Skip to main content

Apple Touch ID Vulnerability Could Have Let Attackers Hack iCloud Accounts

Apple Touch ID Vulnerability Could Have Let Attackers Hack iCloud Accounts

Security researcher of security firm Computest discovered the flaw in Apple's implementation of TouchID (biometric feature) that authenticated users to log in (particularly those that use Apple ID logins) to websites on the Safari browser.

The security researcher reported the flaw to Apple and the company addressed the flaw in a server-side update. 

Apple Touch ID Authentication Flaw

When users try to sign in to any site (require an Apple ID), a prompt is showed to authenticate the login using Touch ID (biometric). After login through Touch ID, it skips the 2FA (Two-Factor Authentication) step. 

While during login to Apple sites (www.icloud.com) with the standard way with an ID and password, the site embeds an iframe pointing to https://idmsa.apple.com (Apple's login validation server), that handles the authentication task. 

Apple Touch ID Vulnerability Could Have Let Attackers Hack iCloud Accounts

This iframe URL also contains two other parameters :

1. client_id identifying service
2. redirect_uri  URI to be redirected to after successful authentication

The iframe is handled differently while authentication through Touch ID, it communicates with the akd (AuthKit daemon) to handle Touch ID and after that fetch a grant_code token, that's used by icloud.com to continue the login task. For that, akd (AuthKit daemon) communicates with an API on "gsa.apple.com".

Security researchers discovered the flaw in the above mentioned "gsa.apple.com" API. Because of this flaw, it's possible for hackers to exploit those domains to verify a client ID (without authentication).

The akd (AuthKit daemon) includes client_id and redirect_uri while submitting data to it. Still, it didn't check the redirect URI matches with the client ID or not. All domains end with "icloud.com", "icloud.com.cn", and "apple.com" were allowed.

So, hackers could exploit an XSS flaw on any one of Apple's subdomains to execute a malicious Javascript code that can trigger a login prompt using the iCloud client ID and use the grant_code token to receive a session on icloud.com

Let's discuss some other scenarios. An attacker could set up malicious hotspots to compromise iCloud accounts.

Ex. an attacker embedded Javascript code on the site which showed prompt when the user first time connects the Wi-Fi network via "captive.apple.com". And attacker access the user's iCloud account if the user accepts a Touch ID prompt from that site.

If attackers set up a malicious hotspot at an airport, train station, or hotel then it is possible for an attacker to gain access to more numbers of iCloud accounts that allow access to backups of videos, images, location, and much more.

If you have any questions related to the Apple Touch ID vulnerability and also want to share your views on this vulnerability then please mention in the comments box and I will get back to you.
Labels:

Comments

  1. https://socialexperience.org/January 2, 2021 at 9:22 AM

    I noticed that your have a Twitter account, you can buy Twitter followers here but they also let you buy instagram likes for your photos

    ReplyDelete
  2. https://ljmedia.org/January 3, 2021 at 6:31 AM

    Great read and will share this, to be seen more you can look for a Twitter Promotion or buy instagram followers as that always helps my posts.

    ReplyDelete

Post a Comment

Popular posts from this blog

How To Check If a Link Is Safe To Click

Many times, we share links among our friends on social media platforms like WhatsApp, Facebook, Instagram or Twitter. But do we know how safe they are? What can happen if you click on any malicious link? We never think of the following things : Links can drop various harmful programs, viruses on your device Links can steal your personal data by dropping spyware or keyloggers Use your browser for crypto mining which will affect your device's performance Even if your device is secured with antivirus, not all of them warn you before clicking such malicious links . And the moment you click on these, they will become big trouble for you. This can sometimes even be dangerous with regard to data security and identity theft. So, Be careful about what you click on. These days one of the quickest growing security issues is ransomware , which is often spread by the user unintentionally clicking dangerous links in emails, social media platforms, messengers, and other tool
145 comments
Read more

How To Enable WhatsApp Fingerprint Lock Feature on Android

WhatsApp has officially rolled out the fingerprint lock feature for all the Android users. Most of you may already have been doing it for the last few years with the help of third-party app lockers for adding more security. Keeping that in mind and to make the process quicker and safer at the same time, WhatsApp has now launched this new fingerprint lock feature so that you can open the app by your fingerprint. It means that regardless of whether the phone is opened, others won't have the option to gain access to the messages without your fingerprint. So, you can now secure your WhatsApp conversations with an extra layer of biometric security . With this step, WhatsApp is finally offering biometric authentication to the Android app, while iPhone users enjoying both the Touch ID that is the fingerprint recognition and Face ID that is the facial recognition since the month of February 2019. WhatsApp is also giving more options with the new fingerprint lock featur
50 comments
Read more

TikTok Secretly Sent Users Private Data & PII Number to Chinese Server Including Draft Videos

The popular Android and iOS short-videos creating app, TikTok hit with a lawsuit claims that the app illegally and secretly transfers app's users' private sensitive data and Personally Identifiable Information (PII) to Chinese servers. TikTok which is a 15-second short-video creating app especially popular among the younger generation and also downloaded over 1.3 Billion times worldwide . TikTok remains top in the most downloaded app list for months on the Apple App Store and Google Play Store.  According to the lawsuit, Tiktok shared the user's created videos which include private acts and closeups of user's faces (biometric data) before the videos are saved on the app. TikTok provides many options includes the next button, close button, and button for effects to its users while recording the video. Here, the next button takes users to the screen that shows these two options : "post" and "save".  After clicking on the "next" button, Tik
76 comments
Read more