Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

iTunes Breach Proves that Apple is not Immune to Compromise

Lieberman Software : 09 July, 2010  (Technical Article)
Phil Lieberman comments on the breach suffered by iTunes users where download lead to loss of iTunes account information, proving that Apple based systems also need protection from malware
The iTunes Breach is discussed by Phil Lieberman.

"This is a case in point for why supply chain management and vendor qualification are key elements of cybersecurity. Failure to manage these elements can lead to a lot worse consequences than that suffered by those on the iTunes store who saw their accounts being used without their authorization.

In essence, customers downloaded and installed programs that had a secondary function (gain access to their iTunes account) from a vendor with no verified credibility or pedigree. Of course, this flies in the face of the unending claims of how secure and virus free the Apple environment is. As has been stated by experts in the field, the Apple environment is fundamentally no more secure than the PC environment since hostile content can be loaded and executed by remote control on virtually all computer platforms. This is a case study of proving the fundamental fallacy of Apple superior security that is promulgated by Apple marketing. If Apple products were not based on conventional computer technology, but perhaps pixy dust, they would not have to conform to the laws of computer science nor would they be exposed cybersecurity threats. Unfortunately pixy dust only rides on Apple marketing, not their processor technology.

In our field of privileged identity, we have been warning customers that the purchase of security software from off-shore vendors funded with VC dollars from unknown / unverified sources can provide a backdoor that could lead to the total loss of security for their environment. In the case of the US government, it verifies vendors and supply chain against foreign interests and hostile content being introduced in their networks. Apple customers have assumed that their machines were both invulnerable to compromise and were being protected from hostile content by the benevolent and all-knowing Apple staff running the iTunes store.

As we can all see now, the Apple computer platforms can be easily compromised (if a developers wants to do so) and the iTunes store management has little to no ability to scan applications for hostile sideband functionality. Perhaps Apple users should wake up and think about what they download from the iTunes store for the Apple devices and not totally trust Apple's vetting process for applications."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo