German spyware exploits iTunes vulnerability
According to a report in Spiegel Online, "remote monitoring software" developed in Germany is designed to exploit a vulnerability in iTunes in order to infect target computers. In an advertising video, German company Gamma International GmbH is reported to have shown its FinFisher spyware application specifically using a vulnerability in the iTunes update system to install itself on target systems.
The exploit in question relies on the fact that, assuming Apple Software Updater is not active, iTunes uses an unencrypted HTTP request to query for the URL for the latest version of the program from the Apple server. Because the query is unencrypted, this URL could be modified. If a user were to respond to an iTunes update message, they could then be taken to a crafted web page intended to install the "remote monitoring tool" onto their computer. For the redirection to work, however, a Gamma customer would need to be able to actively interfere with the network, limiting its use to entities such as ISPs acting under government orders.
Once the spyware program is installed on a user's computer, it can, for example, monitor Skype conversations before they are encrypted by the Skype software. The German state-sponsored trojan developed by DigiTask offers similar functionality. Apple has already responded, modifying the latest version of iTunes, 10.5.1, released a week ago, to make use of HTTPS when making its request for the update URL.
Gamma has already been in the firing line this year – in March, secret documents came to light after the offices of Egypt's security services were stormed by protesters. The documents appeared to show that the company had offered its services to the Egyptian secret services. At that time too, FinFisher was making use of fake software updates.
According to Spiegel Online, the company was also present at the Cyberwarfare Europe conference held in Berlin, a showcase for "weapons" for conducting digital warfare. The company was scrupulous in ensuring that journalists left the room for its product presentations. According to the report, the list of delegates included government and business representatives from the United Arab Emirates, Indonesia and Malaysia.