Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Apple security flaw could let hackers beat encryption
CNBC ^ | 22 Feb 2014 | Yasuyoshi Chiba

Posted on 02/22/2014 10:33:57 AM PST by for-q-clinton

A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed.

If attackers have access to a mobile user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook. Governments with access to telecom carrier data could do the same. ... "It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green. ... After analyzing the patch, several security researchers said the same flaw existed in current versions of Mac OSX, running Apple laptop and desktop computers. No patch is available yet for that operating system ... The company was recently stung by leaked intelligence documents claiming that authorities had 100 percent success rate in breaking into iPhones.

(Excerpt) Read more at cnbc.com ...


TOPICS:
KEYWORDS: apple; billsbuttboys; ios; johnshopkins; junk; malarialmosquito; matthewgreen; microsoft; msfanboi; osx; security; windohs; windows; windulls
If you're using any Apple product and think it's secure you're only fooling yourself. Plus they got many of the dumb users on their products so I suspect many of their users are completely owned.

Better switch to a more secure OS like Linux or Windows. And for phones Windows Phone is the most secure right now.

1 posted on 02/22/2014 10:33:57 AM PST by for-q-clinton
[ Post Reply | Private Reply | View Replies]

To: Swordmaker; ShadowAce

Please ping both your aliases. Shadow I know you don’t like pinging apple stuff as swordmaker does that for his group, but this is pretty big and the tech community needs to be aware of it.


2 posted on 02/22/2014 10:36:59 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

Look out below!

Mac users will be jumping out of the windows.

Macs NEVER have a problem with viruses, etc. [/s]


3 posted on 02/22/2014 11:00:45 AM PST by TomGuy
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

The fixes are iOS 7.0.6 (iPhone 4 to 5S, iPad 2 and later) and iOS 6.1.6 (iPhone 3GS and 4th generation iPod touch).


4 posted on 02/22/2014 11:01:10 AM PST by RayChuang88 (FairTax: America's economic cure)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RayChuang88

No fix for OS X yet though. So better leave those shut off for now or run windows on them.


5 posted on 02/22/2014 11:09:14 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 4 | View Replies]

To: for-q-clinton

well darn


6 posted on 02/22/2014 11:25:12 AM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: for-q-clinton

Fanboys all around the world are in stunned disbelief.


7 posted on 02/22/2014 11:43:43 AM PST by Red in Blue PA (When Injustice becomes Law, Resistance Becomes Duty.-Thomas Jefferson)
[ Post Reply | Private Reply | To 1 | View Replies]

If attackers have access to a mobile user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook.

8 posted on 02/22/2014 11:56:45 AM PST by SunkenCiv (http://www.freerepublic.com/~mestamachine/)
[ Post Reply | Private Reply | View Replies]

http://www.bloomberg.com/video/google-scrambles-to-counter-nsa-in-encryption-race-lW1Sqhj4SXyrtBhqhNqD8g.html


9 posted on 02/22/2014 12:03:43 PM PST by SunkenCiv (http://www.freerepublic.com/~mestamachine/)
[ Post Reply | Private Reply | View Replies]

To: for-q-clinton

OSX is a derivative of Unix. The truth of the matter is, ANY operating system is vulnerable. It’s just a matter of what degree.


10 posted on 02/22/2014 12:04:04 PM PST by unixfox (Abolish Slavery, Repeal the 16th Amendment)
[ Post Reply | Private Reply | To 1 | View Replies]

Who’s Who in Bitcoin: Zerocoin Hero Matthew Green
http://spectrum.ieee.org/computing/networks/whos-who-in-bitcoin-zerocoin-hero-matthew-green

Matt Green : A Few Thoughts on Cryptographic Engineering
http://isi.jhu.edu/research/mattgreen

http://spar.isi.jhu.edu/~mgreen/

https://twitter.com/matthew_d_green


11 posted on 02/22/2014 12:06:10 PM PST by SunkenCiv (http://www.freerepublic.com/~mestamachine/)
[ Post Reply | Private Reply | View Replies]

To: for-q-clinton
Here it is:
static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
                                 uint8_t *signature, UInt16 signatureLen)
{
	OSStatus        err;
	...

	if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
		goto fail;
	if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
		goto fail;
		goto fail;
	if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
		goto fail;
	...

fail:
	SSLFreeBuffer(&signedHashes);
	SSLFreeBuffer(&hashCtx);
	return err;
}
Source

Note that going to fail doesn't actually signal failure unless err is non-zero, and that the third goto is unconditional, thus keeping the third if-test from ever running.

According to the source link, there is possibly a compiler option that, had it been used, would have raised a warning about the unreachable code.

12 posted on 02/22/2014 12:22:22 PM PST by cynwoody
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

“If you’re using any Apple product and think it’s secure you’re only fooling yourself. Plus they got many of the dumb users on their products so I suspect many of their users are completely owned.”

Since MS OS is used by such a majority of computer users, I imagine “dumb users” are concentrated in Windows.

“Better switch to a more secure OS like ......Windows.”

Oh my gosh!!! I needed a laugh!!


13 posted on 02/22/2014 2:19:31 PM PST by aMorePerfectUnion
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

AAPL SUX I will never buy an apple product. Screw those commies. I use Windows 7 and 8. I use a cell phone but any smart phone/tablet will be an android


14 posted on 02/22/2014 2:23:12 PM PST by dennisw (The first principle is to find out who you are then you can achieve anything -- Buddhist monk)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton
I have an iPad Air (32 GB) and 4G iPod touch (64 GB). Have installed the updates on both.
15 posted on 02/22/2014 2:42:28 PM PST by RayChuang88 (FairTax: America's economic cure)
[ Post Reply | Private Reply | To 5 | View Replies]

To: aMorePerfectUnion

I know funny that windows is more secure.


16 posted on 02/22/2014 3:11:50 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 13 | View Replies]

To: for-q-clinton

“I know funny that windows is more secure.”

Do you have anything to back that up in the evidence category, or is it an opinion only?


17 posted on 02/22/2014 3:44:20 PM PST by aMorePerfectUnion
[ Post Reply | Private Reply | To 16 | View Replies]

To: dennisw
"Screw those commies. I use Windows 7 and 8."

Better to support abortion...

18 posted on 02/22/2014 3:45:54 PM PST by aMorePerfectUnion
[ Post Reply | Private Reply | To 14 | View Replies]

To: rdb3; Calvinist_Dark_Lord; Salo; JosephW; Only1choice____Freedom; amigatec; Still Thinking; ...

19 posted on 02/22/2014 5:17:01 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

http://www.android-x86.org/

Porting Android to PC’s?


20 posted on 02/22/2014 8:58:33 PM PST by GeronL (Vote for Conservatives not for Republicans!)
[ Post Reply | Private Reply | To 19 | View Replies]

To: dennisw
AAPL SUX I will never buy an apple product. Screw those commies. I use Windows 7 and 8.

LOL! Whatever.

I use a cell phone but any smart phone/tablet will be an android

Google is behind Android. Need I remind you that Larry, Sergey, and Eric are all big libs?

21 posted on 02/22/2014 11:31:25 PM PST by cynwoody
[ Post Reply | Private Reply | To 14 | View Replies]

To: driftdiver; Swordmaker

I guess swordmaker wont be able to post until he gets his marching orders from Apple on how to spin this.


22 posted on 02/23/2014 8:40:31 PM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 6 | View Replies]

To: aMorePerfectUnion; for-q-clinton

Which OS is more secure is really a function of where and how its being used.

For example when used by a knowledgeable and experienced person for individual use or not involving sensitive regulated data then Mac is probably the better choice. Although this bug shows the fundamental weakness of apples approach to security.

In a corporate environment where sensitive or regulated data is in use then windows is the better choice for desktop OS. Mostly because it integrates well into enterprise models which allow for enforcement of security controls.

Security requires more then just an OS which claims to control access to memory space and control of user actions through admin rights.


23 posted on 02/24/2014 3:48:26 AM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 17 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson