Security bug allows hackers to bypass encryption, intercept iCloud Keychain
Password security is vital but way too often neglected. And the problem comes not from unaware users who keep reusing weak passwords â€“ it also comes from manufacturers who don”t focus enough on security flaws and vulnerabilities in their products.
Who would have thought an unreported flaw in iCloud Keychain would expose passwords and credit card data to hackers? And if that wasn”t bad enough, an attacker could have easily bypassed encryption and access all the data stored on Apple gadgets, found a researcher from security consulting company Longterm Security.
“While reviewing attack surfaces on iOS for potential sandbox escapes, we uncovered a critical flaw in a custom Off-The-Record implementation relied upon by iCloud Keychain Sync in addition to a memory trespass error (CVE-2017â€“2451),” explains Longterm Security co-founder Alex Radocea, who will give a full presentation on the issue at BlackHat USA.
According to Radocea, the bug is what authorities are regularly investigating in end-to-end encryption because it allows hackers to weaken the structure and intercept all data sent from the device.
Apple introduced iCloud Keychain with iOS7 to make it easier for users to sync their passwords and credit card numbers on all devices. Even if a device is lost, the data can be restored through the iCloud Keychain Recovery mechanism.
Prior to this discovery, iCloud Keychain was viewed as one of the safest password sharing tools due to its end-to-end encryption, but “the flaw undermined that end-to-end encryption capability and could have allowed a privileged attacker to steal user keychain secrets.”
Apple covered the unreported flaw in its recent security update piece, ensuring customers they have already investigated the matter which was fixed through Apple”s release of iOS 10.3.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021