a “valid” certificate for any domain. The bug was confirmed by using a legitimate certificate for one of the websites in order to make a valid certificate for Paypal. It appeared that the hackers could have intercepted others' iOS-generated traffic destined at the real PayPal website and simply stolen their usernames and passwords.
Meanwhile, insecurity experts point out that the flaw had been in iOS since its very beginning. Now, if intruders had tried to take an advantage of the flaw, they would have only caught iPhone users, because Windows users would have had browser notifications of invalid certificates.
August 6th,2011Posted by:
Saturday, August 6th, 2011
|innovation at its best xD lmao||
Most Popular Stories