Tuesday, Aug 02, 2022, 17:48
Web
Apple Services – Russian Provider Reroutes Data
For those who pull up Apple's website or make use of any of the company's many services such as iCloud, their traffic is normally routed to servers within the Cupertino-based company's IPv4 address space. For an extended period of time beginning on the 26th of July this year, however, that wasn't the case: Data packets were intercepted and sent on a rather peculiar and questionable route – through Russia. The largest Russian internet provider usurped portions of Apple's address space.
Russian Provider Reroutes Data Traffic
On the 26th of July, the Moscow based company Rostelekom claimed an important IP prefix for itself (17.70.96.0/19) within Apple's IPv4 address space via the Border Gateway Protocol (BGP). Due to this action – discovered and analyzed by the "Mutually Agreed Norms for Routing Security" initiative (MANRS), a significant portion of the data traffic from the Californian company's services ran through the routers and servers of the largest Russian internet provider. Users of iCloud and other services from Cupertino were not aware of this redirection and no failures were registered at the time according to all currently released information. Whether or not this hijacking reflects more of an attack or an error remains to be seen – neither Apple nor Rostelekom have released a public statement concerning the incident.
Address Space "Hijacking" Lasted 12 Hours
According to MANRS, Apple introduced countermeasures immediately after becoming aware of the incident. Rostelekom began announcing an IP prefix on July 26th 2022 around 21:25 UTC – 17.70.96.0/19, an address that is part of a separate, smaller block within Apple's larger 17.0.0.0/9 block. During normal operation, Apple only announces the larger block and not the shorter prefix. On July 27th, Apple redirected traffic towards a newly announced route, 17.70.96.0/21, to counteract Rostelekom. 12 hours after beginning, the fuss came to an end – Rostelekom withdrew the erroneous announcement and Apple's internet traffic stopped traveling through Russia.
No Damages Expected
Thanks to the fact that data traffic between Macs, iPhones, iPads, and Apple's servers is encrypted, it's unlikely that any damage or theft occurred to either the Californian company or its customers. According to MANRS, however, such an event could reoccur at any moment. Apple and other companies would be well advised to begin securing their BGP routing against such attacks in the future. Appropriate measures such as special filters or validations have existed for some time now – although they clearly still need to be implemented.
Russian Provider Reroutes Data Traffic
On the 26th of July, the Moscow based company Rostelekom claimed an important IP prefix for itself (17.70.96.0/19) within Apple's IPv4 address space via the Border Gateway Protocol (BGP). Due to this action – discovered and analyzed by the "Mutually Agreed Norms for Routing Security" initiative (MANRS), a significant portion of the data traffic from the Californian company's services ran through the routers and servers of the largest Russian internet provider. Users of iCloud and other services from Cupertino were not aware of this redirection and no failures were registered at the time according to all currently released information. Whether or not this hijacking reflects more of an attack or an error remains to be seen – neither Apple nor Rostelekom have released a public statement concerning the incident.
Address Space "Hijacking" Lasted 12 Hours
According to MANRS, Apple introduced countermeasures immediately after becoming aware of the incident. Rostelekom began announcing an IP prefix on July 26th 2022 around 21:25 UTC – 17.70.96.0/19, an address that is part of a separate, smaller block within Apple's larger 17.0.0.0/9 block. During normal operation, Apple only announces the larger block and not the shorter prefix. On July 27th, Apple redirected traffic towards a newly announced route, 17.70.96.0/21, to counteract Rostelekom. 12 hours after beginning, the fuss came to an end – Rostelekom withdrew the erroneous announcement and Apple's internet traffic stopped traveling through Russia.
No Damages Expected
Thanks to the fact that data traffic between Macs, iPhones, iPads, and Apple's servers is encrypted, it's unlikely that any damage or theft occurred to either the Californian company or its customers. According to MANRS, however, such an event could reoccur at any moment. Apple and other companies would be well advised to begin securing their BGP routing against such attacks in the future. Appropriate measures such as special filters or validations have existed for some time now – although they clearly still need to be implemented.
More mtech.news articles you might enjoy to read: