Page 1 of 2 12 LastLast
Results 1 to 10 of 14
Discuss WARNING: Major security flaw with iTunes. at the General - Hackint0sh.org; As some of you may have noticed, while syncing your iPhone with iTunes, iTunes automatically ...
  1. #1
    Amazingly Knowledgeable Array

    Join Date
    Oct 2007
    Posts
    803
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Exclamation WARNING: Major security flaw with iPhone + iTunes.

    As some of you may have noticed, while syncing your iPhone with iTunes, iTunes automatically creates/updates a good coverage backup of your personal data which include email accounts, contacts, call records, sms, sticky notes, safari bookmarks, cache, cookies, browser histories, and all kinds of settings in Preference.app during every sync.

    The backups are NOT password protect or protected by any mean of security,and restoring the backup does not require any type of verification. Just plug in an iPhone without /var/root/Media/iTunes_Control/ or uses SwapTunes.app, and iTune will automatically ask you if you want to restore any backup to the phone.

    However, the usernames and passwords for both incoming and outgoing servers of the email accounts saved on the phone ARE included in the backups. That's just one thing. The cookies that are backed up also allows almost full access to your accounts on websites, such as forums, which you have saved login details with.

    Remember, wipe out the backup if you sync your phone at your friend's place even with SwapTunes.app. The best thing to do will be sync with your very own personal computer ONLY. The deleted backup image CAN be restored very easily with software like Final Data.

    YOU HAVE BEEN WARNED!
    Last edited by NotFound; 12-02-2007 at 12:24 AM.
    :-)



  2. #2
    Senior Professional Array

    Join Date
    Nov 2007
    Posts
    406
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    you dont think much of your friends is all I can say really.

  3. #3
    Amazingly Knowledgeable Array

    Join Date
    Oct 2007
    Posts
    803
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Default

    Sometimes, a little privacy is what saves you.
    This is about security. I am not going to discuss friendship here.

  4. #4
    Senior Professional Array

    Join Date
    Nov 2007
    Posts
    406
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    I know but still, it's like anything really, I'd never store passwords or cookies on a machine or a mobile device so that same principals apply.

    Worth pointing out for sure not critising that one bit.

    Cheers.

  5. #5
    Senior Professional Array SaCH's Avatar

    Join Date
    Oct 2007
    Location
    Santiago, Chile
    Posts
    163
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    15

    Default

    Quote Originally Posted by NotFound View Post
    Sometimes, a little privacy is what saves you.
    This is about security. I am not going to discuss friendship here.
    I agree, it's about security and it's good to be aware of this "holes", even when this has been discussed extensively and intensively before in this very same forum. It's not bad to warn new users, though.

    Cheers


  6. #6
    Amazingly Knowledgeable Array

    Join Date
    Oct 2007
    Posts
    803
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Default

    link to the other thread?

  7. #7
    Senior Professional Array

    Join Date
    Jul 2007
    Posts
    315
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    25

    Default

    i find it very odd that they would leave the password to your email on the backup but when you restore the phone you have to re-enter it.

  8. #8
    Amazingly Knowledgeable Array

    Join Date
    Oct 2007
    Posts
    803
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    47

    Default

    Quote Originally Posted by otachi View Post
    i find it very odd that they would leave the password to your email on the backup but when you restore the phone you have to re-enter it.
    At least when I just finished restoring the user data backup, I got a few emails on the phone right away.
    The only time that it doesn't preset the passwords is syncing the email accounts.
    Maybe it will if it is able to read the password saved by Outlook? with such a sense of "security", Steve Jobs will be very happy to do so if possible.

    Apple sucks.

  9. #9
    Newbie Array

    Join Date
    May 2008
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by NotFound View Post
    As some of you may have noticed, while syncing your iPhone with iTunes, iTunes automatically creates/updates a good coverage backup of your personal data which include email accounts, contacts, call records, sms, sticky notes, safari bookmarks, cache, cookies, browser histories, and all kinds of settings in Preference.app during every sync.

    The backups are NOT password protect or protected by any mean of security,and restoring the backup does not require any type of verification. Just plug in an iPhone without /var/root/Media/iTunes_Control/ or uses SwapTunes.app, and iTune will automatically ask you if you want to restore any backup to the phone.

    However, the usernames and passwords for both incoming and outgoing servers of the email accounts saved on the phone ARE included in the backups. That's just one thing. The cookies that are backed up also allows almost full access to your accounts on websites, such as forums, which you have saved login details with.

    Remember, wipe out the backup if you sync your phone at your friend's place even with SwapTunes.app. The best thing to do will be sync with your very own personal computer ONLY. The deleted backup image CAN be restored very easily with software like Final Data.

    YOU HAVE BEEN WARNED!
    Hi,

    I just got an iPhone and plugged it into a university computer lab. I ended up with all of this private data that did not belong to me! I want to complain to the University - I already inquired about it, but no one seems to understand how the iPhone and iTunes works. Would you be kind enough to let me ask you some questions? I am sorry - but I think this is significant, and I want to put an end to these privacy violations.

    Thanks for posting on this - you definitely seem like you are on the ball on this issue.

    Thanks,
    Steven

  10. #10
    Gantz Array jav6454's Avatar

    Join Date
    Feb 2008
    Location
    New Orleans, Louisiana (LA) & San Pedro Sula, Honduras (HN)
    Posts
    220
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    20

    Default

    Quote Originally Posted by iPhoneilliterate View Post
    Hi,

    I just got an iPhone and plugged it into a university computer lab. I ended up with all of this private data that did not belong to me! I want to complain to the University - I already inquired about it, but no one seems to understand how the iPhone and iTunes works. Would you be kind enough to let me ask you some questions? I am sorry - but I think this is significant, and I want to put an end to these privacy violations.

    Thanks for posting on this - you definitely seem like you are on the ball on this issue.

    Thanks,
    Steven
    Bad thing to do! Never Sync your iPhone with an University computer! Those are public, anyone can access whatever you leave there.
    Collectors Edition Al MacBook 2.4GHz | 1st Gen iPhone 8GB | iPhone 3G S⃣ 32GB


    Rules are Rules, obey them, don't break 'em
    Obey or else a Ninja Moderator or a Speedy Mod, will lock your threads if you don't comply with rules. Click here to read tittle conformity rules.

    <-- Solved your problems? Made you laugh? Rep is good enough for me


 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 0
    Last Post: 11-08-2011, 09:00 AM
  2. Slashdot: Mac OS X Users Vulnerable To Major Java Flaw
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 05-29-2009, 05:10 AM
  3. Slashdot: Mac OS X Users Vulnerable To Major Java Flaw
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 05-20-2009, 11:20 AM
  4. New security flaw in iPhone discovered
    By anupkm in forum General
    Replies: 1
    Last Post: 12-01-2008, 05:55 PM
  5. Major Security Flaw in 2.0.2
    By bluesky in forum General
    Replies: 9
    Last Post: 08-27-2008, 11:19 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 12:43 PM.
twitter, follow us!