Apple and iTunes: The encryption of traffic across the web is now mandatory, or almost mandatory, as Apple chooses not to encrypt downloads from iTunes.
You usually know when a page uses HTTPS encryption from the small green padlock on the left side of the URL bar. If there is no small padlock something happens. This was observed by Disconnect researchers on iTunes and App Store Apple.
Every time you download an app or update from the App Store or a movie, a TV show, or a song from iTunes, the download comes via HTTP without TLS.
This makes it at least theoretically easier for an internet service provider, hacker, or even someone on a shared Wi-Fi network to track your movements.
Note that every unencrypted download also includes a code generated by Apple. It is called the destination identifier from the Destination Signaling Identifier, and this is a unique device identifier that is generated by iCloud and changes periodically.
Disconnect researchers report that attackers could use DSIDs to track someone's habits or applications that uses.
"There is so much you can learn about someone by downloading an app" he says Patrick Jackson, CTO of Disconnect, and former NSA researcher.
Disconnect researchers reported the bug to Apple in September, highlighting their concerns. Apple replied that this is not an error and that downloads via HTTP are "expected". The response essentially confirms that the downloads are not encrypted, and according to the researchers, the company declined to comment further on the use of HTTP in the downloads.
While it is surprising that a company claiming to be in favor of privacy does not use secure connections, iOS researcher Will Strafach says he believes the non-use of TLS serves a specific purpose.
By sending HTTP downloads instead of encrypted connections, system administrators, especially in large business environments, can create a kind of station by temporarily storing large applications and files on their local network for faster delivery. This means they will not consume bandwidth if an application, an update, or another file goes down again and again on multiple devices. If the connections were encrypted between Apple's servers and the devices, creating a buffer that offers temporary storage would not be possible.
However, Apple's specific behavior is not safe. Let's say if the above reason why the company does not add encryption to downloads, the friends of the company will have to think again about giving their money. Let's remind you that we are talking about one of the richest technology companies.
________________________
- TDSSKiller free Rootkit removal from Kaspersky
- Microsoft, Apple, Google, Facebook, Amazon and captivity
- Bugatti Chiron from Lego, it works normally!
