A remote monitoring software" developed in Germany is designed to exploit a vulnerability in iTunes in order to infect target computers. An IT monitoring company advertises its ability to distribute spyware software for government agencies using fake iTunes updates. Apple iTunes has been rectified and closed a security hole. The exploit in question relies on the fact that, assuming Apple Software Updater is not active, iTunes uses an unencrypted HTTP request to query for the URL for the latest version of the program from the Apple server. Because the query is unencrypted, this URL could be modified. If a user were to respond to an iTunes update message, they could then be taken to a crafted web page intended to install the "remote monitoring tool" onto their computer. For the redirection to work, however, a Gamma customer would need to be able to actively interfere with the network, limiting its use to entities such as ISPs acting under government orders.
iTunes update to play Trojans :-
Unlike their Italian rivals of the company hacking team, which campaigned in Berlin also to new customers, the gamma-people even ensures that journalists had to leave before the presentation of their "Managing Directors" the hall. The fear has obviously good reasons: Gamma seems to operate at FinFisher dubious methods - that suggests marketing material SPIEGEL has obtained. After that, the authorities offered and government software works similarly to that of computer criminals who should be fought with it.
Apparently, it is clear from FinFisher promotional videos, for example, the software uses Apple's popular iTunes media supermarket to load with a fake software updates FinFisher-sniffing software on the computers of suspects.
The demand for surveillance technology for the Internet, such as the Gamma International Ltd. and hacking demonstration team in Berlin and they peddled, has risen significantly in recent years internationally. Security agencies worldwide are faced with the problem that increasingly suspicious encrypted communication over the Internet. Agreements, the suspects met earlier on relatively simple to intercept landline telephones or mobile phones to run, now increasingly encrypted Internet telephony services like Skype or encrypted computer chat. Authorities often get only with how to arrange suspects via cell phone to the next encrypted chat.
This issue promises companies like Gamma International Ltd. and hacking team to solve. However, this kind targeted surveillance measures are not easy to implement: Listening encrypted communication is only possible if it occurs before encryption. This software must be installed, the conversations, emails or chats ausleitet unnoticed on the computers of suspects - unencrypted to the security authorities. In plain English: the authorities have to hack into the computers of suspects.