14 DAY TRIAL // A remote monitoring software named FinFisher was recently shown by Gamma International GmbH, a controversial company that's known for developing spying software and suspected of aiding dictatorial regimes in keeping their citizens in line.
According to H-Security, the spy tool makes good use of a vulnerability in the iTunes update system to strategically place itself on a victim device.
On systems that don't enable the Apple Software Updater, iTunes utilizes an HTTP request that's not encrypted to find the latest version of the software on Apple's servers. Since the query is unencrypted, the requested URL could be altered and instead of being taken to an update site, the user can be redirected to any malicious location.
The software's developers rely on this to place their tool on the modified URL domain, the target site being programed to serve the monitoring application.
However, it's not as easy as it sounds, since the one that controls the spyware would have to be able to actively interfere with the network. This means that only ISPs are able to deploy the tool efficiently.
On the other hand, this could be great for countries obsessed with controlling their citizens or government authorities in search of criminals as these entities in most cases have the power to control ISPs.
Spiegel Online informs that the company was present at the Cyberwarfare Europe, an event that took place in Berlin. Given the fact that no press members were allowed during their presentation, one can only assume that some powerful cyber weapons must have been showcased.
Returning to the iTunes issue, the vulnerability that allowed for the spyware to function was already patched up by Apple with the release of the 10.5.1 variant, but that doesn't mean the tool became unusable. Once the framework is there, it can always be adapted to rely on other weaknesses found in popular applications.