Immue discovers new vulnerability in Apple’s private relay

by | Jun 29, 2022 | Technology

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Immue, an Israel-based cybersecurity company providing holistic anti-bot and anti-fraud defense solutions, claims it’s found concerning vulnerabilities in one of Apple’s latest privacy features — the iCloud Private Relay. While helping organizations across multiple industries stop cyber fraud and bot attacks targeted at their companies, Immue said it detected many of these attacks coming from internet protocols (IPs) associated with Apple and their two supporting Akamai and Cloudflare servers. 

In an exclusive interview with VentureBeat at the ongoing CyberWeek Tel Aviv, cofounders Amit Yossi Siva Levi (CTO) and Shira Itzshaki (CEO) confirmed that threat actors take advantage of the anonymity and web browsing privacy features of Apple’s technology to mask their IPs and launch multiple untraceable attacks.

How Apple’s private relay works

In June of 2021, Apple hosted its annual Worldwide Developers Conference to showcase its latest technologies. Among the technologies launched, the most significant and controversial was the private relay technology which would form part of the iCloud+ subscription. With this service, users on iOS 15, iPadOS 15 and macOS Monterey can browse securely without worrying about having their browsing activities tracked and sold to the highest bidder.

By enabling this feature on an upgraded Apple device, users’ browsing activities on Safari are routed through two separate internet “relays” using a sophisticated multi-hop architecture. This rerouting guarantees that no single party — including Apple — can track the exact origin of the request, making it impossible for websites to create a detailed profile of users. Some experts have even called it “internet privacy on steroids.”

The vulnerability

How private data is managed and shared has always been a concern for the average internet user. Mckinsey reports that internet users are becoming increasingly intentional about the kind of data they share online and with whom, as no industry reached a 50% trust rating. With multiple d …

Article Attribution | Read More at Article Source

Share This