Apple's biggest security flaw leaves iPhones vulnerable to hacking

Monday, 24 February 2014 - 2:26pm IST | Agency: DNA web desk

On Friday, Apple released a major update to patch up a hole in the security of all its products with iOS 7. The flaw which was downplayed by Apple, is arguably one of their biggest lapses in security, exposing iPhone, iPad and iPod Touch users to hackers.

The glitch would allow hackers to intercept email and other forms of online communication that are meant to be encrypted. Experts claim that Mac computers that run on iOS 7 are more vulnerable to this threat.

The hackers could access the information from Apple products by means of an unsecured wireless network or through social media and email sites like Facebook and Gmail.

"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green.

Apple has not released any information about how it detected the security flaw and whether it has been exploited so far.

A statement on its support website said: "The software failed to validate the authenticity of the connection."

Apple released software patches and an update for the current version of iOS for the iPhone, iPad and iTouch. "Without the fix, a hacker could impersonate a protected site and sit in the middle as email or financial data goes between the user and the real site" Green said.

The flaw has also been detected on versions of Mac OSX, which power Apple laptops and desktops. Although a patch to rectify this isn't out yet, Apple is expected to release one shortly.

As reported to Reuters, Dmitri Alperovich, chief technology officer at security firm CrowdStrike Inc. said "the issue is a fundamental bug in Apple's SSL implementation. Adam Langley, a senior engineer at Google, agreed with CrowdStrike that OS X was at risk.

Reuters goes on to report, Apple did not reply to requests for comment. The flaw appears to be in the way that well-understood protocols were implemented, an embarrassing lapse for a company of Apple's stature and technical prowess.

It should also be noted that because hackers will also be studying the patch, they could develop programs to take advantage of the flaw within days or even hours.

(With inputs from Reuters)


Jump to comments