Berlin – iOS operating system Apple Inc., has a flaw that allows hackers to invade the devices iPhone and iPad that are within range of a wireless connection, according to security company Skycure Ltd.
Applications of equipment and even the basic software as a whole close when operated with SSL encryption certificates handled, said the CEO of Skycure, Adi Sharabani, in a telephone interview.
If hackers manage to invade the devices that are within range of your own wireless network, they can effectively create a “zone without iOS,” according to Skycure, which is based in Tel Aviv, Israel.
“When programs give error, people tend to think it is for a quality problem,” said Sharabani. “But it could be a serious vulnerability.”
Because Apple maintains tight control over the code of your operating system and the applications that can run on it, hackers specialize in mobile phones have focused on the Android platform, Google Inc., which gives them more freedom of manipulation. Failure SSL shows that hackers may have the opportunity to also cause damage to Apple customers.
An Apple representative in London declined to comment. The Skycure said he did not know if anyone has exploited this security hole.
The latest version of iOS, 8.3, launched this month, repaired some of their vulnerabilities, while others may be reproduced, Sharabani said. He declined to provide details as to not give instructions to hackers.
reboot cycles
The Skycure, founded in 2012 by Sharabani and the chief technology officer Yair Amit, specializes in software that protect mobile devices from attacks by the airwaves.
The company, which received $ 8 million last month as investors Shasta Ventures, discovered in 2013 how hackers can attack cell phone users through without malicious wireless networks using privileges usually reserved for mobile operators.
The researchers discovered the Skycure iOS failure experimenting with various ways of connecting devices to a network. When they brought a new router and changed the wireless settings, programs of devices that ran the Apple software started showing errors.
The hackers that control the network that your device is connected can also control the certificates that are often used to transfer data securely and use them to attack the so-called “denial of service”.
How SSL encryption is used by iOS and for almost all applications available on the App Store, vulnerability concerns a wide range of users.
In the worst case, the devices can be forced into reset cycles that can only be stopped if the client out of the reach of malicious network, Sharabani said.
Users should make sure you upgrade the operating system logo and be careful when using public wireless local area networks, said the Skycure.
No comments:
Post a Comment