By Randell Suba, Tech Times | February 24, 5:21 AM
Read emails, intercepted messages, hacked passwords, stolen identity. This might be the worst case scenario because of a Secure Sockets Layer (SSL) flaw on the Apple's mobile operating system. The company has just released iOS 7.0.6 to plug the hole through which cyber criminals could have crawled in.
There was no big announcement but it is a clear admission on the part of the iPhone manufacturer that the device can be hacked. The company is also mum if any individual or group has exploited the weak point of the iOS 7.
The data security detail on the support page for the software fix describes the possible scenario as someone with "privileged network position" being able to intercept data because of the secure transport failure of the SSL/TLS.
"To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake," stated security firm CrowdStrike the reverse engineered the latest iOS update to know possible impacts of the weakness.
"This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system)," it added.
CrowdStrike also pointed out that the SSL vulnerability is not isolated on the iOS 7 but is also a possible point of attack on the OS X. It recommends iDevice owners to update their systems as soon as possible to avoid possible attacks. Apple has not released an update for the OS X to address the same issue as of reporting.
The iOS 7 patch targets users of iPhone 4 and newer versions of the smartphone, iPad 2 and later, and the fifth generation iPod touch.
If hackers knew of the SSL issue, the success rate and possible effects would have been big, given that Apple ruled the smartphone market in 2013.
"It's as bad as you could imagine, that's all I can say," cryptography professor at Johns Hopkins University Matthew Green told Reuters.
Software flaws are nothing new but for a company that is known to be very tight-lipped about its software environment, a possibility of a hack is a big blow to its pride and possibly, pockets.
Hacking an iPhone is also nothing new. Amid the NSA controversy, a report came out that NSA hackers targeted the biggest technology companies in Silicon Valley including Apple. Through its Tailored Access Operations branch, the NSA makes use of a software called Dropout Jeep that is allegedly 100 percent successful in hacking any smartphone and that includes any iPhone in existence today. Apple has been firm on its stance that its customers' privacy and security are its top priority.
Those who are afraid of possible attacks might have been checking account the Blackphone that has claimed to be shielded from NSA snooping or maybe Microsoft has a point in sending rotten apple marketing emails to iPhone owners.