Online:
Visits:
Stories:
Profile image
By Tickerguy - The Market Ticker (Reporter)
Contributor profile | More stories
Story Views

Now:
Last Hour:
Last 24 Hours:
Total:

The Market Ticker – Apple: No, Your Comms Are Not Secure

Saturday, February 22, 2014 10:07
% of readers think this story is Fact. Add your two cents.

(Before It's News)

Remember how the NSA was saying they had “unfettered” access to IOS communications — and Apple claimed they had never given it to them?

They didn't have to — Apple didn't bother checking the certificates.

SAN FRANCISCO (Reuters) – A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said in a Friday afternoon announcement.

If attackers have access to a user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook, experts said.

At issue is that when you connect to a “SSL” server the certificate in use has a “chain” back through the CA, or Certificate Authority, that “vouches” for it being the real certificate for the entity being claimed.

This is necessary otherwise you have an encrypted connection but it may be to someone other than who you think you're talking to.

It appears that Apple has long (back to at least the iPhone 4!) simply not checked.

Isn't that nice?

How does a company the size and stature of Apple “miss” something like this for that long?  Where are the code review processes that should have prevented that from happening?  And further, is anyone actually so daft as to suggest that nobody knew about it and it hasn't been exploited?

smiley

Why do you want to use IOS devices again?

PS: BlackBerry BB10 devices do check.



Source: http://www.market-ticker.org/akcs-www?post=228737

Report abuse

Comments

Your Comments
Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

Top Stories
Recent Stories

Register

Newsletter

Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.