DOCSLIB.ORG

On the Feasibility of Large-Scale Infections of Ios Devices

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

On the Feasibility of Large-Scale Infections of iOS Devices Tielei Wang, Yeongjin Jang, Yizheng Chen, Simon Chung, Billy Lau, and Wenke Lee School of Computer Science, College of Computing, Georgia Institute of Technology ftielei.wang, yeongjin.jang, yizheng.chen, pchung, billy, [email protected] Abstract by Apple can be installed and run on iOS devices. This While Apple iOS has gained increasing attention from significantly reduces the number of distribution channels attackers due to its rising popularity, very few large scale of iOS apps, forcing attackers to have their apps signed infections of iOS devices have been discovered because by a trusted authority. of iOS’ advanced security architecture. In this paper, Third, the Digital Rights Management (DRM) tech- we show that infecting a large number of iOS devices nology in iOS prevents users from sharing apps among through botnets is feasible. By exploiting design flaws arbitrary iOS devices, which has a side effect of limit- and weaknesses in the iTunes syncing process, the de- ing the distribution of malicious apps published on the vice provisioning process, and in file storage, we demon- App Store. Although recent studies show that malicious strate that a compromised computer can be instructed to apps can easily bypass Apple’s app vetting process and install Apple-signed malicious apps on a connected iOS appear in the Apple App Store [26, 36, 51], lacking the device, replace existing apps with attacker-signed ma- ability to self-propagate, these malicious apps can only licious apps, and steal private data (e.g., Facebook and affect a limited number of iOS users who accidentally Gmail app cookies) from an iOS device. By analyzing (e.g., by chance or when tricked by social-engineering DNS queries generated from more than half a million tactics) download and run them. Specifically, to run an anonymized IP addresses in known botnets, we measure app signed by Apple, an iOS device has to be authenti- that on average, 23% of bot IP addresses demonstrate cated by the Apple ID that purchased the app. For exam- iOS device existence and Windows iTunes purchases, ple, suppose we use an Apple IDA to download a copy of implying that 23% of bots will eventually have connec- a malicious app from the App Store and later we install tions with iOS devices, thus making a large scale infec- this copy on an iOS device that is bound to Apple IDB. tion feasible. This copy cannot run on the iOS device that is bound to Apple IDB because of the failure of DRM validation. 1 Introduction On iOS 6.0 or later, when launching this app, iOS will pop up a window (Figure 1) to ask the user to re-input As one of the most popular mobile platforms, Apple an Apple ID and a password. If the user cannot input the iOS has been successful in preventing the distribution of correct Apple ID (i.e., Apple IDA) and the corresponding malicious apps [23, 32]. Although botnets on Android password, iOS refuses to run the app. and jailbroken iOS devices have been discovered in the In this paper, we show that despite these advanced se- wild [40, 42, 43, 45, 54], large-scale infections of non- curity techniques employed by iOS, infecting a large jailbroken iOS devices are considered extremely difficult number of non-jailbroken iOS devices through bot- for many reasons. nets is feasible. Even though iOS devices are designed First, Apple has powerful revocation capabilities, in- for mobile use, they often need to be connected to per- cluding removing any app from the App Store, remotely sonal computers via USB or Wi-Fi for many reasons, disabling apps installed on iOS devices, and revoking any such as backup, restore, syncing, upgrade, and charging. developer certificate. This makes the removal of mali- We find that the USB and Wi-Fi communication chan- cious apps relatively straightforward once Apple notices nels between iOS devices and computers are not well them. protected. Consequently, a compromised computer (i.e., Second, the mandatory code signing mechanism in a bot) can be easily instructed to install malicious apps iOS ensures that only apps signed by Apple or certified onto its connected iOS devices and gain access to users’ 1 app signed by attackers in possession of enterprise or in- dividual developer licenses issued by Apple. This weak- ness leads to many serious security threats. For example, attackers can first remove certain targeted apps (such as banking apps) from iOS devices and replace them with malicious apps that look and feel the same. As a result, when a victim tries to run a targeted app, they actually launch the malicious app, which can trick the user to re- input usernames and passwords. We originally presented this attack [31] in 2013 and Apple released a patch in iOS 7 that warns the user when connecting iOS devices to a computer for the first time. However, this patch does not Figure 1: User attempting to run an app downloaded by a protect iOS devices from being stealthily provisioned by different Apple ID on his iOS device needs to first enter a compromised computer that the user already trusts. the correct Apple ID and password. private data without their knowledge. In this paper, con- In addition to injecting apps into iOS devices, attack- nected iOS devices refer to those that are plugged into ers can also leverage compromised computers to obtain a computer through USB cable or have Wi-Fi syncing credentials of iOS users. Specifically, since many iOS enabled. Note that if Wi-Fi syncing is enabled, the iOS developers presume that the iOS sandbox can effectively device will automatically sync with a paired computer prevent other apps from accessing files in their apps’ when they are on the same network. home directories, they store credentials in plaintext un- The feasibility of a large scale infection is facili- der their apps’ home directories. For example, the Star- tated by two main problems that we have discovered bucks app was reported to save usernames and passwords in our research. The first is a previously unknown de- in plaintext. Starbucks thought the possibility of a secu- sign flaw in the iTunes syncing mechanism (including rity exploit to steal the plaintext passwords was “very far both USB and Wi-Fi based syncing), which makes the fetched” [8]. However, once an iOS device is connected iTunes syncing process vulnerable to Man-in-the-Middle to a computer, all these files are accessible by the host (MitM) attacks. By exploiting this flaw, attackers can computer. Consequently, malware on the computer can first download an Apple-signed malicious app (e.g., a easily steal the plaintext credentials through a USB con- Jekyll app [51]) using their Apple ID and then remotely nection. In our work, we found that the Facebook and instruct a compromised computer to install the attacker’s Gmail apps store users’ cookies in plaintext. By stealing copy on a connected iOS device, completely bypassing and reusing the cookies from connected iOS devices, at- DRM checks. In other words, an attacker can have a ma- tackers can gain access to the victims’ accounts remotely. licious app of his own choosing run on a user’s iOS de- vice without the user ever seeing an authentication pop- While it is known that a host computer can partially up window. access the file system of a connected iOS device, we Coupled with botnet infrastructures, this exploit en- point out that it leads to security problems, especially ables large scale delivery of arbitrary Apple-signed apps. when attackers control a large number of personal com- This has two serious security implications. First, it chal- puters. Considering that there are many apps dedicated lenges the common belief that the Apple App Store is the to iOS, this problem may allow attackers to gain creden- sole distributor of iOS apps. Instead of relying on trick- tials that are not always available on PCs. ing a user into downloading apps from the App Store, attackers can now push copies of their app onto a vic- To quantitatively show that botnets pose a realistic tim’s device. Even if an app has been removed from the threat to iOS devices, we also conduct a large scale App Store, attackers can still deliver it to iOS users. Sec- measurement study to estimate how many compromised ond, this expolit challenges the common belief that the computers (i.e., bots) could connect with iOS devices. installation of iOS apps must be approved by the user. Intuitively, given the immense popularity of iOS devices Attackers can surreptitiously install any app they down- and compromised Windows machines, we presume that loaded onto victim’s device. many people are using iOS devices connected to com- The second security issue we discovered is that an promised computers. However, to the best of our knowl- iOS device can be stealthily provisioned for development edge, there exists no previous work that can provide large through USB connections. This weakness allows a com- scale measurement results. promised computer to arbitrarily remove installed third- party apps from connected iOS devices and install any By analyzing DNS queries generated from 473,506 2 Infection Type Root Cause Connection Type Install malicious apps signed by Apple Man-in-the-Middle attacks against syncing USB or Wi-Fi Install malicious apps signed by attackers Stealthy provisioning of devices USB Steal private data (e.g., Facebook and Gmail apps’s cookies) Insecure storage of cookies USB Table 1: Infection Summary. anonymized IP addresses1 that were involved in known by their Apple ID on iOS devices that are bound to botnets on 10/12/2013 in 13 cities of two large ISPs in different Apple IDs, bypassing DRM protections.
Recommended publications
  • View Managing Devices and Corporate Data On

    View Managing Devices and Corporate Data On

    Overview Managing Devices & Corporate Data on iOS Overview Overview Contents Businesses everywhere are empowering their employees with iPhone and iPad. Overview Management Basics The key to a successful mobile strategy is balancing IT control with user Separating Work and enablement. By personalizing iOS devices with their own apps and content, Personal Data users take greater ownership and responsibility, leading to higher levels of Flexible Management Options engagement and increased productivity. This is enabled by Apple’s management Summary framework, which provides smart ways to manage corporate data and apps discretely, seamlessly separating work data from personal data. Additionally, users understand how their devices are being managed and trust that their privacy is protected. This document offers guidance on how essential IT control can be achieved while at the same time keeping users enabled with the best tools for their job. It complements the iOS Deployment Reference, a comprehensive online technical reference for deploying and managing iOS devices in your enterprise. To refer to the iOS Deployment Reference, visit help.apple.com/deployment/ios. Managing Devices and Corporate Data on iOS July 2018 2 Management Basics Management Basics With iOS, you can streamline iPhone and iPad deployments using a range of built-in techniques that allow you to simplify account setup, configure policies, distribute apps, and apply device restrictions remotely. Our simple framework With Apple’s unified management framework in iOS, macOS, tvOS, IT can configure and update settings, deploy applications, monitor compliance, query devices, and remotely wipe or lock devices. The framework supports both corporate-owned and user-owned as well as personally-owned devices.
  • Legal-Process Guidelines for Law Enforcement

    Legal-Process Guidelines for Law Enforcement

    Legal Process Guidelines Government & Law Enforcement within the United States These guidelines are provided for use by government and law enforcement agencies within the United States when seeking information from Apple Inc. (“Apple”) about customers of Apple’s devices, products and services. Apple will update these Guidelines as necessary. All other requests for information regarding Apple customers, including customer questions about information disclosure, should be directed to https://www.apple.com/privacy/contact/. These Guidelines do not apply to requests made by government and law enforcement agencies outside the United States to Apple’s relevant local entities. For government and law enforcement information requests, Apple complies with the laws pertaining to global entities that control our data and we provide details as legally required. For all requests from government and law enforcement agencies within the United States for content, with the exception of emergency circumstances (defined in the Electronic Communications Privacy Act 1986, as amended), Apple will only provide content in response to a search issued upon a showing of probable cause, or customer consent. All requests from government and law enforcement agencies outside of the United States for content, with the exception of emergency circumstances (defined below in Emergency Requests), must comply with applicable laws, including the United States Electronic Communications Privacy Act (ECPA). A request under a Mutual Legal Assistance Treaty or the Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”) is in compliance with ECPA. Apple will provide customer content, as it exists in the customer’s account, only in response to such legally valid process.
  • Ios App Reverse Engineering

    Ios App Reverse Engineering

    snakeninny, hangcom Translated by Ziqi Wu, 0xBBC, tianqing and Fei Cheng iOS App Reverse Engineering Table of Contents Recommendation ..................................................................................................................................................... 1 Preface ....................................................................................................................................................................... 2 Foreword ................................................................................................................................................................... 7 Part 1 Concepts ....................................................................................................................................................... 12 Chapter 1 Introduction to iOS reverse engineering ............................................................................................. 13 1.1 Prerequisites of iOS reverse engineering .......................................................................................................... 13 1.2 What does iOS reverse engineering do ............................................................................................................ 13 1.2.1 Security related iOS reverse engineering ...................................................................................................... 16 1.2.2 Development related iOS reverse engineering ............................................................................................
  • Online Platforms and Market Power Part 6: Examining the Dominance of Amazon, Apple, Facebook, and Google Questions for the Recor

    Online Platforms and Market Power Part 6: Examining the Dominance of Amazon, Apple, Facebook, and Google Questions for the Recor

    Online Platforms and Market Power Part 6: Examining the Dominance of Amazon, Apple, Facebook, and Google Questions for the Record from the Honorable David N. Cicilline, Chairman, Subcommittee on Antitrust, Commercial and Administrative Law of the Committee on the Judiciary Questions for Mr. Tim Cook, CEO, Apple, Inc. 1. You testified that Apple’s apps “go through the same rules” that third-party apps are required to follow. The App Store Guidelines (“Guidelines”) are designed to ensure that the App Store remains a safe and trusted place for consumers to discover and download software for their Apple devices. The Guidelines apply to any app, Apple or third-party, that is available on the App Store in the first instance. a. How many Apple apps are pre-loaded on current iPhone models? The first iPhone included 13 integrated Apple apps. There were no third-party apps available for that iPhone. Apple’s subsequent decision to open the iPhone to third-party app development unleashed a wave of innovation and competition. Thirteen years later, there are more than 1.8 million third-party apps available through the App Store and only about 40 Apple apps integrated into the current iPhone models. Apple’s focus has always been to deliver a great consumer experience out of the box. That is why the iPhone comes with Apple apps like Phone, Notes, Settings, Files, Clock, Tips, Measure, and Reminders to provide basic functionality. In addition, apps like FaceTime, iMessage, Apple Music, TV, and others help differentiate the iPhone in a competitive smartphone market. The few apps that Apple has integrated into the iPhone are a drop in the bucket of the overall app ecosystem.
  • Signcryption in Imessage

    Signcryption in Imessage

    A preliminary version of this paper appears in EUROCRYPT 2020. This is the full version. Security under Message-Derived Keys: Signcryption in iMessage Mihir Bellare1 Igors Stepanovs2 February 2020 Abstract At the core of Apple’s iMessage is a signcryption scheme that involves symmetric encryption of a message under a key that is derived from the message itself. This motivates us to formalize a primitive we call Encryption under Message-Derived Keys (EMDK). We prove security of the EMDK scheme underlying iMessage. We use this to prove security of the signcryption scheme itself, with respect to definitions of signcryption we give that enhance prior ones to cover issues peculiar to messaging protocols. Our provable-security results are quantitative, and we discuss the practical implications for iMessage. 1 Department of Computer Science & Engineering, University of California San Diego, 9500 Gilman Drive, La Jolla, California 92093, USA. Email: [email protected]. URL: https://cseweb.ucsd.edu/~mihir/. Supported in part by NSF grant CNS-1717640 and a gift from Microsoft. 2 Department of Computer Science, ETH Zürich, Universitätstrasse 6, 8092 Zürich, Switzerland. Email: [email protected]. URL: https://sites.google.com/site/igorsstepanovs/. Supported in part by grants of first author. Work done while at UCSD. Contents 1 Introduction 2 2 Preliminaries 6 3 Signcryption 7 4 Encryption under message derived keys 12 4.1 Syntax, correctness and security of EMDK . 12 4.2 iMessage-based EMDK scheme . 14 5 Design and security of iMessage 16 5.1 iMessage-based signcryption scheme IMSG-SC ...................... 16 5.2 Parameter-choice induced attacks on privacy of iMessage ...............
  • Iphone Productivity Tips

    Iphone Productivity Tips

    IPHONE PRODUCTIVITY TIPS Useful lifehacks by ABBYY Mobile The functionality of today’s smartphones is awesome, and sometimes we just can’t comprehend it all. In this book, we have collected the most useful tips that will help you to know your iPhone and level up your productivity. Smartphones are not only about solving everyday and business routine but also allow to reduce paper usage. ABBYY Mobile has been providing paperless technologies for 10 years. To know more about productive data capturing from documents and business cards, check the second part of this ebook. ABBYY Mobile Blog: mobileblog.abbyy.com Learn more about ABBYY Mobile Apps: abbyy.com/mobile © 2019, ABBYY Mobile Blog. ABBYY is either registered trademark or trademark of ABBYY Software Ltd. All other trademarks are the sole property of their respective owners. Permission is hereby granted, free of charge, to any person obtaining a copy of this e-book, to use, copy and distribute this e-book, subject to the following conditions: The above copyright notice, this permission notice and the following disclaimer shall be included in all copies or substantial portions of the e-book and/or materials provided along with it. The information provided in e-book is for educational and informational purposes only. Any references to third-party products, services, processes, links to third-party web sites mentioned in e-book are provided only for your convenience and for information purposes only. Reference herein to any products, services, processes, links to third-party web sites or other information of third parties or to any trade name, trademark, manufacturer, supplier, etc.
  • Breaking Down Imessage's End-To-End Encryption, and How It

    Breaking Down Imessage's End-To-End Encryption, and How It

    Breaking Down iMessage’s End-to-End Encryption, and How It Got Hacked in iOS 9.3 Xiaoyu Shi Mentor: Ming Chow Part I: Abstract iMessage, as an instant messaging service developed by Apple Inc., is the default messaging application on both iOS and OS X devices. Due to the fact that it is costless and that it is convenient for sending attachments, most users of Apple devices have been using iMessage instead of Short Message Service, or “text messages”. Earlier this year, Eddie Cue, Apple’s senior VP of Internet Software and Services, has disclosed that an many as 200,000 iMessages could be exchanged per second [1]. Besides that, although iMessage is not open source, Apple has published documents asserting that its end-to-end encryption has made iMessage one of the safest means of communication [2]. However, recent concerns of iMessage security have been raised following the discovery of an iMessage security flaw that allows third parties to decrypt attachments to iMessages, like images and videos, if the raw encrypted data has been intercepted. This paper will focus on Apple’s security specifications and its promises to the users, how the end-to-end encryption of iMessage is conducted, and dive into the topic concerning how this vulnerability of iMessage was found. [1] Apple says people send as many as 200,000 iMessages per second http://www.businessinsider.com/eddy-cue-200k-imessages-per-second-2016-2 [2] https://www.apple.com/business/docs/iOS_Security_Guide.pdf 1 Part II: Background 1. Statistics and status quo of Apple devices and iMessage a.
  • Antitrust, Intellectual Property, and the Itunes Ecosystem

    Antitrust, Intellectual Property, and the Itunes Ecosystem

    533 ANTITRUST, INTELLECTU AL PROPERTY, AND THE ITUNES ECOSYSTEM: A STUDY OF THE ANTITRUST IMPLICATIONS OF APPLE’S FAIRPLAY TECHNOLOGY WITH A NOD TO THE PECULIARITIES OF • INTELLECTUAL PROPERTY WILLOW NOONAN* I. INTRODUCTION In December 2008, Apple’s iTunes online music store surpassed Wal- Mart as the largest music retailer in the world.1 In the closely related portable music player market, Apple’s iPod enjoys similar success.2 Undoubtedly, Ap- ple’s insight and innovation won much of this eminence. However, a close look at Apple’s business practices reveals some conduct that draws a suspicious eye from antitrust and intellectual property laws. The first part of this article traces the development of online music and the subsequent proliferation of copyright infringement. The next part outlines the technical details, benefits, and drawbacks of Apple’s iTunes ecosystem, a notable combination of Apple products and services. The third part undertakes a traditional antitrust analysis of Apple’s conduct and suggests the need for dee- per inquiry. The next part investigates how Apple’s conduct implicates intellec- tual property law. The fifth part reviews the doctrine of intellectual property misuse and how it might apply to Apple. The final part revisits the antitrust • 2009 IDEA Student Intellectual Property Writing Competition Winner. * Candidate for Juris Doctor, 2010, The George Washington University Law School. 1 Press Release, Apple, Inc., iTunes Store Top Music Retailer in the US (Apr. 3, 2008), http://www.apple.com/pr/library/2008/04/03itunes.html [hereinafter iTunes Store]. 2 Jessica Hodgson, Leap Year Trips Zune in Black Eye for Microsoft, WALL ST.
  • Extraction Report Apple Iphone Logical

    Extraction Report Apple Iphone Logical

    Extraction Report Apple iPhone Logical Summary Connection Type Cable No. 210 Extraction start date/time 10/04/2016 1:10:13 PM Extraction end date/time 10/04/2016 1:10:25 PM Extraction Type Logical Extraction ID 70792f86-897d-4288-a86c-f5fff7af0208 Selected Manufacturer Apple Selected Device Name iPhone 5C UFED Physical Analyzer version 4.2.2.95 Version type Time zone settings (UTC) Original UTC value Examiner name Redacted Device Information # Name Value Delete 1 Apple ID Redacted 2 Device Name iPhone 3 Display Name iPhone 4 ICCID 89012300000010049886 5 ICCID 89012300000010049886 6 IMEI 358815053266580 7 Is Encrypted False 8 Last Activation Time 01/01/1970 12:17:42 AM(UTC+0) 9 Last Used ICCID 89012300000010049886 10 Phone Number Redacted 11 Phone Number Redacted 12 Product Name iPhone 5c (A1456/A1532) 13 Product Type iPhone5,3 14 Product Version 8.4.1 15 Serial Number F8RQC1WRFFHH 16 Unique Identifier 2A9AA94D1D07EDF57351CEEA7B9E71C56A63312C Image Hash Details (1) No reference hash information is available for this project. # Name Info 1 FileDump Path iPhoneBackup.tar Size (bytes) 56177279 1 Plugins # Name Author Version 1 iPhone Backup Parser Cellebrite 2.0 Parses all iPhone Backup/Logical/FS dumps, including decryption and/or FileSystem creation when necessary 2 CpioExtractor Cellebrite 2.0 Decode all the CPIO files in the extraction 3 iPhone Databases Logical Cellebrite 2.0 Reads various databases on the iPhone, containing notes, calendar, locations, Safari bookmarks, cookies and history, Facebook friends and bluetooth pairings. 4 iPhone device info Cellebrite 2.0 Decodes device infromation for iPhone devices 5 QuicktimeMetadata Cellebrite 2.0 Extracts metadata from Apple quicktime movies 6 Garbage Cleaner 7 DataFilesHandler Cellebrite 2.0 Tags data files according to extensions and file signatures 8 ContactsCrossReference Cellebrite 2.0 Cross references the phone numbers in a device's contacts with the numbers in SMS messages and Calls.
  • MEDENT Video Visit's Troubleshooting Q. What Browsers

    MEDENT Video Visit's Troubleshooting Q. What Browsers

    MEDENT Video Visit’s Troubleshooting Q. What browsers are supported? A. Both the patient and provider are required to have a device with a camera and a microphone. The following operating systems and browsers are currently supported: ▫Android: Chrome, Edge, Opera, Samsung ▫iOS: Safari ▫Windows: Chrome, Firefox, Opera, Edge Chromium Build ▫Mac: Safari, Chrome Cookies can NOT be blocked. Q. How do I allow cookies on Safari on an iPhone A. https://www.whatismybrowser.com/guides/how-to-enable-cookies/safari-iphone ACCESS DENIED message displays in the browser. Solution: The device you are currently connecting from does not have the hardware required for a video visit (e.g., camera, microphone). Try connecting from a different device. UNSUPPORTED message displays in the browser. Solution #1: The browser you are currently connecting from is not supported. Try connecting from a different browser. Solution #2: If Chrome keeps showing Unsupported with the https://medentmobile.com/telemed/ site where it was working before, clear the browser cookies. UNSUPPORTED message displays for the patient when using iOS and a third party email app (GMail, Yahoo, AOL, etc). Solution #1: In iOS, video visits are only supported in Safari and not within third party email apps. If you are using a third party email app, press the video visit link in the email and choose Safari to open the link. After receiving the unsupported message, press the compass icon in the top right corner on an iPad or the bottom right corner on an iPhone. This will open the video visit in a Safari browser in normal mode (instead of full screen mode).
  • Apple at Work Platform Security

    Apple at Work Platform Security

    Apple at Work Platform Security Secure by design. At Apple, we care deeply about security—both for the user and for protecting corporate data. We’ve built advanced security into our products from the ground up, making them secure by design. And we’ve done this in a way that’s in balance with a great user experience, giving users the freedom to work the way they want. Only Apple can provide this comprehensive approach to security, because we create products with integrated hardware, software, and services. Hardware security Secure software requires a foundation of security built into hardware. That’s why Apple devices—running iOS, iPadOS, macOS, tvOS, or watchOS—have security capabilities designed into silicon. These include custom CPU capabilities that power system security features and silicon dedicated to security functions. The most critical component is the Secure Enclave coprocessor in modern iOS, iPadOS, watchOS, and tvOS devices and in all Mac computers with the Apple T2 Security Chip. The Secure Enclave provides the foundation for encrypting data at rest, secure boot in macOS, and biometrics. All modern iPhone, iPad, and Mac computers with a T2 chip include a dedicated AES hardware engine to power line-speed encryption as files are written or read. This ensures that Data Protection and FileVault protect users’ files without exposing long-lived encryption keys to the CPU or operating system. Secure boot of Apple devices ensures that the lowest levels of software aren’t tampered with and that only trusted operating system software from Apple loads at startup. In iOS and iPadOS devices, security begins in immutable code called the Boot ROM, which is laid down during chip fabrication and known as the hardware root of trust.
  • OPINION Defendant-Appellee

    OPINION Defendant-Appellee

    FOR PUBLICATION UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT STACIE SOMERS, On Behalf of No. 11-16896 Herself and All Others Similarly Situated, D.C. No. Plaintiff-Appellant, 5:07-cv-06507- JW v. APPLE, INC., OPINION Defendant-Appellee. Appeal from the United States District Court for the Northern District of California James Ware, District Judge, Presiding Argued and Submitted February 11, 2013—San Francisco, California Filed September 3, 2013 Before: Dorothy W. Nelson, Stephen Reinhardt, and Milan D. Smith, Jr., Circuit Judges. Opinion by Judge Milan D. Smith, Jr. 2 SOMERS V. APPLE, INC. SUMMARY* Antitrust The panel affirmed the district court’s dismissal of a putative class action against Apple, Inc., alleging antitrust violations in connection with Apple’s iPod and iTunes Music Store. The panel held that the plaintiff waived review of the district court’s order denying certification of a class of indirect purchasers of the iPod because she abandoned her underlying individual claim under § 2 of the Sherman Act based on inflated iPod prices. The panel also held that the plaintiff failed to allege sufficient facts to state antitrust claims for damages and injunctive relief. The plaintiff alleged that Apple encoded iTunes Music Store music files with its proprietary Digital Rights Management (DRM), called FairPlay, which rendered the music files and the iPod compatible only with each other. She alleged that through certain software updates, Apple excluded competitors and obtained a monopoly in the portable digital media player and music download markets, which inflated Apple’s music prices and deflated the value of the iPod.