Apple Inc. SSL/TLS Bug Links to Snowden
Apple Inc. SSL/TLS bug could be what U.S. intelligence agents were boasting about as documents leaked by Edward Snowden mentioned about agents saying they can hack any iPhone and that this is a fact that was not exposed in public.
According to researchers who examined versions of Apple's software, Apple Inc. SSL/TLS bug had been present for months and that people who had learned about the flaw chose not to report it, Reuters reported.
It did not help that Apple Inc. was elusive about when or how it discovered the security flaw which affected iOS and Mac OS.
The SSL/TLS bug was so anomalous that security experts were criticising Apple Inc for its failure to do thorough software testing. Experts were theorising that an Apple Inc. engineer might have intentionally created the bug to spy or hack on users.
Some intelligence people meaningfully said that the best of "back doors" were created by "mistake."
Johns Hopkins University cryptography professor Matthew Green told Reuters that Apple Inc. SSL/TLS bug was "as bad as you could imagine."
Mr Green refused to elaborate, "that's all I can say," he said.
The trouble with SSL/TLS Bug was the software's recognition of digital certificates which banking sites, Google's Gmail service, Facebook etc utilise in establishing encrypted connections.
The one single line in the programme and an absent bracket were proofs that certificates, supposedly recognised by the SSL/TLS, cannot be authenticated. As a result, hackers can masquerade as the Web site being surfed by those browsing the internet. Hackers can then acquire all the electronic traffic before a connection to the real site can happen.
Aside from intercepting data, hackers can also interleave malicious web links in real emails, taking full control of the device being hacked.
Hacker can easily gain access to targeted devices simply through connecting to an internet service provider or through unsecured WiFi connections.
Apple Inc refused to comment about the experts' theories.
On the other hand, Adam Langley, a Google engineer who had dealt with similar issues in the past, believed that Apple Inc. had no intentions of creating the flaw.
"I believe that it's just a mistake and I feel very bad for whomever might have slipped," he wrote in a personal blog.