If you check your Exchange email from an iPhone, on an open Wi-Fi network, you may be offering your Exchange credentials to everyone else on that network. A researcher named James Litwin has disclosed a new iOS vulnerability he calls Leaky X. According to Litwin, the iOS mail app sends unencrypted credentials to Exchange servers during the TCP/IP handshake (before SSL encryption takes place). This means that any one that can “man-in-the-middle” your iOS traffic could capture your Exchange credentials, which are typically the same as your Windows domain credentials. Watch the video below for more detail, but unfortunately the patch is not out yet.
UPDATE: One YouTube commenter points out that if this vulnerability affects the iOS mail app, the stand-alone iOS Outlook app may not be vulnerable. Litwin does not comment on the Outlook app specifically, and I haven’t yet confirmed whether or not it’s affected. However, if it isn’t, using Outlook would be a good work around until Apple patches this issue.
Episode Runtime: 3:32
Direct YouTube Link: https://www.youtube.com/watch?v=J17p8aSU2uw
- iOS devices transmitting unencrypted Exchange credentials – Tech Republic
- Researchers more detailed post on Leaky X iOS vulnerability – Blogspot
- A website set up to PoC Leaky X (I don’t recommend you do it) – LeakyX.com