British firm Gamma International was found hawking spyware to foreign intelligence services that installed onto users' computers via an iTunes security hole. The breach has been fixed, but documents indicate that the exploit was used to snoop on the email, Skype, and social media activities of users worldwide.
Democracy and free speech activists worldwide have something new to worry about--cyberwarfare via iTunes. A reporter for a German magazine caught a British security firm boasting about how they can use Apple's megapopular software to infect target computers with malware on behalf of foreign governments. At a booth this past September at Germany's Cyber Warfare Europe conference, representatives from Gamma International UK showed how their FinFisher product service could insert spyware via iTunes at the request of intelligence, security, and police agencies worldwide.
The spyware takes advantage of an unencrypted HTTP request that is filed by iTunes when Apple Software Updater is inactive. Once installed on a user's computer, the spyware program redirected users' web browsers to a customized web page that pretended Flash was not installed on the user's computer. The "Flash" that the web page would install was in reality a sophisticated piece of spyware that sent info on a user's activities directly to foreign intelligence services.
The latest iTunes software update, 10.5.1, was released on Monday, November 14, and appears to have fixed the exploit FinFisher used. Apple's launch of 10.5.1 roughly coincided with both the Der Spiegel article, and the release of a massive cache of documents on widespread Internet surveillance by the Wall Street Journal which includes detailed information on FinFisher and similar products. Most of the documents obtained by the Journal were distributed at a Washington trade show, ISSWorld Americas, which promises “intelligence support systems for lawful interception, criminal investigations and intelligence gathering,” which was...
[Source: Fast Company]
No comments:
Post a Comment