Feb 24 2014, 6:02pm CST | by Forbes
Many of you by now will have read about the Apple security issues in iOS and Mac OS X. Whilst we all wait patiently for Apple to comment on the issue, or better yet to fix it, users are left exposed to a bug that could allow attackers to gain access to sensitive information. I thought therefore that it was worth spending a few moments talking about the ways to mitigate this problem and an innovative unofficial patch from a colleague, Paul Ducklin, who writes for Naked Security at Sophos. If you want to skip right to the tips scroll down a little further in the article.
For those of you whom are technically inclined Paul has put together an excellent technical analysis of the fault here, but for the rest of us, here is a quick summary of how an attacker could use this flaw to attack:
To paint the picture of how easy this would be, in a recent test in San Francisco we set up our own wireless hotspot offering free Internet (named FreePublicWifi and FreeInternet) and within a short space of time 1512 users connected voluntarily. Any one of these users who wanted our free Internet connection could potentially have been targeted. As a side, we were able to detect from these systems that 484 of these systems were using iOS and 181 using Mac OS X (I would have argued a little high, but I suppose this is expected in San Francisco). This shows how realistic this attack vector actually is and how easy it would have been for us to execute this attack. Note, we offered a warning and did not modify traffic or doing anything malicious – but it would have been easy to not play nice.
What should you do about it?
One more option (warning, technical gore included)
Paul has done some very interesting research on the failure and for those of you who are interested in the technical flaw and how it could be mitigated. Take a look here. I wouldn’t recommend production deployment of this fix, but it does show in depth where the flaw occurs and how it can be mitigated. It is very much worth the read from a research perspective for those of you that want a little more detail about what mistake was actually made.
We will all wait on Apple providing further updates, but in the mean time make sure you apply these best practices and think a little more carefully about what you connect to.
Follow me on Twitter @jameslyne
Source: Forbes Apple
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.
blog comments powered by Disqus