“Apple makes some of the most user-friendly products on the planet but that sometimes comes at the cost of security,” Thomas Fox-Brewster reports for Forbes.And researchers from Tsinghua University Beijing and Indiana University Bloomington have discovered how to exploit that tradeoff, devising ways to pilfer photos, texts and other data with some clever ‘man-in-the-middle’ attacks that they will detail in full at the Black Hat conference in Las Vegas next week.”
“They focused on Apple’s use of so-called zero-configuration technologies,” Fox-Brewster reports. “These combine the likes of Bluetooth, Airdrop, Bonjour and other wireless systems to quickly pair, and therefore trust, devices on the same network as a user’s iPhone or Mac. For instance, this allows a Mac to quickly sync with an iPhone or a printer.”
Fox-Brewster reports, “For at least the last year, though, the researchers have known there are not enough authentication processes to prevent a hacker from deploying malicious software that pretends to be one of those legitimate devices and thereby steal data.”
Read more in the full article here.
MacDailyNews Take: Excellent find! Every one of these discoveries eventually makes Apple’s operating systems even more secure.
The article claims they had to use an already infected Mac (infected with their specific software) in order to carry this out. They don’t explain how they infected that Mac. If it requires physical access to that Mac, then this whole thing is pretty low priority. If infecting the Mac can be done via a Trojan of some sort, then it’s no worse off than any other Tojan infection issue (and far less worrisome than some of them).
While I hope Apple fixes this issue soon. I believe most people don’t need to be too worried about this.
Exactly. Let’s see what this really is via the Black Hat presentation. But if it requires an infected Mac, this is silly and is digging into trivialities regarding the capabilities of malware already infected into a Mac. Grabbing photos off networked iPhones doesn’t rate on the worries list. This hack does NOT sound possible on an UNinfected Mac, where all connections to other device have an effective barrier of permissions.
I believe it is correct, the Mac has to have special software on it, but the idea is that the Mac is connected to the same WiFi network as the target device (iPhone, iPad, or another Mac). Some of these services (such as Airdrop) are designed with lower security when they communicate within the same WiFi. This is fine at home, but problematic at Starbucks.
I’m guessing the hacker’s Mac is communicating with the target device by somehow pretending to be a trusted device. Across the internet, this would likely be impossible, but within WiFi, and across some of these local protocols (such as AirDrop), there may be an easier way to exploit.
I was surprised that Apple dropped receiver approval in AirDrop as of OS X 10.11. (Or was in 10.10?) You drop stuff via AirDrop to a receiver and it just goes there. It used to be that the receiver had to OK the incoming data. I could see that being a problem.
As for open Wi-Fi hotspots: There are vast problems there already. A new flaw was revealed this week in the HTTPS system that allows hackers to watch every URL visited by everyone on the Wi-Fi network. I ended up writing an article for my Mac-Security blog about VPN, which generally solves all open Wi-Fi ills.
Black Hat is going to have a few interesting things related to Macs and iOS. We wait…
Received an email yesterday from a colleague, yes from his real address, which included a link to see the message. The link went to a very convincing iCloud login page. Turns out his PC email had been hacked and the message was not legit. I strongly suspect that this was a man-in-the-middle play to get me to reveal my iCloud password (which I think also opens Keychain Access). Glad I didn’t fall for it…be careful out there!
Getting spoofed return addressed emails from friends has long been a ploy of spam emailers. There was nothing new in what you received. All it requires is a Windows machine infected with the Spambot trojan that also includes your friends, or your, email address to use as a return address for its nefarious mail. This has been the practice for years to get unsuspecting targets to open and read the phishing emails.
As Swordmaker says, this is a twenty-year-old method of phishing. A hacker sends legitimate-looking message leading you to click and “log in” (i.e. type in your user/password) to a legitimately-looking web site (a bank, G-mail, Dropbox, iCloud, whatever.
This ‘man-in-the-middle’ method is different, and is constrained to local networks only.