fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Apple Search Bot Leaked Internal IPs Via Proxy Configuration

Apple Search Bot Leaked Internal IPs Via Proxy Configuration

A security researcher discovered that Apple’s search bots that had been crawling his podcast series had been leaking internal IPs, due to a misconfigured proxy server.

And, it took Apple just a little over 9 months to fix this leak, for no obvious reason.

What are proxy servers?

Proxy servers act as a middle agent between a device attempting to connect to a destination on the internet, and the destination itself.

For example, if you are accessing bleepingcomputer.com from a corporate setting, your workstation is likely making the request via your company’s proxy agent sitting in the middle, which further communicates with our website to serve you the requested pages.

Proxy diagram
A simplistic diagram of how proxies work
Source: Wikimedia

There are many reasons a proxy server might be used.

In workplaces, proxies allow the network administrators to both intercept and filter the traffic. This is useful in blocking access to malicious websites.

Also Read: How to Send Mass Email Without Showing Addresses: 2 Great Workarounds

Similarly, search engine bots responsible for crawling and indexing web resources may be behind a proxy for security reasons.

Unless anonymity is expected (as is the case with some VPNs), most proxy servers, when connecting to a server on behalf of another device, include the originating device’s IP information within the HTTP request.

For example, a proxy request may contain the X-Forwarded-For or Via HTTP headers revealing the source device’s IP address, and inform the destination that the request is coming from a proxy.  

Applebot exposes internal IP addresses

Applebot refers to Apple’s web crawler that sweeps the web to find content for its users.

“Applebot is the web crawler for Apple. Products like Siri and Spotlight Suggestions use Applebot,” according to Apple’s knowledgebase.

Last month, Security researcher and podcast creator David Coomber found out that Applebot had been using a proxy that leaked Apple’s internal IP addresses.

“On any given day, I see a fair amount of noise directed at my webserver, from bots scraping content or scanning for ‘research’ to attacks via Tor and thought it would be interesting to see how many connections were identifying themselves as being routed through a proxy,” wrote the researcher.

Coomber is indeed referring to the Via and X-Forwarded-For headers being sent by the Applebot crawler.

A sample request made to Coomber’s website contained both of these headers that revealed the internal IP address of the device behind the proxy.

17.X.X.X “HEAD /mixes/podcast.jpg HTTP/1.1” 301 “iTMS” “1.1 pv50XXX.apple.com (proxy product)” “X.X.X.12”

The fields listed respectively are the proxy’s external IP address, requested path,  HTTP response code, user agent/web browser information, and the Via and X-Forwarded-For header values.

“Although I’ve seen a couple of bots that were misconfigured, I was surprised to see Apple’s Podcast bot look for updates to my podcast (Deep House Mixes) using a proxy which leaked internal IPs and hostnames from the ‘Via’ & ‘X-Forwarded-For’ headers,” Coomber continued in his blog post. 

Took Apple nine months to fix it

According to Coomber, Apple had resolved the leak on September 29, 2020, approximately nine months after he had reported it to them and it is not clear why.

Coomber told BleepingComputer, “I provided the details to the Apple Product Security team on December 21, 2019. Once they confirmed the issue, I worked with them to remove the ‘Via’ and ‘X-Forwarded-For’ headers from their internal proxy infrastructure, which is configured to scan for updates to content available on Apple Podcasts.”

Also Read: How a Smart Contract Audit Works and Why it is Important

How to prevent IP leaks through proxies? 

The recommended method to prevent originating IPs from being exposed in the HTTP requests made by proxy is to inspect your proxy server’s configuration.  

It should be ensured, the proxy product is not sending the originating IP information using the Via, X-Forwarded-For, X-ProxyUser-Ip, or similar headers.

“If you’re running a forward proxy in your environment, you may want to consider removing the ‘Via’ & ‘X-Forwarded-For’ headers,” advised Coomber.

He shared sample configuration rules that network admins using Squid proxy servers could implement.

via off
forwarded_for delete

In July 2020, Coomber had reported a separate Applebot issue where the crawler had not been fully honoring the rules specified in robots.txt files.

When asked for comment concerning these issues, Apple did not provide one to BleepingComputer.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us