A recent security flaw has been discovered which made the Apple products, like the iPhone and iPad, vulnerable to malicious attacks. The flaw allows hackers access to emails and passwords stored on millions of iPhones worldwide. The flaw exploited a vulnerability with security certificates associated with “trusted certificate authorities.”
Security certificates are a form of electronic security which is used to verify the identity of the user in order to confirm that both the user and the website they are accessing are who they say the are. These certificates contain information, such as web addresses, and access locations in order to authenticate their identity. The security flaw allowed iPhones and iPads to connect to a website without checking or verifying their security certificates first.
This programming error gave hackers an opportunity to make iPhones believe that they were interacting with trusted sites, when in reality, their personal information was vulnerable to be stolen. Exploiters of the flaw needed to access the vulnerable device’s network, either via Wi-Fi or through the carrier itself.
Matthew Green, a Johns Hopkins University professor of cryptography described the situation “as bad as you could imagine.”
After discovering that Apple products were vulnerable to potential hacker attacks, Apple has since released an update which patched the vital error. Users who have an iPhone 4 or later model, an iPad 2, 3 and Air or an iPod touch need to update their software immediately in order to protect their devices from being attacked. Apple has yet to release a patch for the Mac, meaning that any systems operating on the OS X operating system are still vulnerable to malicious attacks.
The flaw was present in the operating system’s code “for months.” Apple researchers and developers did not publicly release knowledge of the flaw in order to prevent people from exploiting it.
In December, Apple was accused by German magazine Der Spiegel of stealing user information for the National Security Agency. The magazine claimed that iPhones had been programmed with a backdoor which allowed the NSA to access a user’s contact information, text messages, voice mail, and location – they even claimed that the Agency could access the phone’s camera and microphone in order to get information. Apple stated in a press release that they did not have any knowledge of any back doors to their devices, and that they were not facilitating the NSA in any way. Some people have speculated that the NSA’s backdoor is the same flaw that was just recently discovered – Apple has since denied this as well.
Before the patch was released on Friday, millions of Apple’s products were vulnerable to malicious attacks. Some products, like the Mac OS X and devices running earlier operating systems are still vulnerable, as a patch has not yet been released. Apple stated that fixes for Apple computers would be released “very soon.” This is not the first time that iOS products have been vulnerable. In August, a Russian website revealed a vulnerability which allowed individual apps to be tampered with from a remote location. Last year, Apple employees’ computers were targets of a series of hacks which tried to breach their networks.
By Tyler Shibata