Sniffer Hijacks SSL Traffic From Unpatched IPhones 94
Posted
by
samzenpus
from the patch-your-phone dept.
from the patch-your-phone dept.
CWmike writes "Almost anyone can snoop the secure data traffic of unpatched iPhones and iPads using a recently-revised nine-year-old tool, a researcher said as he urged owners to apply Apple's latest iOS fix. If iOS devices aren't patched, attackers can easily intercept and decrypt secure traffic — the kind guarded by SSL, which is used by banks, e-tailers and other sites — at a public Wi-Fi hotspot, said Chet Wisniewski, a security researcher with Sophos. 'This is a nine-year-old bug that Moxie Marlinspike disclosed in 2002,' Wisniewski told Computerworld on Wednesday. On Monday, Marlinspike released an easier-to-use revision of his long-available 'sslsniff' traffic sniffing tool. 'My mother could actually use this,' he said."
Breaks Jailbreak (Score:4, Insightful)
Wonder if someone will patch this like they did the PDF exploit and put it on Cydia.
Re:3G Owners are SCREWED (Score:5, Insightful)
iPod touch 2g also.
It was still being sold as the 8 gig version less than 3 months before the announced last software update.
The 3g 8gig was being sold around 6 months before the last announced software update.
I understand not getting feature updates, but why can't we get security updates for a device apple was still selling a year ago?