BleepingComputer.com: Known iTunes Flaw Used By Governments To Spy

A British company called Gamma International marketed hacking software to governments that exploited the vulnerability via a bogus update to iTunes... The hacking software, FinFisher, is used to spy on intelligence targets’ computers... Apple was informed about the relevant flaw in iTunes in 2008, according to Brian Krebs, a security writer, but did not patch the software until earlier this month, a delay of more than three years.

Read more:
http://www.telegraph.co.uk/technology/apple/8912714/Apple-iTunes-flaw-allowed-government-spying-for-3-years.html
http://www.itproportal.com/2011/11/25/apple-takes-three-years-fix-security-flaw-itunes/
http://www.zdnet.co.uk/blogs/communication-breakdown-10000030/apple-took-years-to-fix-itunes-spyware-vulnerability-10024873/
http://www.redorbit.com/news/technology/1112429000/law-enforcement-accused-of-using-itunes-security-flaw-to-spy/

I wonder if this would have spread like it did if they removed the word government from the titles of the articles and from the articles themselves. I bet you that it wouldn't because in this anti-government world anything anti-government gets spread like wild fire.

Just my opinion.

Won't be using Itunes anymore or any Apple product, can't be trusted and it's dodgy.

killerx525, on 27 November 2011 - 04:21 PM, said:

anyone can insert: Flaw in {product name here} allows government to spy on the people who use them. You should be more concerned about the hardware you use and where it comes from then software. Most of the computer hardware we use comes from countries and nations that are currently actively attacking the US Infrastructure to find weaknesses. All it would take would be a SSD type device implanted to record and send out audio transmissions to foreign dignitaries who would then use that information to attack us further and deeper.

So for your argument and statement to ring true you would have to stop using electronics all together.

well said cryptodan. Only, its still not entirely possible-because were around computers every day. I mean, how do we know the traffic cameras arnt transmitting information to china? it gets a bit insane, a certain level of paranoia is healthy, but theres a point where it goes to far. I mean seriously, oh wow apple had this bug that allowed the government to spy on certain people. First off its not apples fault-I mean the bug was there but bugs exist in any software, and it was the government that exploited it. Now, sure apple could have fixed it sooner, so technically shame on apple, but on the other hand, why would they spy on you? or most of us? Unless your doing something blatantly illegal, the government has no reason to want to spy on you. and even then it better be something big like terrorism, even if you use your phone to record and pirate movies, thats still pretty small fish in the big scheme of things.

cryptodan, on 27 November 2011 - 09:58 AM, said:

Governments, many people forget, are our servants, not our masters. We entrust them with great powers; powers which will be, and have been, abused if not restrained by the vigilance of the people. History, back to the earliest nations and all the way up through today, is replete with oppressive and totalitarian governments. This dark catalog of human crime which we call history has rightly made those who study it wary and mistrusting of those who would seek to repeat it, even if only through their ignorance. The argument that 'those who have done nothing wrong have nothing to hide' ignores the existence of the intrinsic rights due to every human being: the personal sovereignty which no government may encroach upon without just cause; it sits in stark contrast to the reality which history reveals, a history of protecting the servant at the dire expense of the masters.

Apple, through its failure to act, has condoned and contributed to these sorts of abuses. They abandoned their duty to their customers, and worse their duty to do what is right. They have demonstrated that they are not to be trusted, and the negative press they receive is punishment for this.

Would this story be so widely disseminated if no governments were involved? Probably not. But the rapid spread of the story speaks not, I think, to the prevalence knee-jerk anti-government reactionaries but rather to the widely acknowledged significance of government involvement.

This post has been edited by Andrew: 28 November 2011 - 02:55 AM

Then Andrew, I question the sources who released this information in a time where there is much anti-government sentiment in the world due to the economic times? Why did they not release this information or publish these stories when that researcher found out about it. Is it for them to release the information instantly instead of a time when there so much hatred for the Government which is evident in the Occupy Movements? 3 years ago would have been ample timing instead of now.

Also I am a strict believer in keep your nose clean and the government wont have anything to provide "Just Cause or enact Due process on you". That has come back since I joined the Navy.

Just cause you are a person doesn't make you immune from the Government. At any point in time my communications can be tapped via my phone, my internet, my dealings of private nature? But you know i got nothing to hide, and if I did I would lose my job and go to prison for a long long time.

That is my 2 cents.

The motivations of the person who brought the story to light are not germane to the discussion over whether what Apple did (or did not) was right. Neither is the fact that worldwide people are expressing their dissatisfaction with their governments and the economic and political hegemony of the super-rich. Government in general is indeed the subject of much derision these days, but this state of affairs did not develop in a vacuum. Dissatisfaction on the scale of the Occupy Movement does not arise without legitimate complaints against the system which have not been redressed through less extreme measures.

You return again to the argument that having done nothing wrong is ample protection against government surveillance when we know for a fact that this is not so. What of the NSA wiretapping of US citizens without a warrant? What of New York City police surveillance and arrest members of targeted political groups preceding the 2004 RNC and similar actions by the London police during the 2009 G20 summit? Or the EU's INDECT program? Or the 1.9 trillion entry database of phone calls maintained by the NSA? The FBI's Carnivore? These are just a few of the various instances of governments abusing their police powers. And these governments are supposed to be the good guys. Governments in general have a poor track record when it comes to respecting due process or adhering to the requirement of there being a just cause for surveillance.

And what about the not-so-good-guys? The governments around the world that actively and violently oppress their citizens? Apple's failure to act may have had lethal consequences for their customers in these nations.

This post has been edited by Andrew: 28 November 2011 - 02:31 PM

I haven't used any Apple software since QuickTime decided that it was capable of opening all file types, not just multimedia files. It set itself as the default program to open PDF files, Microsoft Office documents, all text document formats, and all compressed archive formats along with all multimedia files.

Here's the rub, Apple has a near monopoly on Personal Media Players, their iP(ad/od/hone) pretty much requires iTunes, (I've personally tried a few *nix alternatives and found none really work as decently, it's sad when the proprietary software is just as broken as day one Open source projects). The fact that it has taken 3 years to fix what is a major security flaw after being notified about it, is unacceptable.

As for the government spying on me, yeah I know they do it. I bought enough materials to make high explosives last year to potentially take over a second world country, what'd I do with it fertilized corn, wheat, and soy fields (and reloaded a couple thousand rounds of 45ACP, .30-06, and .243) Yeah that recipe was given out in pamphlets at every Ag-fair between 1950 and 1970, everyone and their brother knows it. Point, everything has an alternate purpose and the government watches for the little arrows to line up and in most cases they never do (even if the person is planning something).

That said why dont people just uninstall "Bonjour" (Apple's updater) and uncheck the box in Preferences for "check for updates automatically".



and yes the "Patriot" Act needs to die.