Local Discovers iTunes ID & Password Disclosure on Apple TV

appletv_smallsizeLocal David “@DarthNull” Schuetz continues to make the headlines in all things Apple. Before it was the discovery of the source of the UDID leak (a.k.a., BlueToadGate); now he has found a password disclosure flaw in recent firmware versions for the Apple TV. It all started with David trying to hack back the “Add Site” feature Apple recently restricted. He tried several unsuccessful techniques but then came across the newer Touch Setup capability. In investigating this feature David found his iTunes ID and password written in clear text to the logs. See the story from CSO Online below but be sure to check out the full details on the Intrepidus Group blog  and view the report on Full Disclosure.

via CSOOnline.com

Not long after the update to fix the goto fail SSL issue with iOS came out we’re greeted by a new update. Enter, iOS 7.1. One interesting piece that I noticed is that there is a password disclosure problem with the Apple TV.

The problem is in the Apple TV applications. Detailed data is written to the log file which includes hex of the configuration including wifi and iTunes passwords in clear text.

The issue was discovered by David Schuetz of the Intrepidus Group.

Continued here.

#####

Today’s post pic is from Apple.com.

4 comments for “Local Discovers iTunes ID & Password Disclosure on Apple TV

  1. March 14, 2014 at 1:04 am

    .@novainfosec: Local Discovers iTunes ID & Password Disclosure on Apple TV https://t.co/ybmfu8MJTp

  2. March 14, 2014 at 1:04 am

    .@novainfosec: Local Discovers iTunes ID & Password Disclosure on Apple TV https://t.co/ybmfu8MJTp

  3. March 14, 2014 at 2:00 am

    BLOGGED: Local Discovers iTunes ID & Password Disclosure on Apple TV http://t.co/GmGoFMpdyI

  4. March 14, 2014 at 6:06 am

    Local Discovers iTunes ID & Password Disclosure on Apple TV http://t.co/jgNvE9xkEJ

Leave a Reply

Your email address will not be published. Required fields are marked *