Sniffer Hijacks SSL Traffic From Unpatched IPhones - Slashdot

Slashdot

Become a fan of Slashdot on Facebook

Sniffer Hijacks SSL Traffic From Unpatched IPhones 94

Posted by samzenpus on Thursday July 28, 2011 @10:47AM
from the patch-your-phone dept.

CWmike writes "Almost anyone can snoop the secure data traffic of unpatched iPhones and iPads using a recently-revised nine-year-old tool, a researcher said as he urged owners to apply Apple's latest iOS fix. If iOS devices aren't patched, attackers can easily intercept and decrypt secure traffic — the kind guarded by SSL, which is used by banks, e-tailers and other sites — at a public Wi-Fi hotspot, said Chet Wisniewski, a security researcher with Sophos. 'This is a nine-year-old bug that Moxie Marlinspike disclosed in 2002,' Wisniewski told Computerworld on Wednesday. On Monday, Marlinspike released an easier-to-use revision of his long-available 'sslsniff' traffic sniffing tool. 'My mother could actually use this,' he said."

This discussion has been archived. No new comments can be posted.

Sniffer Hijacks SSL Traffic From Unpatched IPhones

Search 94 Comments Log In/Create an Account

Comments Filter:

Breaks Jailbreak (Score:4, Insightful)

by tecker (793737) writes: on Thursday July 28, 2011 @11:11AM (#36909496) Homepage

Problem is that applying this update for something that is not likely exploited in the wild will hose your Unteathered Jailbreak. Reports on twitter are that redsn0w pointed at 4.3.4 (or 4.2.9) will work for getting a tethered Jailbreak. Many jailbreakers likely wont bother.

Wonder if someone will patch this like they did the PDF exploit and put it on Cydia.

Share
twitter facebook linkedin
Re:3G Owners are SCREWED (Score:5, Insightful)

by spinkham (56603) writes: on Thursday July 28, 2011 @11:52AM (#36910088)

iPod touch 2g also.
It was still being sold as the 8 gig version less than 3 months before the announced last software update.
The 3g 8gig was being sold around 6 months before the last announced software update.
I understand not getting feature updates, but why can't we get security updates for a device apple was still selling a year ago?

Parent Share
twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

598 commentsTumblr Co-Founder: Apple's Software Is In a Nosedive
590 commentsWhy Run Linux On Macs?
325 commentsApple Faces Class Action Lawsuit For Shrinking Storage Space In iOS 8
304 commentsPutting a MacBook Pro In the Oven To Fix It
227 commentsSony To Release the Interview Online Today; Apple Won't Play Ball

Optimism is the content of small men in high places. -- F. Scott Fitzgerald, "The Crack Up"