Using Gmail from Your iPhone Turns Out to Be Dangerous

Using Gmail from Your iPhone Turns Out to Be Dangerous

Lacoon Mobile Security has warned Gmail users with iOS devices that using Gmail from iPhone turns out to be dangerous, as they could be at great risk of having their data stolen. It seems that Gmail’s vulnerability allows attackers to use a Man-in-the-Middle (MitM) technique to impersonate a legitimate server using a fake SSL certificate.

This happened because Google has yet to implement a security technology that would eventually stop attackers from viewing and modifying encrypted communications exchanged with the Web giant, explained Avi Bashan chief information security officer for Lacoon Mobile Security, based in Israel and the U.S.

In case you were wondering, Lacoon was founded in 2011 by “experts from the mobile cyber security and defense industries to address the gaps in mobile security, ” according to their own presentation, from their official blog. As far as their name is concerned, Lacoon was a Trojan priest, the only one who warned the Trojans about the potential danger in the wooden horse offered to the city by the Greeks.

How Does the Attack Take Place?

First of all this prevention method is called certificate pinning, where the app developer codes the intended server certificate within the app. This means if communication is re-routed, the mobile app will recognize the inconsistency between the back-end server certificate as coded within the app, and the certificate returned from the fake server.

“In iOS, a threat actor can install a configuration profile which contains the root Certificate Authority (CA). The configuration profile is an extremely sensitive iOS file which allows to re-define system functionality parameters such as device, mobile carrier and network settings,” Bashan explained.

On the other hand, certificate pinning has aleready been implemented on the Android applications. Could this be an innocent mistake? Bashan said this was probably just “an oversight” by Google.

“Several months after providing responsible disclosure, Google has not provided information regarding resolution and it still remains an open vulnerability. This vulnerability leaves iPhone and iPad users at risk of a threat actor being able to view and modify encrypted communications through a Man-in-the-Middle attack”, says Michael Shaulov, CEO and co-founder of Lacoon Mobile Security.

It seems that Lacoon’s research team first informed Google about this problem on 24 February. Google on the other hand recognized the flaw and validated it. According to Lacoon, he was assured that Google was going to fix this issue. The vulnerability still exists to this day.

In the meantime, enterprises are encouraged to check the configuration profiles of devices to ensure they don’t include root certificates, ensure that a secure channel like a VPN is used when accessing corporate resources, and perform network and device analysis to detect MitM attacks.

What does an Attack for iOS Look Like?

The threat actor performs the following steps: First of all, it tricks the victim into installing a configuration profile containing the root certificate and the details of the server to reroute the traffic to (Note: to do this, a threat actor can use a variety of social engineering methods such as sending an email, purportedly from the IT department, requesting to install the configuration profile.)

Afterwards the actor re-routes the victim’s traffic through the server under the threat actor’s control, defined by the malicious configuration profile.

After that it creates spoofed certificates that are identified as valid by the victim’s device, followed by it’s intercepting all traffic between the attacked device and the intended server.

In a nutshell, using Gmail from your iPhone turns out to be dangerous after all. As far as previous similar experiences are concerned, it appears that this issue had been raised before. For instance, following Facebook’s $19B acquisition of WhatsApp, researchers found that WhatsApp had never used certificate pinning.

Apple Glass Electronic Devices Coming Soon

Mirror Mirror on the Wall, Is My Mac Made out of Glass As Well?1

This week, patent No. 8,773, 848 for the revolutionary Apple glass electronic devices was approved by the U.S. Patent and Trademark office. According to AppleInsider, the 29-page application contained several drawings; some of them representing not only the shape of an iPhone, but also the shape of external hard drives as well. Basically any Apple device should be provided with such an appealing glass shell.

For instance Apple presented a sketch of a media player with an all-glass housing, provided with either a colored or a transparent rear surface. “An electronic device [which] may have a glass housing structures. The glass housing structures may be used to cover a display and other internal electronic device components. The glass housing structure may have multiple glass pieces that are joined using a glass fusing process,” as explained in the patent.

What to expect from the upcoming Apple glass electronic devices

These shapes for Apple glass electronic devices are designed to be lightweight, yet very resistant. The fabrication process consists of fusing glass pieces together by heating them at high temperatures thus making joint lines almost invisible.

“Multiple planar glass members may be fused together to form a five-sided box in which electronic components may be mounted… Opaque masking material and colored glass may be used to create portions of the glass housing structures that hide internal device components from view.”

The inventors named on the patent are Peter Russell-Clarke, Michael Pilliod, and Apple’s design chief Jonathan Ive. The latter was considered by Steve Jobs to be his “spiritual partner at Apple.” On the other hand, he stated in March 2014 that Jobs was his “closest friend”, a person he finds it “odd and tough to talk about”, probably because “it doesn’t feel that long ago that he died.”

Ive is responsible for designing many of Apple’s products such as MacBook Pro, iMac, MacBook Air, iPod, iPhone, iPad and iOS 7. He has received a lot of recognition for his talent. For example, in1999, Ive was named by the MIT Technology Review one of the top 100 innovators in the world under age 35. In 2004 the BBC named him the “Most Influential Person on British Culture”. In 2003, he was the winner of the first ever Design Museum’s Designer of the Year Award.

This is not the first time Apple has made a play for glass incorporated in their devices. In 1998, the iMac “G3″ is still famous for its plastic transparency and color. It was the first desktop that had its components, the monitor and the computer drive incorporated into the same device. “It’s certainly possible that we could see an all-glass iOS or Mac device someday. I wouldn’t rule out anything with Apple. But I wouldn’t expect this type of product any time soon based on a single patent filing,” said analyst Brian Colello.

Nevertheless this is not a particularly unusual thing for Apple. Glass has also been used for both iPhone 4 and 4S. They were provided with glass front and back panels with metallic edges. However this didn’t seem the best idea for them as they gave it up for iPhone 5 and 5s, which were built mostly out of metal with just a few glass panels. Not to mention the 5C with its appealing, yet not so successful plastic shell.

The Cupertino, Calif., company is known for its high-caliber product design and sudden changes of style. For their next iPhone model, that’s expected to be released this fall, it is said Apple will use metal along with an extremely durable screen made out of “sapphire crystal glass.” What’s known for certain, among other things, is the fact that iPhone 6 will be provided with a screen diagonal of 4.7 inches.

Did Tim Cook Announce an iWatch Voice Messaging Feature?


The rumors about Apple’s upcoming smartwatch abound and in early July a brand new one hit the proverbial mill: Steve Milunovich, analyst, USB, met up with Tim Cook, who hinted at an iWatch voice messaging feature. The encounter between the two took … [Continue reading]

Leaked Video of a Thinner iPhone 6 Surfaces in China


Since we’re as excited as everyone else about rumors surrounding the upcoming new flagship phone from Apple , we’re happy to let you know that early July brought us a brand new leaked video of a thinner iPhone 6. You can watch the video here, on a … [Continue reading]

4 Reasons Your Mac Is Running Slow (with Solutions!)


Figuring out the reasons your Mac is running slow can literally be a threat to your sanity. After all, Macs should be fast and sleek, right? That’s a big part of the reason for which you chose not to buy a PC, isn’t it? Unfortunately, try as you … [Continue reading]

5 Things You Had No Idea your Mac Can Do

d 3

Did you ever want to save the world with your computer? With the Mac it is possible! Although it is considered that Macs and other Apple products are designed for the elitist, the truth is that Macs have several neat features that justify their … [Continue reading]

7 Things You Definitely Didn’t Know about Apple & Macintosh

c 4

On January, 24, 2014, the Apple Macintosh celebrated its 30 years of existence. It’s been a long run from the very first computer, to the incredible range of products (including smart-phones, quad-core desktops and tablets) that we know today. Over … [Continue reading]

The 21-inch 1.4Ghz Core i5 iMac Full Review

b 2

Apple is well known for its incredible devices that also come at outstanding prices. While it may be true that prices are slightly over the average, the products that they manufacture are also some of the best on the market. The same rule applies to … [Continue reading]

iPhone 6 Update: Price, Release Date and Features

a 3

The iPhone 5S and iPhone 5C were merely updates to the previous iPhone models. This means that there is a lot of pressure heaped on the brand new iPhone 6, which is expected to be released later this September. As would be expected with Apple … [Continue reading]

Apple’s Smarthome Rumor Roundup

Apple Worldwide Developers Conference

This month Apple announced some specifics about their smarthome project, at the WWDC (World Wide Developer Conference) 2014 held in San Francisco. Apple’s CEO Tim Cook and Apple’s senior vice president of software engineering, Craig Federighi, … [Continue reading]