1 Reply Latest reply: Apr 13, 2010 10:06 AM by Ian Parkinson
andrew wilber Level 1 Level 1
I have a question on how iTunes security works when making a purchase. How does iTunes handle security around making sure that when someone is purchasing a song off of iTunes, it really is that person and not someone else? How do they make sure something like below doesn't happen?

Pear Corp. recently released a cellular phone model called jPhone. Each jPhone stores a long, randomly generated secret value. The phone service provider also stores all secret values together with the corresponding phone numbers. When a jPhone user wishes to buy a new ringtone, the jPhone transmits its phone number followed by the secret to the ringtone server. The server checks in its database whether the secret corresponds to the phone number and, if it does, downloads the ringtone to the phone and bills the account of the phone’s owner. This design is vulnerable to a cloning attack where someone eavesdropping on a jPhone transmission can easily intercept transmission of the phone number -secret pair. He then hacks his own jPhone’s transmission software to use the intercepted pair, enabling him to download ringtones which are billed to the victim’s account.

Macbook, Mac OS X (10.5.7), n/a