Forum Thread: Apple Security Flaw

Read an article here.

Thought I would share with our small community considering my previous article about Apple security or a lack thereof.

Sounds like a standard Evil Twin Wireless Access Point, though I significantly doubt it would be something that simple. Will be digging around for more information.

If anyone has information they'd like to share on what the flaw could be, please enlighten us. I would personally love to know what it is.

ghost_

5 Responses

Really, it sounds more like a standard Mitm to me, the attacker is just sniffing the packets as they go over the network and apples SSL module hasn't been checking things past the first handshake. (At a guess)

While this isn't specifically SSL's fault, I guess it adds weight to the calls that SSL is due for an overhaul.

It's also interesting to note that facebook had a very similar problem for ages, (not sure if its even fixed) where you could capture peoples session tokens over a shared connection.

EX1S7:

Ah yes, good point there; didn't think of an mitm attack. I know someone locally who has an iPhone, I wonder if I can convince them to allow me to test various scenarios.

It'll likely be a no, but doesn't hurt to ask, I suppose.

ghost_

It would seem that theres nothing triggered on their end anyway..... lol

Hopefully its the apple rep you;ve mentioned previously. He might learn something about security if you tell him his facebook password :)

Also, while we're on the subject, if you have a rooted droid, check out dsploit. google dsploit, the URL wont work to link on here for some reason

EX1S7:

Ha ha, no it isn't the Apple rep. Though, I should just do it anyway so he'll learn not to spread misinformation.

Thanks for that information, dsploit looks like a lot of fun. I personally own an iPhone 4. I prefer the iPhones, sue me. But I do have a Windows phone lying around; been thinking of jailbreaking it to install Backtrack.

ghost_

Share Your Thoughts

  • Hot
  • Active