For years Apple users were vary of the Apple store website because the web address lacked encryption. You could easily be fleeced by hacker due to a security hole in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications leaving you with a handsome bill to pay.
The flaw arose because Apple was not using encryption when an iPhone or other mobile device tried to connect to the App Store, meaning an attacker can hijack the connection. In addition to a security flaw, the unencrypted connections also created a privacy vulnerability because the complete list of applications installed on the device are disclosed over Wi-Fi and can be seen by anybody having the knowledge of hacking.
This was not limited to just seeing what applications you have, it also allowed the exploiter to installation of apps, including extremely expensive apps like the ones listed here, without the your consent. This would land you, the user with a huge bill and that was particularly worrisome as Apple doesn't give refunds easily.
And doing this was also very easy. The exploiter needed to be on the same private or public Wi-Fi network the Cafe Coffee Day outlets, Airports or Hotel lounges.
This was brought to the notice of Apple last July by Security researcher Elie Bursztein, however till now Apple, suprisingly took no action.
But better late than never, the Apple today fixed the flaw in a recent update that said "content is now served over HTTPS by default." So now when you log on to the Apple Store, you will notice the HTTPS signature to the left hand top corner of you screen. With this your transaction over at the store will be secure as of today.
Please post your comments regarding this article.
Vijay Prabhu
ليست هناك تعليقات:
إرسال تعليق