I hate those splash screen ones. I don't use them. I was thinking about the coffee shop, restaurant, carwash, car dealership etc. where you ask for the password. It is public as in free for customers.
Only the lowest, individually-owned eatabliahments, save for some hotel chains give the same password for everyone using their network, but I don't think it's common to encrypt the data, but even if they did the fact that they give access to any wouldbe customers means that the encryption becomes moot to anyone 'on' the network grabbing data.
Only the lowest, individually-owned eatabliahments, save for some hotel chains give the same password for everyone using their network, but I don't think it's common to encrypt the data, but even if they did the fact that they give access to any wouldbe customers means that the encryption becomes moot to anyone 'on' the network grabbing data.
If the packets are encrypted how is anyone going to be able decrypt it? They don't have the private key.
If the packets are encrypted how is anyone going to be able decrypt it? They don't have the private key.
Based on your comment about a single password for the entire network I'd think that the encryption keys would also be usable for all devices connected to the network.
According to the article it says they can snag the Apple ID login credentials, which I still don't understand because that should be using SSL even on non-encrypted WiFi. I would consider that data threatening.
That's the MITM activation server attack.
They have to set up a fake activation server to do so when the phone is powered up (to check activation status).
It doesn't say other iTunes for Windows usage such as regular logins and music playback are affected. They may or may not be.
iPhone/Mac to iCloud servers communication are not affected by this iTunes Win issue.
They say stay away from public wifi, If the wifi is encrypted the hack doesn't work, right? The fake activation server is one thing which should be using SSL but it is apparently not. The second issue is being able to intercept users' Apple ID, which should be using SSL but apparently is not.
They say stay away from public wifi, If the wifi is encrypted the hack doesn't work, right? The fake activation server is one thing which should be using SSL but it is apparently not. The second issue is being able to intercept users' Apple ID, which should be using SSL but apparently is not.
They are afraid of hackers poisoning the DNS on the WiFi router to route you to the fake activation server.
Even if the Wifi channel is encrypted, it can still serve you bad data from the wrong server in this scenario. The hackers will decrypt your requests on this fake server.
This is possible because allegedly, iTunes for Windows doesn't verify the activation server cert. iOS and Mac do, and so will call out the fake servers.
If the packets are encrypted how is anyone going to be able decrypt it? They don't have the private key.
Based on your comment about a single password for the entire network I'd think that the encryption keys would also be usable for all devices connected to the network.
No, I don't think so. I have learned that you are much more knowledgable than I am in regard to network protocols, but from my understanding having a password to a WiFi does not enable you to defeat the encryption of the connection because you would need the private key which is inaccessible to people who simply have the password to login. In fact it is inaccessible to people who have administrative permissions on the WiFi. Please clear this up for me because I'm confused how you think the encryption is somehow crackable simply knowing the WiFi access password.
They are afraid of hackers poisoning the DNS on the WiFi router to route you to the fake activation server.
If it is using SSL and the cert is not authoritative that should end the connection. I am probably missing something but activation is for new users and is not the same as accessing iCloud as a regular user. Two separate issue, right?
If it is using SSL and the cert is not authoritative that should end the connection. I am probably missing something but activation is for new users and is not the same as accessing iCloud as a regular user. Two separate issue, right?
Yap. 2 separate issues unless iTunes Windows does not verify *all* server certs. I haven't heard anyone say that yet. Only activation server cert so far.
iTunes Win doesn't know if the activation server cert is authoritative because it skipped the check for whatever reason, so the connection stays up.
Yap. 2 separate issues unless iTunes Windows does not verify *all* server certs. I haven't heard anyone say that yet. Only activation server cert so far.
iTunes Win doesn't know if the activation server cert is authoritative because it skipped the check for whatever reason, so the connection stays up.
The reason I'm confused is they recommend that users not access iCloud on public wifi. This does not seem like it has anything to do with activation. iPhones should be using SSL all the time when connecting to Apple back end. How is it possible for someone in a coffee shop to get their Apple ID stolen out of the air when using SSL?
If it is using SSL and the cert is not authoritative that should end the connection. I am probably missing something but activation is for new users and is not the same as accessing iCloud as a regular user. Two separate issue, right?
Like patsu already replied as far as we know the unlock hack only allows the unlocking of the phone. The Surfright security researcher told De Telegraaf (original publisher of the Story) that it was unknown if they (the hackers) could have access to other data as well with that hack, he described it as a possibility that they could have further access.
The Windows password interception clearly presents a danger to user data security.
The reason I'm confused is they recommend that users not access iCloud on public wifi. This does not seem like it has anything to do with activation. iPhones should be using SSL all the time when connecting to Apple back end. How is it possible for someone in a coffee shop to get their Apple ID stolen out of the air when using SSL?
Probably Ill-advised ?
The iTunes for Windows vulnerability has nothing to do with iOS and Mac.
They can steal your credentials if you're using iTunes for Windows activation, by setting up a fake activation server and tricking the router to send you to the fake server.
The iTunes for Windows vulnerability has nothing to do with iOS and Mac.
They can steal your credentials if you're using iTunes for Windows activation, by setting up a fake activation server and tricking the router to send you to the fake server.
If this is all about activation why bother to steal someone's legitimate Apple ID? The hackers have a stolen phone and a fake activation server, why do they need to steal my Apple ID?
If this is all about activation why bother to steal someone's legitimate Apple ID? The hackers have a stolen phone and a fake activation server, why do they need to steal my Apple ID?
It's not a functioning activation server. They just use it to gather your ID and password, then hit the real activation server with your phone to activate it. Not very useful in this regard but still harmful since they can use your iTunes credentials for follow-up attacks.
This is why I suspect there may be 2 different hacks. The other one is more "useful" for bulk activation since they may not need your credentials to do so (I don't know yet).
From what I can gather from the limited information that's presented, it looks to me like someone would need to snoop around a public wifi for unsuspecting iphone victims. Capture their Apple ID and PW (which is yet to be proven, it's only "claimed"), then steal that person's iphone.
What happens if the device was stolen first, and remote wiped? How would they get the user's Apple ID and PW then?
From what I can gather from the limited information that's presented, it looks to me like someone would need to snoop around a public wifi for unsuspecting iphone victims. Capture their Apple ID and PW (which is yet to be proven, it's only "claimed"), then steal that person's iphone.
What happens if the device was stolen first, and remote wiped? How would they get the user's Apple ID and PW then?
They wouldn't need to. The hackers claim to be able to unlock the phone by fooling the phone that their fake server is iCloud, taking advantage of a issue in the server verification. They say more than 30000 stolen iPhones have been unlocked this way and sold for profit (as they are more valuable unlocked than locked of course). For now there is no evidence that this hack also gives access to user data.
The credentials (password and AppleID) intercept through iTunes for Windows (which of course is a risk for user data) is separate from the unlocking hack. Although both seem to use the verification issue to their advantage. The risk with unencrypted WiFi seems to be both the ability to act as iCloud, man-in-the-middle attack (which all devices all vulnerable to) and the fact the passwords aren't hashed locally (which is specific for iTunes for Windows).
Comments
Only the lowest, individually-owned eatabliahments, save for some hotel chains give the same password for everyone using their network, but I don't think it's common to encrypt the data, but even if they did the fact that they give access to any wouldbe customers means that the encryption becomes moot to anyone 'on' the network grabbing data.
If the packets are encrypted how is anyone going to be able decrypt it? They don't have the private key.
It would be encrypted using the fake server's SSL cert.
Remember, the security researchers can set these up easily beforehand,
Based on your comment about a single password for the entire network I'd think that the encryption keys would also be usable for all devices connected to the network.
According to the article it says they can snag the Apple ID login credentials, which I still don't understand because that should be using SSL even on non-encrypted WiFi. I would consider that data threatening.
That's the MITM activation server attack.
They have to set up a fake activation server to do so when the phone is powered up (to check activation status).
It doesn't say other iTunes for Windows usage such as regular logins and music playback are affected. They may or may not be.
iPhone/Mac to iCloud servers communication are not affected by this iTunes Win issue.
They say stay away from public wifi, If the wifi is encrypted the hack doesn't work, right? The fake activation server is one thing which should be using SSL but it is apparently not. The second issue is being able to intercept users' Apple ID, which should be using SSL but apparently is not.
They are afraid of hackers poisoning the DNS on the WiFi router to route you to the fake activation server.
Even if the Wifi channel is encrypted, it can still serve you bad data from the wrong server in this scenario. The hackers will decrypt your requests on this fake server.
This is possible because allegedly, iTunes for Windows doesn't verify the activation server cert. iOS and Mac do, and so will call out the fake servers.
If the packets are encrypted how is anyone going to be able decrypt it? They don't have the private key.
Based on your comment about a single password for the entire network I'd think that the encryption keys would also be usable for all devices connected to the network.
No, I don't think so. I have learned that you are much more knowledgable than I am in regard to network protocols, but from my understanding having a password to a WiFi does not enable you to defeat the encryption of the connection because you would need the private key which is inaccessible to people who simply have the password to login. In fact it is inaccessible to people who have administrative permissions on the WiFi. Please clear this up for me because I'm confused how you think the encryption is somehow crackable simply knowing the WiFi access password.
If it is using SSL and the cert is not authoritative that should end the connection. I am probably missing something but activation is for new users and is not the same as accessing iCloud as a regular user. Two separate issue, right?
Yap. 2 separate issues unless iTunes Windows does not verify *all* server certs. I haven't heard anyone say that yet. Only activation server cert so far.
iTunes Win doesn't know if the activation server cert is authoritative because it skipped the check for whatever reason, so the connection stays up.
Yap. 2 separate issues unless iTunes Windows does not verify *all* server certs. I haven't heard anyone say that yet. Only activation server cert so far.
iTunes Win doesn't know if the activation server cert is authoritative because it skipped the check for whatever reason, so the connection stays up.
The reason I'm confused is they recommend that users not access iCloud on public wifi. This does not seem like it has anything to do with activation. iPhones should be using SSL all the time when connecting to Apple back end. How is it possible for someone in a coffee shop to get their Apple ID stolen out of the air when using SSL?
If it is using SSL and the cert is not authoritative that should end the connection. I am probably missing something but activation is for new users and is not the same as accessing iCloud as a regular user. Two separate issue, right?
Like patsu already replied as far as we know the unlock hack only allows the unlocking of the phone. The Surfright security researcher told De Telegraaf (original publisher of the Story) that it was unknown if they (the hackers) could have access to other data as well with that hack, he described it as a possibility that they could have further access.
The Windows password interception clearly presents a danger to user data security.
Probably Ill-advised ?
The iTunes for Windows vulnerability has nothing to do with iOS and Mac.
They can steal your credentials if you're using iTunes for Windows activation, by setting up a fake activation server and tricking the router to send you to the fake server.
Probably Ill-advised ?
The iTunes for Windows vulnerability has nothing to do with iOS and Mac.
They can steal your credentials if you're using iTunes for Windows activation, by setting up a fake activation server and tricking the router to send you to the fake server.
If this is all about activation why bother to steal someone's legitimate Apple ID? The hackers have a stolen phone and a fake activation server, why do they need to steal my Apple ID?
It's not a functioning activation server. They just use it to gather your ID and password, then hit the real activation server with your phone to activate it. Not very useful in this regard but still harmful since they can use your iTunes credentials for follow-up attacks.
This is why I suspect there may be 2 different hacks. The other one is more "useful" for bulk activation since they may not need your credentials to do so (I don't know yet).
Thanks. That was the answer I needed.
That's a great analogy. I can just imagine all the XP users being dragged down and devoured ... sooner the better IMHO! :smokey:
From what I can gather from the limited information that's presented, it looks to me like someone would need to snoop around a public wifi for unsuspecting iphone victims. Capture their Apple ID and PW (which is yet to be proven, it's only "claimed"), then steal that person's iphone.
What happens if the device was stolen first, and remote wiped? How would they get the user's Apple ID and PW then?
The credentials (password and AppleID) intercept through iTunes for Windows (which of course is a risk for user data) is separate from the unlocking hack. Although both seem to use the verification issue to their advantage. The risk with unencrypted WiFi seems to be both the ability to act as iCloud, man-in-the-middle attack (which all devices all vulnerable to) and the fact the passwords aren't hashed locally (which is specific for iTunes for Windows).