Why Apple's Recent Security Flaw Is So Scary

Illustration for article titled Why Apple's Recent Security Flaw Is So Scary

On Friday, Apple quietly released iOS 7.0.6, explaining in a brief release note that it fixed a bug in which "an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS." That's the understated version. Another way to put it? Update your iPhone right now.


Oh, and by the way, OS X has the same issues—except there's no fix out yet.

Update, 2/25/14: Apple just released OS X 10.9.2, which patches the security flaw described below. Go download it from the App Store right now, preferably over a secure network.

If you understand what that release note meant in full, chances are you were first in line for the iOS update. If it reads like deleted scene from Sneakers, here's what it means for you and your Apple devices.

What Is SSL?

SSL stands for Secure Sockets Layer, and it's what helps ensure that communication between your browser and your favorite websites' servers remains private and secure. TLS, or Transport Layer Security, is a more recent protocol that does essentially the same. In brief, SSL/TLS is a cryptographic key that lets a browser and a server know they are who they say they are, a secret digital handshake that keeps your financial information safe when you make an Amazon payment or log into wellsfargo.com.

This all happens in the background; your only direct interaction with SSL/TLS is when you notice the lock icon in your search bar has clamped shut. That means you've got a direct, private, secure line.

The Apple bug in question—which, again, has been patched in iOS but not yet in OS X, though Apple tells Reuters that fix is coming "very soon"—means that Safari or one of these other affected applications can't actually know for sure if the servers it's talking to are who they say they are. Which leaves you and everything you transmit over the web vulnerable to a Man in the Middle attack.


What's a Man in the Middle Attack?

A Man in the Middle Attack, which we'll call MitM from here for brevity's sake, is basically high-tech eavesdropping. In this case, a MitM attacker on a shared network intercepts the communication between your browser and a site, monitoring, recording, seeing everything that transpires between you.


Gmail. Facebook. Financial transactions. OK Cupid flirting. All of it read, in real-time, by a complete stranger. Here it is in oversimplified chart form:

Illustration for article titled Why Apple's Recent Security Flaw Is So Scary

Normally attacks like this are are foiled by SSL/TLS (encrypted handshakes are hard to get in the middle of), or at least rendered too difficult to be worth it. But this Apple bug makes it painfully easy. That "privileged network position" an attacker needs to be in, referenced in the release notes? It's any public network. That just means he's in the same Starbucks as you.

And this has been going on since September. Of 2012.

How Serious Is It?

If you're still scratching your head over what all of this means and how bad it is, the simplest way to explain it is that developers who understand it deeply weren't even willing to talk about it openly, for fear of giving hackers more ammunition than they already had:


That same Matthew Green, a Johns Hopkins cryptography professor, also explained to Reuters that it was "as bad as you could imagine, that's all I can say." So there you go!


You can afford to take a little bit of a deep breath; your password-protected home network is safe; obviously there's not a hacker lurking in every coffee shop; your personal information is never as interesting to others as you think it is. And if you've updated your iPhone or iPad to 7.0.6, you're fine.

But knowing that this has been going on for a year and a half is troubling just on principle. And knowing that it's been this widely publicized and hasn't yet been fixed for MacBooks means it's worth taking a few extra ounces of precaution.


How Did This Happen?

Nobody knows, and Apple's understandably not saying. But theories range from the plausible to the tin foil hatted. Let's start with what probably happened and work our way up.


Google's Adam Langley detailed the specifics of the bug in his personal blog, if you're looking to stare at some code. But essentially, it comes down to one simple extra line out of nearly 2,000. As ZDNet points out, one extra "goto fail;" statement tucked in about a third of the way means that the SSL verification will go through in almost every case, regardless of if the keys match up or not.

Langley's take, and the most plausible? That it could have happened to anybody:

This sort of subtle bug deep in the code is a nightmare. I believe that it's just a mistake and I feel very bad for whomever might have slipped in an editor and created it.


It doesn't take too much of a stretch of the imagination, though, to draw a few shaky lines between this bug and the NSA's PRISM program. No less an Apple devotee than John Gruber did just that last night, pointing out that the "goto fail;" command first snuck into iOS 6.0, which shipped just a month before Apple was reportedly added to the spy agency's info-snooping PRISM program.


If you want to go full tinfoil hat based on that timing, you're welcome to, but it's highly unlikely that Apple intentionally added this bit of code. It's entirely possible, though, that the NSA found out about it before Apple did, and has been secretly exploiting it for its PRISM purposes.

How Can I Prevent It?

If you're on an iOS device, you need to download 7.0.6 immediately. If you've got a 3GS or an old iPod touch, you can download iOS 6.1.6 instead. And if you were looking for an indication of just how seriously Apple is taking this, the fact that they're supporting an iOS version that they are incredibly eager to phase out should be as good an indicator as any.


So far, though, you're out of luck if you're on OS X. The vulnerability is still there, and now that it's been widely publicized, bad guys are going to be keen to take advantage while they can. There's an unofficial patch floating out there, but please know that it's not for beginners.

Your best option in the meantime is to use Chrome or Firefox, which aren't affected on OS X. Also make sure you stay on secured networks, and if you do wind up on a shared network to play it smart (no financial info, no transactions, no personal details). That's a good rule of thumb generally, but especially important until this is made right.


Let's all just hope that a fix "very soon" means hours or days, not weeks.

Update: Regarding the timing of the OS X update, an Apple spokesperson has told us the following:

"We are aware of this issue and already have a software fix that will be released very soon."


Which echoes what had previously been reported by Reuters, but gives some hope that a release is imminent.

Top image credit: Twitter

MitM diagram: Wiki Commons/Miraceti



Note that this bug does NOT effect connections over TLS. Most sites should have made that switch years ago. More info on the difference between SSL and TLS is here. You can take a look at what protocols your favorite secure sites support by using this handy tool.

Also when putting a tin foil hat on, remember that this code has been published on Apple's open source page since it was released. It looks like a nasty copy and paste issue to me more than anything.

Bad? Without a doubt! Embarrassing? Certainly! Nefarious? Not so much.