|
Could what happened in the iTunes Music Store happen to Ovi too?
In case you've not heard, some developers have uploaded some software (mainly books and travel apps) that secure that users details and makes purchases, a lot of purchases.
More information here... Do you think that could happen to Ovi too? |
Re: Could what happened in the iTunes Music Store happen to Ovi too?
The most important thing is that it doesn't happen to Maemo.org repositories, expecially Extras.
Luckily our QA Extras-Testing testers are better than Ovi's. |
Re: Could what happened in the iTunes Music Store happen to Ovi too?
Well, nothing can be bought from Extras, I don't see many attackers going that way.
Ovi though can be more attractive to them... |
Re: Could what happened in the iTunes Music Store happen to Ovi too?
I'm still not clear on that iTunes attack vector...
It's not likely that the online store itself is compromised, otherwise the attacker would probably choose a different method to sieve the money. |
Re: Could what happened in the iTunes Music Store happen to Ovi too?
The store wasn't directly compromised. Consider the free books a trojan horse in the truest sense. You get the book, it gathers your info, reports it out - that's dumbed WAY down, but you get the gist.
Apparently there's a local store of your password, et al that's being exploited. But... could something like that happen in the Ovi Store? |
Re: Could what happened in the iTunes Music Store happen to Ovi too?
Ovi store unlike iTunes works through MicroB which encrypts the saved passwords (EDIT: maybe just better). However, a keylogger can help in this case...
|
Re: Could what happened in the iTunes Music Store happen to Ovi too?
Ah... thanks.
|
Re: Could what happened in the iTunes Music Store happen to Ovi too?
Isn't it more likely that they use some social engineering trick to harvest the passwords?
I don't think they even store iTunes password on iOS, because you're asked for the password every time you make a purchase. Well it'll 'cache' it for 5-10 minutes for convenience, but past that period then it'll reask you for the password to be resubmitted over the net for reauthentication. Keylogger is also unlikely due to iOS' sandboxing lockdown. |
Re: Could what happened in the iTunes Music Store happen to Ovi too?
Well, maybe its possible the actual tools are logging in automatically from the victim's iPhone? Then again if it spread so fast maybe it was published somewhere (maybe just not in our part of the internet :)).
|
Re: Could what happened in the iTunes Music Store happen to Ovi too?
That's the thing, unless there's a huge gaping exploitable hole in the iOS, then these apps must've performed some sort of social engineering tricks to gain the users' iTunes Store passwords.
It's definitely a chink in Apple's armor, just wondering which part: - iTunes Store itself (least likely) - iOS sandbox (if this is the case, I'm surprised that the damage is limited to 1-2 perpetrator so far... and why there isn't an update yet to address it). - iTunes Store' approval system (Maybe the guy hid the social engineering routing somehow ... and this sort of thing is nothing new for Apple :D) |
Re: Could what happened in the iTunes Music Store happen to Ovi too?
Quote:
|
Re: Could what happened in the iTunes Music Store happen to Ovi too?
Here is some more on the situation with additional links in the story. http://www.windowssecrets.com/2010/0...-close-to-home
It seems even the experts aren't immune. Apparently, this isn't the first major breach of apple security and apple seems reluctant or unwilling to help the victims. |
Re: Could what happened in the iTunes Music Store happen to Ovi too?
Windows ... security ... experts ... *cough* :p
It probably went like this: 1. Self proclaimed expert starts norton anti virus scan... 2. ...nothing found 3. Yay, the system is clean! Happy shopping! |
| All times are GMT. The time now is 03:26. |
vBulletin® Version 3.8.8