This sounds like something out of a hacker novel. A company from the UK called Gamma International was found selling software to “foreign intelligence services” that used some kind of security hole in iTunes to spy on targets.
The hole has since been fixed, but this whole thing should give us pause. Using iTunes in cyberwarfare? Read on:
A reporter for a German magazine caught a British security firm boasting about how they can use Apple’s megapopular software to infect target computers with malware on behalf of foreign governments. At a booth this past September at Germany’s Cyber Warfare Europe conference, representatives from Gamma International UK showed how their FinFisher product service could insert spyware via iTunes at the request of intelligence, security, and police agencies worldwide.
The spyware takes advantage of an unencrypted HTTP request that is filed by iTunes when Apple Software Updater is inactive. Once installed on a user’s computer, the spyware program redirected users’ web browsers to a customized web page that pretended Flash was not installed on the user’s computer. The “Flash” that the web page would install was in reality a sophisticated piece of spyware that sent info on a user’s activities directly to foreign intelligence services.
It’s a great story from Fast Company magazine. Read the rest here.