Posted by: Dave Passmore
Recently one of our clients posed a question that kicked off some disagreements between our networking analysts vs. our Burton analyst colleagues who cover security. In particular, this client wanted to know how much of a security threat “Bonjour” technology represented. Since Bonjour is related to iTunes, our client wanted to know if someone could somehow exploit Bonjour software or protocols to hack into a system running iTunes software.
For those unfamiliar with Bonjour (formerly called “Rendezvous” by Apple), it is essentially a replacement for the old AppleTalk protocol, but based on TCP/IP. Bonjour is a way for a host/server to use IP multicast to advertise its network services, and is incredibly useful and user-friendly. Bonjour lets your computer automatically find wireless access points, network printers, shared file systems, and yes, other iTunes music libraries with “zero configuration” required. With Bonjour there’s no need to type in dotted decimal IP addresses, or (especially for home users) to maintain a DNS server. Just about every network printer, for example, ships with Bonjour turned on. My home Tivo DVR comes with Bonjour turned on (so that other Tivos in your household can automatically find each other to share files). Many Windows printer drivers use Bonjour.
The immediate response to the client’s question from our security analysts was to suggest that Bonjour was risky: “another nightmare in the making.” Bonjour would apparently give away all kinds of information about your computer: your username, what services you’re running, etc. Bonjour would make it all to easy for a hacker to learn about your computer without having to bother with a port scan. Bonjour was “promiscuous,” it was “chatty,” and it was likely that malicious content could be brought in from neighboring machines using Bonjour!
But is Bonjour really that risky? From a networking standpoint, Bonjour’s IP multicast transmits over your local subnet/VLAN segment ONLY. Nobody on the Internet, or across any router network boundary, will be able to see Bonjour service advertisements. So a potential “bad guy” would have to be connected directly to your LAN to receive Bonjour service info.
With PCs/Macs, unless you explicitly check a box to advertise a particular service (e.g., your iTunes library, because you want to share music with other people or devices on your LAN), Bonjour info about that service won’t show up on the local network.
All Mac users (and tens of millions of Windows iTunes users) have been using Bonjour for many years without people in the wild exploiting it from a security perspective. So is Bonjour really to be feared by enterprise network managers? The benefits of Bonjour would seem to FAR outweigh any potential security issues. Probably the worst that could happen is that you accidently share info about your iTunes music library, and your co-workers might learn something about your taste (or lack thereof) in music.
Comments