Apple: iTunes downloads without encryption

Apple and iTunes: The encryption of traffic across the web is now mandatory, or almost mandatory, as Apple chooses not to encrypt downloads from iTunes.

You usually know when a page uses HTTPS encryption by the little green padlock on the left side of it ς του URL. Αν δεν υπάρχει το μικρό λουκέτο κάτι συμβαίνει. Αυτό παρατήρησαν οι ερευνητές της Disconnect στο iTunes και το Apple.Apple Lossless Audio CODEC (ALAC),

Every time you download an app or update from the App Store or a movie, a TV show, or a song from iTunes, the download comes via HTTP without TLS.

This makes it at least theoretically easier for an internet service provider, hacker, or even someone on a shared Wi-Fi network to track your movements.

Please note that each unencrypted download also includes an Apple-created code. Called Destination Signaling Identifier, it is a unique device ID generated by iCloud and periodically changed.
Disconnect researchers report that attackers could use DSID to track one's habits or the applications he uses.

"There is so much you can learn about someone by downloading an app" he says Patrick , CTO of Disconnect, and former NSA researcher.

Disconnect researchers reported the bug to Apple in September, highlighting their concerns. Apple replied that this is not an error and that downloads via HTTP are "expected". The response essentially confirms that the downloads are not encrypted, and according to the researchers, the company declined to comment further on the use of HTTP in the downloads.

While it is surprising that a company claiming to be in favor of privacy does not use secure connections, iOS researcher Will Strafach says he believes the non-use of TLS serves a specific purpose.

Με την αποστολή των λήψεων μέσω του HTTP αντί μέσω κρυπτογραφημένων συνδέσεων, οι διαχειριστές συστημάτων, ειδικά σε μεγάλα επιχειρηματικά περιβάλλοντα, μπορούν να δημιουργήσουν ένα είδος σταθμού με προσωρινή αποθήκευση μεγάλων εφαρμογών και στο τοπικό τους δίκτυο για ταχύτερη διανομή. Αυτό σημαίνει ότι δεν θα καταναλώνουν εύρος ζώνης αν μια εφαρμογή, μια ενημερωμένη έκδοση ή κάποιο άλλο αρχείο κατεβαίνει ξανά και ξανά σε πολλές συσκευές. Εάν οι συνδέσεις ήταν κρυπτογραφημένες μεταξύ των διακομιστών της Apple και των συσκευών, η δημιουργία ενός ενδιάμεσου σταθμού που προσφέρει προσωρινή αποθήκευση δεν θα ήταν δυνατή.

However, Apple's specific behavior is not safe. We should mention that if the above reason why the company does not add encryption to downloads is true, the company's friends should think again about where they are giving their money. Let's remember that we are talking about one of the richest technological ones .

________________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).