Apple mobile devices could be at risk of hacking
A major flaw in Apple software for mobile devices could possibly allow hackers to intercept email and other communications that are meant to be encrypted.
If attackers have access to a mobile user’s network, such as by sharing the same unsecured wireless service , they could see or alter exchanges between the user and protected sites . Governments with access to telecom carrier data could do the same.
Apple did not say when or how it learned of the flaw in the way iOS handles sessions in what are known as secure sockets layer or transport layer security, nor did it say whether the flaw was being exploited, however a statement on its support website on Friday was fairly clear: The software “failed to validate the authenticity of the connection”. In laymans terms that means that the connection was insecure.
Apple released software patches and an update for the current version of iOS for iPhone 4 and later, 5th-generation iPod touches, and iPad 2 and later.
Without the fix, a hacker could impersonate a protected site and sit in the middle as email or financial data went between the user and the real site. Not that you’d be doing any banking on your iPhone or iPad while you’re having a latté at your local coffee shop. If not banking, perhaps a spot of online shopping using your credit card.
Because spies and hackers will also be studying the patch, they could develop programs to take advantage of the flaw within days or even hours.
Apple did not reply to requests for comment. The flaw appears to be in how well-understood protocols were implemented, an embarrassing lapse for a company of Apple’s stature and technical prowess.
The company was recently stung by leaked intelligence documents claiming that authorities had a 100% success rate in breaking into iPhones.
There is speculation that this vulnerability, coupled with automatic updates over SSL, may have been one of the ways that the NSA could access “any iOS device” — a claim made in leaked Snowden-NSA documents, one that Apple vehemently denied.