Fast Company reports on possible malware being used to breach the security and privacy of people’s computers:
Democracy and free speech activists worldwide have something new to worry about–cyberwarfare via iTunes. A reporter for a German magazine caught a British security firm boasting about how they can use Apple’s megapopular software to infect target computers with malware on behalf of foreign governments. At a booth this past September at Germany’s Cyber Warfare Europe conference, representatives from Gamma International UK showed how their FinFisher product service could insert spyware via iTunes at the request of intelligence, security, and police agencies worldwide.
The spyware takes advantage of an unencrypted HTTP request that is filed by iTunes when Apple Software Updater is inactive. Once installed on a user’s computer, the spyware program redirected users’ web browsers to a customized web page that pretended Flash was not installed on the user’s computer. The “Flash” that the web page would install was in reality a sophisticated piece of spyware that sent info on a user’s activities directly to foreign intelligence services.
The latest iTunes software update, 10.5.1, was released on Monday, November 14, and appears to have fixed the exploit FinFisher used. Apple’s launch of 10.5.1 roughly coincided with both the Der Spiegel article, and the release of a massive cache of documents on widespread Internet surveillance by the Wall Street Journal which includes detailed information on FinFisher and similar products. […]
News of the iTunes exploit was broken by Der Spiegel‘s Marcel Rosenbach, who wrote a German-language report on Gamma’s product. Rosenbach openly compared the surveillance methods offered by FinFisher and Gamma International to those used by cybercriminals. Once FinFisher’s trojan horse software took advantage of the iTunes security hole and tricked users into installing spyware, outside observers would be able to monitor Skype conversations–even if encrypted–and monitor all text/image web traffic, including both Twitter and Facebook.