Ad

FaceTime for Mac – a serious threat for your Apple ID

FaceTime MacWhile many users are happy about having FaceTime on their Mac, we are a little anxious about some security glitches present in the current beta of the software. With a few clicks others can make use of the user’s Apple ID and reset the password with ease.

We started having a closer look at the settings when Gernot pointed us at some issues: Once you’ve logged into FaceTime you can have a look at all the account settings of the used Apple ID. Username, ID, place and birth date are shown as well as the security question and the answer to it – in plain text, without another password request. To reset the password to an Apple ID, all you need it the exact birth date and the answer to the security question – we tried that out for you, and it worked fine.






Even without the plain text answer the password reset itself is a little akward – closer friends and families usually know answers to the standard questions, such as favourite number or certain names. Unfortunately there’s no way to deactivite the security question password reset.

Another issue happens while logging out: When you choose “Log Out” from the top menu, the password remains in the password field, even when restarting the application. That shouldn’t be the case tho: Applications should remove passwords from the password field as soon as the application is closed.

Our tip: Either don’t use FaceTime at all or make sure your computer is save – set a master password and never leave your machine open and running in a public place. Otherwise you might get an unusual surprise at some point.

Update 22 Oct 10am: Apple has fixed the flaw. When you open the menu now you can’t see the account data anymore and the menu jumps back.

Author:
Date:
Tags:
macnotes
21.10.2010 12:15 Uhr
, ,  

8 Comments , Trackbacks

  1. Profilbild

    21.10.10, 15:22 Uhr, #1

    Newly Launched FaceTime for Mac has Serious Security Issues | Digigossip.com meint:

    […] the beta version of FaceTime for Mac without the knowledge that this beta version has very serious security flaws. This beta version enables Mac users to chat to their iPhones using buddies but the same has […]

  2. Profilbild

    21.10.10, 15:39 Uhr, #2

    dyn meint:

    iTunes, iPhone, iPod Touch, iPad, iChat, Adium, Mail, Safari, Firefox, etc. all have the same option: you can view your account, change passwords, etc. I’ve tried it in FaceTime, the option is there but it does nothing, it switches back to the previous view (it doesn’t display my account details). Being logged into any service/application on your machine opposes a security risk for anyone that has physical access to it. This is hardly a FaceTime security issue, it’s a general issue. It is the main reason why one should use a password on one’s computer and lock the machine when leaving. Logging out of the application/service also helps. The only problem in this case would be the fact FaceTime keeps remembering the password. Something Hotmail does as well if you opt for it.

  3. Profilbild

    21.10.10, 18:32 Uhr, #3

    PSA: FaceTime beta endangers your Apple ID password and security questions | Financal Advisor meint:

    […]  |  MacNotes.de  | Email this | Comments View full post on […]

  4. Profilbild

    21.10.10, 18:50 Uhr, #4

    Tech Gadget Reviews » PSA: FaceTime beta endangers your Apple ID password and security questions meint:

    […]  |  MacNotes.de  | Email […]

  5. Profilbild

    21.10.10, 19:19 Uhr, #5

    Gustav meint:

    FaceTime does not store your password. Your keychain does. The MobileMe system preferences, iCal, etc. use the same keychain entry. Any developer could write an app that does this. They could sneak onto your computer, run their app, click “Allow” and get the password from the keychain and access the same information that FaceTime does. If you lock your keychain when not near your Mac, neither FaceTime nor anything else can get your password or access the site.

  6. Profilbild

    21.10.10, 19:21 Uhr, #6

    Conrad meint:

    Why does everyone think this is such an issue!? Who is using your computer that’s not you!? For Pete’s sake, put a freakin’ password on the thing. What’s wrong with you?

  7. Profilbild

    21.10.10, 19:26 Uhr, #7

    Matt meint:

    Oct 20’s FaceTime beta also automatically creates a keychain item (without asking if you want to save it in the keychain) containing the account and password so that even if you sign out, the next time you open the application your username and password are automatically filled in.

    To prevent password storage, you have to sign out, quit FaceTime, and manually delete the keychain item. This is ridiculous.

  8. Profilbild

    21.10.10, 19:31 Uhr, #8

    Is FaceTime a serious security threat? Only if you’re completely oblivious … | All my RSS meint:

    […] AppleCould FaceTime for Mac make it really easy for someone to steal your Apple ID?German Mac site MacNotes.de thinks so, calling FaceTime "a serious threat" to your Apple account. See, once you're logged into FaceTime, […]

  9. Profilbild

    21.10.10, 19:32 Uhr, #9

    Is FaceTime a serious security threat? Only if you’re completely oblivious … meint:

    […] AppleCould FaceTime for Mac make it really easy for someone to steal your Apple ID?German Mac site MacNotes.de thinks so, calling FaceTime "a serious threat" to your Apple account. See, once you're logged into FaceTime, […]

  10. Profilbild

    21.10.10, 19:48 Uhr, #10

    Apple News | FaceTime for Mac Beta Compromises Your Apple ID « Jailbreak Centeral meint:

    […] Read More [via Engadget] […]

  11. Profilbild

    21.10.10, 20:06 Uhr, #11

    Joe di Stefano meint:

    Good point, dyn meint. There is a similar “security issue” with the Finder, where if someone has access to your computer they can drag your documents into the trash and then erase them, without even knowing your birthday!

  12. Profilbild

    21.10.10, 20:47 Uhr, #12

    Grogor meint:

    This is a glitch and I am sure it will be fixed soon. Of course you can already reset most peoples online passwords if you have access to their computer. Most computers do not require a password every time email is accessed. I could walk up to any PC, enter the users email into Amazon.com. Enter that I forgot the password. A recovery email is sent to the computer I am using. Since email is already logged in, I can now change the password.

  13. Profilbild

    21.10.10, 20:50 Uhr, #13

    FaceTime per Mac beta ha un problema di sicurezza! | iSpazio.ru meint:

    […] MacNotes ha scoperto un problema di sicurezza nell’applicazione rilasciata ieri FaceTime per Mac Beta di non poca importanza, infatti andando nella schermata per visualizzare le informazioni del vostro account vengono mostrati tutti i campi completati, tra questi anche la domanda di sicurezza, completa di risposta, e la data di nascita. […]

  14. Profilbild

    21.10.10, 21:22 Uhr, #14

    airmanchairman meint:

    Funny enough, iTunes has consistently refused to save my password and I tried several times to “correct” this so that I don’t have to authenticate every time I make an app or music purchase. The thing is, every time I download an update to iTunes, the problem returns.

    Then I thought about it – it isn’t a problem, it’s a good thing – a very slight inconvenience but a very good security feature.

  15. Profilbild

    21.10.10, 21:56 Uhr, #15

    FaceTime per Mac: presente un falla di sicurezza nell’applicazione! - iPhone Italia – Il blog italiano sull'Apple iPhone 4, iPhone 3GS e 3G meint:

    […] a quanto riportato da MacNotes.de, la prima Beta di FaceTime per Mac, rilasciata da Apple nella giornata di ieri, presenterebbe una […]

  16. Profilbild

    21.10.10, 22:40 Uhr, #16

    FaceTime security hole exposes Apple IDs to compromise - Australian Macworld meint:

    […] German website, MacNotes, found “With a few clicks others can make use of the user’s Apple ID and reset the […]

  17. Profilbild

    22.10.10, 0:08 Uhr, #17

    Daily News Recap (October 21, 2010) | TheMacFeed meint:

    […] Other interesting things being lost, turns out restore disks are being replaced by flash drives. FaceTime for Mac isn’t as safe as we’d hope it to be. AT&T activated 5.2 million iPhones this summer, yes – […]

  18. Profilbild

    22.10.10, 2:38 Uhr, #18

    Mac FaceTime security hole could compromise your Apple ID | Press Release – Buzz Issue. meint:

    […] Apple’s new FaceTime software for Macs, which lets Mac users video chat with iPhone 4 and iPod Touch FaceTime users, apparently has a gaping security hole which could compromise your Apple ID password, the site MacNotes reports. […]

  19. Profilbild

    22.10.10, 4:00 Uhr, #19

    Is FaceTime a serious security threat? Only if you’re completely oblivious … » Shai Perednik.com meint:

    […] FaceTime for Mac make it really easy for someone to steal your Apple ID?German Mac site MacNotes.de thinks so, calling FaceTime “a serious threat” to your Apple account. See, once you’re […]

  20. Profilbild

    22.10.10, 4:01 Uhr, #20

    FaceTime's network effects | ipod-iphone-home meint:

    […] MacNotes.de has stumbled on some security holes in the FaceTime beta released Wednesday that could compromise […]

  21. Profilbild

    22.10.10, 5:29 Uhr, #21

    FaceTime for Mac Has a Security Issue | iPhone in Canada Blog - Canada's #1 iPhone Resource meint:

    […] hope this if fixed soon by Apple. Either way, I’m still enjoying FaceTime for Mac![MacNotes.de]**Looking for an iPhone 3G/3GS case? Get the invisibleSHIELD by ZAGG, the strongest protection for […]

  22. Profilbild

    22.10.10, 8:07 Uhr, #22

    securiour meint:

    Apple is testing a Facetime beta version which runs on Mac. The German company has reported a password flaw in which the application Facetime running on your computer, the password can be changed without authetication of supplying old password.
    http://www.securiour.com/2010/10/21/facetime-running-on-mac-has-password-security-issue/

  23. Profilbild

    22.10.10, 13:20 Uhr, #23

    Vulnerabilidad corregida en Facetime Mac : Noticias2D meint:

    […] informa Macnotes, esta era de gravedad viendo que podíamos resetear la contraseña y preguntas secretas de cuentas […]

  24. Profilbild

    22.10.10, 17:05 Uhr, #24

    RazorianFly » WARNING: FaceTime For Mac Has Major Security Flaw meint:

    […] via MacNotes] onload = function() { document.instant.document.body.style.fontFamily = "Verdana"; […]

  25. Profilbild

    22.10.10, 19:41 Uhr, #25

    [Update: Fixed!] FaceTime for Mac Has a Security Issue | iPhone World Blog meint:

    […] [MacNotes.de] […]

  26. Profilbild

    25.10.10, 3:36 Uhr, #26

    Is FaceTime a serious security threat? Only if you’re completely oblivious … | Best Ways To Pimp Your Apple iTouch meint:

    […] FaceTime for Mac make it really easy for someone to steal your Apple ID?German Mac site MacNotes.de thinks so, calling FaceTime “a serious threat” to your Apple account. See, once you’re […]

  27. Profilbild

    25.10.10, 12:19 Uhr, #27

    Apple Closes FaceTime For Mac Security Hole | IT Security Standard meint:

    […] German site MacNotes first reported the flaw, descriptions of which quickly spread across the web. The problem stemmed from the fact […]

  28. Profilbild

    27.10.10, 19:49 Uhr, #28

    Weekly Mobile Mash-up #22 | Life is better On meint:

    […] it’s obviously very disappointing for Apple that German website MacNotes is reporting that “with a few clicks others can make use of the user’s Apple ID and reset the […]

  29. Profilbild

    31.07.14, 18:06 Uhr, #29

    Apple FaceTime For Mac Security Flaw Uncovered | ITProPortalITProPortal.com meint:

    […] to German tech news website MacNotes, the flaw in FaceTime for Mac leaves the user account information in the Apple ID service […]


Anzeige

Add your comment:


  


Ad
blogoscoop