so my iTunes has been hacked - key logger?

Discussion in 'iMac' started by tommy060289, Feb 29, 2012.

  1. tommy060289 macrumors regular

    Joined:
    Jun 20, 2011
    #1
    Hey everyone,

    yesterday I received an email from apple mentioning suspicious activity on my account and when I logged into iTunes I had near enough all of the £80 credit I had on there stolen!

    Someone has logged in and bout 2x applications at £34.99 each (they were mandarin so no idea of name) and some in app purchases.

    I have since cancelled my debit card and fortunately Apple has refunded me the money but now Im worried how they got my password.

    I have not been 'phised' so the only thing I can think of is:

    a. brute force attack (I wouldn't think this would work against Apple)
    b. Apple's server was hacked (again seems unlikely but you never know!
    c. I have a key logger on my iMac (which worries me the most)

    how can I check if there is anything dodgy on my iMac. I have checked activity log but to be honest I wouldn't know what to look for anyway! Until Im convinced my computer is safe I'm wary about typing any passwords in here.

    Anyone else been a victim of iTunes hacking?

    Cheers,

    Tom
     
  2. BasilFawlty macrumors 6502

    BasilFawlty

    Joined:
    Jun 20, 2009
    Location:
    New Mexico
    #2
    Do you access via iPhone? This was from a friend:

    "BARCELONA, MOBILE WORLD CONGRESS 2012 — Last night I was treated to a security demonstration. Cryptography Research director Pankaj Rohatgi pointed a cheap, standard TV antenna at an iPod Touch several feet away, running standard RSA encryption operations.
    On the screen of his oscilloscope was a sound-wave generated by his custom software showing distinct troughs at semi-regular intervals. These troughs, and their accompanying flattish peaks, represented the ones and zeroes of the private keys used in every secure communication we make today, sucked right from the iPod. With no further cracking required, all of your private operations can be read as if in plain text.
    How is this done? From the electronic noise generated by every microchip as it goes about its processing duties.
    It’s called a side-channel attack, and unless your software defends against it, every computing device is vulnerable. There is one ray of light, though: The hacker needs to be very close. The Radio-Shack-style antenna used by Rohatgi can sniff patterns from a few feet away. Using more expensive, specially-tuned equipment could extend that range. Not enough for remote cracking, but enough to steal your details in a largish room.
    Side-channel attacks work thanks to a weakness in ECC and RSA private key operations. These are at the heart of encryptions like the SSL connections between you and your bank’s website, for example. When they crunch together the numbers in your keys to perform encryptions, RSA software typically uses a sequence of multiplications only, or multiplications and square operations combined. Each of these causes the chip it is running on to emit a different electrical signal. And these signals show the ones and zeros of the key, so plain that even I could see it on the screen.
    Just by measuring the signals, you can break a key almost instantly. Scary. And it will crack a notebook or an iPhone: they’re all the same.
    So how can this be fixed? The software has to be re-written to hide these peaks and troughs, doing the math in a way that doesn’t reveal the key through the act of processing it. This can be done by individual developers, or it can be done at the OS level. Clearly it would be better to have Apple bake this into iOS, protecting everything.
    Don’t worry too much, though. The majority of crypto hacking goes on over the internet, sniffing at the transactions you make every day. That makes you feel a lot better, right?"
     
  3. paulrbeers macrumors 68040

    Joined:
    Dec 17, 2009
    #3
    Yeah it could be that, or it could be the way 99% of the world hacks people's accounts: using a program that just cycles through passwords until it "gets it right".

    Since they were Mandarin programs, I'm going to guess my theory is correct because I doubt someone in China is able to pick up microscopic waves coming off an iphone/ipod Touch from around the globe. Just saying....
     
  4. tommy060289 thread starter macrumors regular

    Joined:
    Jun 20, 2011
    #4
    So do brute force password hacks still work then. I'd have thought modern servers stopped this just by sensing repeated incorrect password entries?
     
  5. BasilFawlty macrumors 6502

    BasilFawlty

    Joined:
    Jun 20, 2009
    Location:
    New Mexico
    #5
    My own server (Leased) does just that. After X failed attempts within Y time frame, the offending IP is added to my firewall. Also, I get an email on my iPhone of the attempt with a link I can click if I want to add the whole CIDR Mask to teh fire wall (for example, if IP 218.25.36.82 makes X attempts and fails, that specific IP is added, but I get an email where, with the click of a link, I can add 218.25.36.0/24 or even 218.25.0.0/16 to the fire wall. Works great.

    ----------

    I agree - your scenario much more likely - but just the fact that security on an iPhone could be compromised so easily with COTs equipment is a little disconcerting.
     
  6. Kendo macrumors 68000

    Joined:
    Apr 4, 2011
    #6
    Same happened to me. Check my thread from a few days ago.

    http://forums.macrumors.com/showthread.php?t=1329134
     
  7. eightclicks macrumors newbie

    Joined:
    Feb 11, 2012
    #7
    The most likely possibility is that you share passwords between some online accounts. If a site gets hacked and it stores user passwords in plaintext, badly encrypted, or with a bad salt, it's exceedingly easy for the hackers to retrieve those passwords.

    Now let's say that you used the same password for forums.example.com as you did for your email account, your itunes account, or your paypal account. The hackers have the email address you used for that account as well as the password you used there, so it's a piece of cake to check if your email account uses the same password (if it does, they have all your online accounts), or if there are itunes, paypal, wow, etc. accounts using the same email/username and password combination.

    If you indeed didn't get phished and had a fairly strong password, this is almost certainly what happened.

    Automated password guessing (like brute forcing, but it only tries a few of the most popular passwords) is the main way people steal accounts, followed by phishing, followed by stolen password databases, followed by malware.

    So if you use decent passwords, avoid phishing sites, and don't download untrusted software, the biggest danger is the combination of a shared password and a compromised database at some hapless site of which you happened to be a member.

    Rigorous brute forcing is hardly ever done anymore, since it requires tons of proxies/bots to deal with IPs getting blocked after a few attempts. So unless your password is "Pa$$w0rd1" or something like that, that's not a likely scenario. But keep in mind that a superficial guessing attempt might also take a few jabs at the "secret" questions/answers protecting your accounts - and people tend to use even weaker things for that than they do for passwords.
     

Share This Page