Skip navigation

iTunes Security question

1022 Views 1 Reply Latest reply: Apr 13, 2010 10:06 AM by Ian Parkinson RSS
andrew wilber Calculating status...
Currently Being Moderated
Apr 13, 2010 7:39 AM
I have a question on how iTunes security works when making a purchase. How does iTunes handle security around making sure that when someone is purchasing a song off of iTunes, it really is that person and not someone else? How do they make sure something like below doesn't happen?

Pear Corp. recently released a cellular phone model called jPhone. Each jPhone stores a long, randomly generated secret value. The phone service provider also stores all secret values together with the corresponding phone numbers. When a jPhone user wishes to buy a new ringtone, the jPhone transmits its phone number followed by the secret to the ringtone server. The server checks in its database whether the secret corresponds to the phone number and, if it does, downloads the ringtone to the phone and bills the account of the phone’s owner. This design is vulnerable to a cloning attack where someone eavesdropping on a jPhone transmission can easily intercept transmission of the phone number -secret pair. He then hacks his own jPhone’s transmission software to use the intercepted pair, enabling him to download ringtones which are billed to the victim’s account.
Macbook, Mac OS X (10.5.7), n/a


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.