The passwords of iTunes users are easy to intercept, discovered a Dutch beveiligingsonderzoeker. Apple hasht the passwords before they are sent to the server, and the ssl connection vulnerable to a man in the middle attack.
Normally you would not need to have a password that’s unencrypted is sent, if the connection is encrypted. An additional vulnerability is, however, that iTunes the authenticity of server certificates do not authenticate. This allows everyone across iTunes occur as a server of Apple.
“This is a beginner’s mistake, or intentionally,” says Loman. “Intelligence agencies like the NSA can be quite simple all communication with iCloud intercept.” To abusing the vulnerability, an attacker must be the communication of a victim can be intercepted, for example, with a bogus wifi access point, or the dns table of the victim can be manipulated.
Further, it is possible to the connection of iOS devices to work. That can be used for devices which, due to theft are blocked, anyway to activate. There is even a service that this vulnerability uses locked iOS devices to activate. The service also makes use of the fact that iTunes server certificates do not authenticate.
Beveiligingsonderzoeker Loman suspect, moreover, that exactly the same vulnerability recently in iOS sat; Apple closed when a leak whose description is most similar to the problem that Loman has discovered. Devices with iOS that are not updated are still vulnerable, warns Loman. Devices like the iPad 1 and the iPhone 3G and 3GS, which can’t be updated to the latest version of iOS, even is always vulnerable.
Comments
(104)