From Computerworld:
http://www.computerworld.com/s/article/9218676/Sniffer_hijacks_secure_traffic_from_unpatched_iPhones
Sniffer hijacks secure traffic from unpatched iPhones
Nine-year-old bug patched for newer iPhones, iPads, but older models 'perpetually vulnerable,' says expert
By Gregg Keizer
Almost anyone can snoop the secure data traffic of unpatched iPhones and iPads using a recently-revised tool, a researcher said today as he urged owners to apply Apple's latest iOS fix. The nine-year-old bug was quashed Monday when Apple issued a patch for the iPhone 4, iPhone 3GS and third- and fourth-generation iPod Touch.
If those devices aren't patched, attackers can easily intercept and decrypt secure traffic -- the kind guarded by SSL, which is used by banks, e-tailers and other sites -- at a public Wi-Fi hotspot, said Chet Wisniewski, a security researcher with U.K.-based Sophos.
The article goes on to say that the bug has apparently existed in the iPhone since day 1, even though it's based on a security hole that was uncovered way back in 2002. If you have an iPhone and haven't patched it yet, you should do it TODAY. If you have an older iPhone that Apple hasn't released a patch for, you either need to STOP using it to make online purchases at public hotspots, or just break down and spring for a newer phone with better security.
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore