A new Apple patch stops hackers. Millions of Apple iPhone and iPad users were vulnerable to cyber attacks and data miners by hackers, private institutions, and government agencies. The latest Apple iOS 7.0.6 patch corrects a Secure Socket Layer (SSL) encryption coding error that left iPhone and iPad users vulnerable to a technique known as a man-in-the-middle (MITM) attack. Before the release, hackers had the ability to embed themselves between emails, instant messages, social media, and online transactions.
At establishments where there is a common connection to the internet such as a coffee house, a hacker would attempt to exploit the SSL encryption found in older iOS software. By placing himself within communications over what was supposed to be a secure network, the hacker became a MITM and could see what the end-user saw without being detected. If the user sent or received email or texts, the hacker saw it. If the user logged on to a bank account, the hacker could intercept the username and password. The security breach applied to Apple products on the same network as the hacker. While connected as the user, MITM could install malware to grant further access outside the common link.
The security breach exploits trusted certificate authorities within the software, a key component of computer security. Electronic messages have coded attachments to verify the user. They contain information such as the sender’s email address, how long the address will be valid, and where to find the address on the internet. Known as a hash, sending the information confirms to a destination source like a bank or an online retailer know the user is in fact the user. Missing a bit of computer code means the certificate was not confirmed. Finding Apple products lacking that bit of code allows the hacker to instigate the MITD attack by issuing a false certificate. The hash tricks the computer at a bank or retailer into believing it has interacted with the actual user.
Adam Langley, a computer scientist, considered the subtle code flaw found deep inside the SSL code as nothing short of a nightmare. He believed it was an oversight by Apple software writers that slipped by them.
Another possibility was that the flaw was purposely added to the code by a rogue Apple employee or an industrial spy. Intelligence experts point out that a hacker’s back door access often appears to be simple mistakes in code. No one publicly reported it leading to the possibility that its knowledge was a tightly held secret. Documents leaked by Edward Snowden had NSA agents boasting they could access any iPhone.
Apple spokeswoman Trudy Muller refused to address the speculation. She recommended users of iPhones with versions 4 or later, fifth generation iPad users, and second generation of iPod touch users download the latest security patch.
Currently there is no patch to correct the problem with the OS X software, the operating system for Apple computers. Users are still believed to be exposed and await their software updates. There is now a race in the criminal, business, and intelligence communities to data mine these Mac users before a new Apple patch stops hackers.
By Brian T. Yates