27 C
Mumbai
Wednesday, September 30, 2020
Tel: 8850717892

Critical ‘Sign in with Apple’ That Hijack Anyone’s Account

Home Security Awareness Critical 'Sign in with Apple' That Hijack Anyone's Account
- Advertisement -

Must Read

The Cove, San Francisco’s Waterfront

A waterfront is the aesthetic part of the town, which is bordered by the sea or river. These are...

Prefabrication is the Future of Architecture

Prefabricated technology is considered to be the future of architecture. This method although being new in the industry has...

Connected City Streets leads to Healthy Communities

An Overview: Cities around the world are rediscovering the values of walkable and bikeable streets. Cities like Oakland, California, Amman,...
Prashant Singh
Prashant Singhhttps://www.hackthebow.com
Prashant is a student of Computer Science and Engineering at NIT Allahabad. He is also a web pentester and cybersecurity analyst. He may be an introvert and sociable person at the same time. He loves meeting new people and he is in a journey to explore himself. Currently working as a content writer at BLARROW.TECH.

Context

Apple is considered as the most secure and reliable support system. Although, from the last few years, it has been a potential target for cyber crooks. An Indian stack developer and bug bounter “Bhavuk Jain” in April discovered a dangerous vulnerability on Apple’s interface. The vulnerability was potentially able to take over the user accounts. The vulnerability used Sign in with Apple service as a mediator between third-party applications. The bug didn’t implement additional security measures.
On a bug bounty program, Apple recently paid India bug bounty researcher Bhavuk Jain an enormous $100,000 bug bounty for proclaiming a highly perilous vulnerability concerning its ‘Sign in with Apple‘ service. As of now, the vulnerability has been patched. In its initial stage, the vulnerability had allowed remote intruders to bypass user authentication and potentially take control over Apple users’ accounts on third-party services. Besides, it had also targeted the apps that have been registered using ‘Sign in with Apple’ option provided on its web service.

Sign in with Apple

Sign in with Apple’s feature was launched last year at Apple’s WWDC conference. The main objective of this campaign was to protect privacy by preserving login authenticity. The newly introduced service allowed users to integrate their Apple accounts with Third-party apps without disclosing their actual Apple IDs. The Indian cyber enthusiasts reported that the vulnerability was discovered during the traversal of user authentication service. He found that the client-side was not responding securely to the authentication servers.
Let me explain the mechanism. Every time a user authenticates through a “sign in with Apple” service, it generates JSON Web Token (JWT) that contains user credential information that is further used by the third-party applications to confirm the identity of the user. Bhavuk mentioned that Apple asks users to log in to their Apple account before initiating the request, it was unable to validate whether if it is the same person is inquiring JSON Web Token (JWT) in the next step from its authentication server.

apple auth
source: bhavuk jain

Therefore, the loophole on its validation part resulted in an attacker compromising the user accounts. It allowed the hacker to provide a separate Apple user ID belonging to a victim that tricked the server into generating JWT payload that was validating attacker to sign in into a third-party service with the victim’s identity.
Cybersecurity personnel confirmed that the bug operated even if you prefer to hide your email ID from the third-party services. The consequence of this vulnerability was considerably decisive as it could have allowed a full account takeover.
Basically, It was a server-side bug of Apple. Besides, researchers also claim that some services of applications offering ‘Sign in with Apple’ to their users might have already been using a two-factor authentication that could potentially mitigate the issue for their customers. Bhavuk had reported the vulnerability to the Apple security team last month, and as a result, the company has now patched the vulnerability and has also ensured the legitimacy of authorized users.

Sign in with Apple
source: knowledia

BUG Findings:

“I found I could request JWTs for any Email ID from Apple, and when the signature of these tokens was verified using Apple’s public key, they showed as valid. This means an attacker could forge a JWT by linking any Email ID and gaining access to the victim’s account,” Bhavuk said.
Sample Request (2nd step)
POST /XXXX/XXXX HTTP/1.1
Host: appleid.apple.com
{“email”:”contact@bhavukjxxxxx.com”}
Here on passing any email, Apple generated a valid JWT (id_token) for that particular Email ID.
  • Sample Response

{“authorization”{

“id_token” : eyJraWQiOiJlWGF1bm1MIiwiYWxnIjoiUlMyNTYifQ.XXXXX.XXXXX”, “grant_code” : “XXX.0.nzr.XXXX”, “scope” : [ “name”, “email” ]
},
“authorizedData” : { “userId” : “XXX.XXXXX.XXXX” }, “consentRequired” : false
}

Conclusion

Before the vulnerability was made public, many developers had already integrated their accounts with “Sign in with Apple” because it is compulsory for applications that support other social logins. The few social platforms that use Sign in with Apple are Dropbox, Spotify, Airbnb, Giphy. The mentioned applications were not tested but it may be possible that this could have been vulnerable too. But eventually, it did not happen because of the other security measures practised while verifying a user.
Apple also performed a security audit to determine if there were any misuse or compromised accounts based on this vulnerability.
- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Pier55 by Heatherwick Studio

Also called the 'Little Island', Pier55 stands out as the structural marvel for the world today, built with grace,...
- Advertisement -

Zaha Hadid Architects Design for World’s Most Expensive Site

Zaha Hadid Architects reveals design for a skyscraper on the world's most expensive site Zaha Hadid Architects studio has revealed its design for the 36-story...

The Cove, San Francisco’s Waterfront

A waterfront is the aesthetic part of the town, which is bordered by the sea or river. These are urban features that help in...

Urban Cycling : Use and Importance

As kids we were delighted when we started riding a bicycle, then we grew up, and started using motor-vehicles but little did we think...

Prefabrication is the Future of Architecture

Prefabricated technology is considered to be the future of architecture. This method although being new in the industry has created to carve a niche...

More Articles Like This

- Advertisement -