Potential Mac privacy issues arise after server crashes



[ad_1]

As Apple released its new macOS operating system to the public yesterday, severe server crashes occurred that resulted in widespread download / installation failures of Big Sur, iMessage, and Apple Pay, but more than that. , even performance issues for users running macOS Catalina and earlier. We learned why this happened at a high level yesterday, now a security researcher has shared an in-depth analysis of his privacy and security concerns for Macs, especially those from Apple Silicon.

Shortly after macOS Big Sur officially launched for all users, we started to see reports of extremely slow download times, download failures, and in cases where the download was going, an error in the download. end that prevented installation.

At the same time, we’ve seen Apple’s developer website go down, followed by outages for iMessage, Apple Maps, Apple Pay, Apple Card, and some developer services. Then reports poured in about third-party apps on Macs running Catalina and previously not launching or crashing and other slow performance.

Developer Jeff Johnson was one of the first to highlight what was happening: a problem with Macs connecting to an Apple server: OCSP. Then developer Panic explained that it had to do with Apple’s Gatekeeper function verifies the validity of the application.

Today, security researcher and hacker Jeffry Paul published an in-depth review of what he saw happen and its associated privacy and security concerns in his article “Your Computer Isn’t Yours.” .

On modern versions of macOS, you just can’t turn on your computer, launch a text editor or e-book reader, and write or read without a log of your activity being transmitted and stored.

It turns out that in the current version of macOS, the operating system sends Apple a hash (unique identifier) ​​of every program you run, when you run it. Many people didn’t realize this because it is silent and invisible and it fails instantly and gracefully when you are offline, but today the server got really slow and it didn’t reach the path code fast, and everyone’s apps failed. to open if they were connected to the Internet.

He goes on to explain what Apple sees of the process:

As it does using the internet, the server sees your IP address, of course, and knows what time the request arrived. An IP address allows a rough geolocation, at the level of the city and the ISP, and allows a table which has the following headings:

Date, Time, Computer, ISP, City, State, Application Hash

This means Apple knows when you are home. When you are at work. What apps do you open there and how often. They know when you open Premiere at a friend’s house on their Wi-Fi, and they know when you open Tor browser in a hotel while traveling to another city.

Paul goes on to make the argument that many readers might think: “Who cares?” He responds to this by explaining that OCSP requests are not encrypted and that it’s not just Apple that has access to the data:

1. These OCSP requests are transmitted unencrypted. Anyone who can see the network can see them, including your ISP and anyone who has their cables plugged in.

2. These requests are made to a third-party CDN managed by another company, Akamai.

3. Since October 2012, Apple has been a partner in the US military intelligence community’s PRISM spy program, which grants the US federal police and military unrestricted access to this warrant-free data whenever they want it. ask. In the first half of 2019, they did this over 18,000 times, and even more than 17,500 times in the second half of 2019.

This data is a huge wealth of data about your life and habits, and allows someone who has it all to identify your movements and activity patterns. For some people, it can even pose a physical danger to them.

Paul mentions a few workarounds to prevent this tracking, but points out that these may be gone with macOS Big Sur.

Now it was possible until today to block this stuff on your Mac using a program called Little Snitch (really, the only thing that lets me use macOS at this point). In the default configuration, the coverage allows all of these computer communications to Apple, but you can turn off these default rules and continue to approve or deny each of these connections, and your computer will continue to function properly without you getting started. Apple.

The macOS version released today, 11.0, also known as Big Sur, has new APIs that prevent Little Snitch from working the same. The new APIs do not allow Little Snitch to inspect or block processes at the operating system level. Plus, the new rules in macOS 11 even hinder VPNs so Apple apps simply bypass them.

@patrickwardle let us know this trustd, the daemon responsible for these requests, is in the new ContentFilterExclusionList in macOS 11, which means it can’t be blocked by any user-controlled firewalls or VPNs. In his screenshot, he also shows that CommCenter (used to make phone calls from your Mac) and Maps will also leak beyond your firewall / VPN, potentially compromising your voice traffic and your information. future / planned location.

Paul points out that Apple’s new M1-powered Macs won’t work until macOS Big Sur and says it’s a choice:

you can have a fast and efficient machine, or you can have a private one. (Apple mobile devices have been doing this for several years already.) Unless you use an external network filtering device like a travel router / VPN that you can fully control, there will be no way to start a system. ‘operating on newer Apple Silicon macs that won’t call home, and you can’t modify the operating system to prevent this (or they won’t boot at all, due to hardware-based cryptographic protections).

He updated the post to share that there may be a workaround through the bputil tool but will need to test it to confirm it.

In conclusion, Paul said, “Your computer is now serving as a remote master, who has decided that he has the right to spy on you.

With Apple holding privacy and security as two of its core beliefs, time will tell if we see Apple making any changes around the issues highlighted when Big Sur launched.

You can find Jeffry Paul’s full article here.

FTC: We use automatic income generating affiliate links. More.


Check out 9to5Mac on YouTube for more information on Apple:



[ad_2]

Source link