toggle

AAPL Stock: 97.03 ( -0.16 )

Printed from http://www.macnn.com

FaceTime for Mac saddled with security vulnerabilities?

updated 10:45 am EDT, Thu October 21, 2010

Gaining, changing access may be too easy

The FaceTime for Mac beta -- released just yesterday -- has a pair of serious security vulnerabilities, reports suggest. If a computer is already logged into FaceTime, account settings in the app will notably display all of a person's associated data, including their birth date, security question and matching answer. This makes it trivial to hijack an account if an attacker already has access to a person's Mac.

Observers also point out that if someone logs out of FaceTime, their password remains entered in the password field, even after restarting the software. As a result, it becomes possible to quickly leap into another person's account. Because the Mac FaceTime client is still in beta though, Apple may already be working on fixing obvious security problems.






by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. ebeyer

    Joined: Dec 1969

    +3

    iChat?

    Help me understand why this functionality wasn't simply rolled into iChat? Why have a whole separate app?

  1. vasic

    Joined: Dec 1969

    +2

    Simplicity

    iChat has grown a bit unwieldy. FaceTime is as simple on the Mac as it is on the iPhone/iPod.

  1. dogzilla

    Joined: Dec 1969

    +10

    Is this really an issue?

    Both these "issues" require physical access to the machine. If I have physical access to your machine and 5 minutes, I'll own it and all the data on it. This is true of pretty much every single consumer computing platform out there. Before someone says anything about computer labs or library computers, let me point out that using those types of computers to log into any service that personally identifies you is equally vulnerable.

    Is there a remote component to any of these security vulnerabilities? It's getting harder and harder to separate out the useless "vulnerabilities" from actual points of concern - the situation is starting to become like the boy who cried wolf, and some discretion on the part of editors (here and in other mac-centric blogs) would be greatly appreciated.

  1. jdsonice@gmail.com

    Joined: Dec 1969

    +3

    Physical Access = Big Problems

    The only computer that is truly secure is one that is shut down and under a lock and key. Yes this is a security hole and as many have said, Apple should have never released the beta with this. Just remember that it is a BETA and you always use Beta software with some risks built in. Plus if someone has physical access to your machine - well good luck, you have a bigger problem to worry about.

  1. stainboy

    Joined: Dec 1969

    +7

    beta software

    news flash: FaceTime beta software is beta software.

  1. B9bot

    Joined: Dec 1969

    +4

    Key point, attacker needs access to your Mac

    The key sentence here is "This makes it trivial to hijack an account if an attacker already has access to a person's Mac."

    So first the attacker needs access to your Mac. Point is mute unless you let everyone access your Mac. Hardly what I would call a big vulnerability. If someone already has access you better be smart enough not to let them be someone who wants to do bad stuff with the information on that Mac.

  1. vintagegeek

    Joined: Dec 1969

    -2

    Oops!

    Beta---still perhaps a little too much exposure for a public beta. Can't wait to try the MAC Facetime anyway.

  1. hayesk

    Joined: Dec 1969

    +2

    Interesting

    I was already to write a big diatribe about how anyone in an office could sneak onto your Mac while you were in the bathroom, launch FaceTime, and get all of your account data, including your secret password, and change your password.

    But then I thought, well, if FaceTime didn't have this problem, I could write my own app that grabs your password from the Keychain (this is what FaceTime does, it doesn't save it in its preferences), and get access to the same information. I could put that app on a USB stick and do the same thing.

    So, does FaceTime open up any new flaws? No, it just makes the existing flaw easier. The existing flaw being the user didn't lock his keychain when he left his Mac.

  1. SierraDragon

    Joined: Dec 1969

    0

    It is a Beta...

    What part of "beta" do the editors not understand? The head should be re: a _beta_ security flaw.

  1. Fast iBook

    Joined: Dec 1969

    +1

    iChat vs FT.

    iChat is based on the AIM network and the video/audio layer in AIM, FaceTime is based on wifi and client to client availability developed on iOS 4 for the iPhone 4. If "no one is home" the request times out after about 30 seconds. No one being home as in no wifi connected or wifi turned off or facetime disabled etc.

    - A

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena al ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

D-Link Wi-Fi Smart Plug

Home automation fans have been getting their fair share of gadgets and accessories in the last few years. Starting with light bulbs, a ...

toggle

Most Commented