Apple and iTunes: The encryption of traffic across the web is now mandatory, or almost mandatory, as Apple chooses not to encrypt downloads from iTunes.
You usually know when one σελίδα χρησιμοποιεί κρυπτογράφηση HTTPS από το μικρό πράσινο λουκέτο στην αριστερή πλευρά της γραμμής του URL. Αν δεν υπάρχει το μικρό λουκέτο κάτι συμβαίνει. Αυτό παρατήρησαν οι researchers by Disconnect on iTunes and the App Store Apple.
Every time you download an app or update from the App Store or a movie, a TV show, or a song from iTunes, the download comes via HTTP without TLS.
This makes it at least theoretically easier for an ISP, a hacker, or even someone in public network Wi-Fi to track your movements.
Please note that each unencrypted download also includes an Apple-created code. Called Destination Signaling Identifier, it is a unique device ID generated by iCloud and periodically changed.
Disconnect researchers report that attackers could use DSID to track one's habits or the applications he uses.
"There is so much you can learn about someone by downloading an app" he says Patrick Jackson, Cisco's Disconnect, and a former NSA researcher.
Disconnect researchers reported the bug to Apple in September, highlighting their concerns. Apple replied that this is not an error and that downloads via HTTP are "expected". The response essentially confirms that the downloads are not encrypted, and according to the researchers, the company declined to comment further on the use of HTTP in the downloads.
While it is surprising that a company claiming to be in favor of privacy does not use secure connections, iOS researcher Will Strafach says he believes the non-use of TLS serves a specific purpose.
By Mission of downloads over HTTP instead of over encrypted connections, system administrators, especially in large business environments, can create a sort of station by caching large applications and files on their local network for faster distribution. This means they won't eat up bandwidth if an app, update, or other file is downloaded over and over on multiple devices. If connections were encrypted between Apple's servers and devices, creating a staging post that offers temporary storage would not be possible.
However, Apple's specific behavior is not safe. Let's say if the above reason why the company does not add encryption to downloads, the friends of the company will have to think again about giving their money. Let's remind you that we are talking about one of the richest technology companies.
________________________
- TDSSKiller free Rootkit removal from Kaspersky
- Microsoft, Apple, Google, Facebook, Amazon and captivity
- Bugatti Chiron from Lego, it works normally!
