toggle

AAPL Stock: 439.66 ( 0 )

http://www.macnn.com/articles/10/10/21/gaining.changing.access.may.be.too.easy/

FaceTime for Mac saddled with security vulnerabilities?

updated 10:45 am EDT, Thu October 21, 2010

 

Gaining, changing access may be too easy


The FaceTime for Mac beta -- released just yesterday -- has a pair of serious security vulnerabilities, reports suggest. If a computer is already logged into FaceTime, account settings in the app will notably display all of a person's associated data, including their birth date, security question and matching answer. This makes it trivial to hijack an account if an attacker already has access to a person's Mac.

Observers also point out that if someone logs out of FaceTime, their password remains entered in the password field, even after restarting the software. As a result, it becomes possible to quickly leap into another person's account. Because the Mac FaceTime client is still in beta though, Apple may already be working on fixing obvious security problems.




by MacNN Staff

Post tools:

TAGS :

 security, software, FaceTime

Related Articles

Recent Articles

toggle

Comments

  1. ebeyer

    Fresh-Faced Recruit

    Joined: Jun 2004

    +3
    10/21, 11:13am | report spam | (1 reply) Reply |

    iChat?

    Help me understand why this functionality wasn't simply rolled into iChat? Why have a whole separate app?

  1. vasic

    Fresh-Faced Recruit

    Joined: May 2005

    +2
    10/21, 11:16am | report spam | Reply |

    Simplicity

    iChat has grown a bit unwieldy. FaceTime is as simple on the Mac as it is on the iPhone/iPod.

  1. dogzilla

    Grizzled Veteran

    Joined: Sep 1999

    +10
    10/21, 11:29am | report spam | (1 reply) Reply |

    Is this really an issue?

    Both these "issues" require physical access to the machine. If I have physical access to your machine and 5 minutes, I'll own it and all the data on it. This is true of pretty much every single consumer computing platform out there. Before someone says anything about computer labs or library computers, let me point out that using those types of computers to log into any service that personally identifies you is equally vulnerable.

    Is there a remote component to any of these security vulnerabilities? It's getting harder and harder to separate out the useless "vulnerabilities" from actual points of concern - the situation is starting to become like the boy who cried wolf, and some discretion on the part of editors (here and in other mac-centric blogs) would be greatly appreciated.

  1. jdsonice@gmail.com

    Fresh-Faced Recruit

    Joined: Oct 2009

    +3
    10/21, 11:43am | report spam | (1 reply) Reply |

    Physical Access = Big Problems

    The only computer that is truly secure is one that is shut down and under a lock and key. Yes this is a security hole and as many have said, Apple should have never released the beta with this. Just remember that it is a BETA and you always use Beta software with some risks built in. Plus if someone has physical access to your machine - well good luck, you have a bigger problem to worry about.

  1. stainboy

    Fresh-Faced Recruit

    Joined: Sep 2005

    +7
    10/21, 11:56am | report spam | Reply |

    beta software

    news flash: FaceTime beta software is beta software.

  1. B9bot

    Fresh-Faced Recruit

    Joined: Dec 2008

    +4
    10/21, 12:18pm | report spam | Reply |

    Key point, attacker needs access to your Mac

    The key sentence here is "This makes it trivial to hijack an account if an attacker already has access to a person's Mac."

    So first the attacker needs access to your Mac. Point is mute unless you let everyone access your Mac. Hardly what I would call a big vulnerability. If someone already has access you better be smart enough not to let them be someone who wants to do bad stuff with the information on that Mac.

  1. vintagegeek

    Fresh-Faced Recruit

    Joined: May 2007

    -2
    10/21, 12:45pm | report spam | Reply |

    Oops!

    Beta---still perhaps a little too much exposure for a public beta. Can't wait to try the MAC Facetime anyway.

  1. hayesk

    Professional Poster

    Joined: Sep 1999

    +2
    10/21, 01:10pm | report spam | Reply |

    Interesting

    I was already to write a big diatribe about how anyone in an office could sneak onto your Mac while you were in the bathroom, launch FaceTime, and get all of your account data, including your secret password, and change your password.

    But then I thought, well, if FaceTime didn't have this problem, I could write my own app that grabs your password from the Keychain (this is what FaceTime does, it doesn't save it in its preferences), and get access to the same information. I could put that app on a USB stick and do the same thing.

    So, does FaceTime open up any new flaws? No, it just makes the existing flaw easier. The existing flaw being the user didn't lock his keychain when he left his Mac.

  1. SierraDragon

    Mac Elite

    Joined: Mar 2004

    0
    10/21, 05:24pm | report spam | Reply |

    It is a Beta...

    What part of "beta" do the editors not understand? The head should be re: a _beta_ security flaw.

  1. Fast iBook

    Fresh-Faced Recruit

    Joined: Mar 2003

    +1
    10/21, 08:27pm | report spam | Reply |

    iChat vs FT.

    iChat is based on the AIM network and the video/audio layer in AIM, FaceTime is based on wifi and client to client availability developed on iOS 4 for the iPhone 4. If "no one is home" the request times out after about 30 seconds. No one being home as in no wifi connected or wifi turned off or facetime disabled etc.

    - A

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News