Saturday, July 4, 2015

Rotten Apples, fraud, deliberately concealing vulnerabilities

Can you really trust one of U.S's largest government sponsored surveillance corporation Apple Inc. (NASDAQ: APPL)?

A company that:

  • uses professional trader's information for its financial benefit, via the inbuilt 'Stocks' app?

  • tries to deceive its users AND (deliberately) not fixing the security holes in the operating system.

One way that works is to 'vote' with your wallet, i.e. not buying ANY Apple products.

Note: The blog Corporate Australia does not recommend the use or purchase of Apple products, which have deliberately designed 'back doors' for government agencies to covertly spy on the users.

From the article of 18 Jun 2015 under the headline:

Security exploit leaves Macs, iPhones and iPads vulnerable

Apple’s TouchID is still uncompromised.
Apple’s TouchID is still uncompromised. Source: AP
BOTH your Mac and iPhone have major security flaws that will allow hackers to steal passwords, including bank log in details. Despite knowing this since October, Apple is yet to fix the problem. 

This comes just a day after it was revealed Samsung’s Galaxy devices had a big security hole in its keyboard app.

Researchers from the Georgia Institute of Technology and Indiana University claim that the weakness lies in the ability to crack Apple’s Keychain service which stores your passwords on your iPhone, iPad or Mac.

The team allegedly reported the security flaws to Apple back in October last year, where the company said they understood the seriousness of the holes. Apple asked the researchers to give them six months to fix the exploit before they made it public, yet 8 months later the flaws are still there in the latest versions of both Mac OS X and iOS.

The scariest part about it all is the process in which they compromised their test devices.

They were able to upload malware riddled apps that exploited the vulnerabilities to both the Mac App Store and iOS App Store, and even with Apple’s screening they were approved for the store.

A wide range of both iOS and Mac apps were tested for the exploit, and it was found that almost 90 per cent of them were “completely exposed”, which allowed full access to any of the data inside the apps.

While not confirmed, it’s believed that to gain login details, the malware forces users to log into apps manually where it then captures the information.

Until Apple has a fix for it, security experts recommend caution when downloading new apps from unknown developers, even if they are in the iOS and Mac App Stores. Also remember to be careful when you are asked to log in manually in apps that usually do it for you.

Apple has been contacted for comment.

No comments: