Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Physical access exploit: Apple iTunes Visualiser disables screen lock
From: Adam Q <aqsalter () westnet com au>
Date: Thu, 22 Jul 2004 21:02:27 +0800

The full-screen Apple iTunes Visualiser currently disables the screen lock timer on both Mac & PC.

Synopsis:
This a physical access security concern at present since anybody who uses the iTunes Visualiser in full-screen mode is essentially leaving their PC unlocked for that duration. Since many people leave the Visualiser on in office or POS situations this leads to a computer that can easily be accessed as the local user.

Suggested workaround:
Never leave a computer running iTunes Visualiser in full-screen mode unattended. Never deploy a computer with iTunes installed in a POS situation, and carefully consider the ramifications on the IT Security Policy in an office environment.

Recommended action:
Have the default be to lock the screen after the required time elapsed (exactly as if the screensaver became enabled) and have a preference to disable screen locking if the user wishes. Most users (and IT departments) would assume if they had screen locking enabled for their screensaver that they would be safe.



iTunes is a registered trademark of Apple Computer Corp.
---
Adam Q Salter
aqsalter () westnet com au

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • Physical access exploit: Apple iTunes Visualiser disables screen lock Adam Q (Jul 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault