Apple's iCloud susceptible to hacking say experts
LONDON: Experts have warned about Apple's iCloud facility, which stores iPhone and iPad users' photos and personal data, saying that it has a 'fundamental security flaw.'
According to experts, two-step verification for the online service, which is under scrutiny after intimate images of celebrities were stolen and leaked, can be bypassed using easily available software that allows access to the back-ups, the BBC reported.
The program still requires hackers to know the user's email address and password, and there is no clear evidence that it was used in the recent breaches.
Technology magazine Wired first reported that software from a Russian firm, ElcomSoft, was being mentioned on a hackers discussion group as a useful tool for infiltrating iCloud accounts, which claims to offer access to iCloud content without the operator needing to be in possession of the iPhone or iPad concerned.
It uses a system devised by Moscow-based computer programmer Vladimir Katalov, which downloads copies of iCloud data and it is not known whether the facility was utilised by those who stole naked images of Jennifer Lawrence and others.
Vladimir Katalov said his software can be used for both "good and bad" and although he could not be "100% sure", he believed the software was used in the recent celebrity hacks, as ElcomSoft's program is "the only one able to do that."
He added that while his company "didn't like it much" when the software was used for illegal purposes, it had sold the system to individuals, as well as authorities, while other security experts said that Apple's advice about two-step verification was possibly misleading and some experts said that the holes in Apple's two-step verification system amounted to a "fundamental security flaw" and that it was "like double locking your front door and leaving the window open."
LONDON: Experts have warned about Apple's iCloud facility, which stores iPhone and iPad users' photos and personal data, saying that it has a 'fundamental security flaw.'
According to experts, two-step verification for the online service, which is under scrutiny after intimate images of celebrities were stolen and leaked, can be bypassed using easily available software that allows access to the back-ups, the BBC reported.
The program still requires hackers to know the user's email address and password, and there is no clear evidence that it was used in the recent breaches.
Technology magazine Wired first reported that software from a Russian firm, ElcomSoft, was being mentioned on a hackers discussion group as a useful tool for infiltrating iCloud accounts, which claims to offer access to iCloud content without the operator needing to be in possession of the iPhone or iPad concerned.
It uses a system devised by Moscow-based computer programmer Vladimir Katalov, which downloads copies of iCloud data and it is not known whether the facility was utilised by those who stole naked images of Jennifer Lawrence and others.
Vladimir Katalov said his software can be used for both "good and bad" and although he could not be "100% sure", he believed the software was used in the recent celebrity hacks, as ElcomSoft's program is "the only one able to do that."
He added that while his company "didn't like it much" when the software was used for illegal purposes, it had sold the system to individuals, as well as authorities, while other security experts said that Apple's advice about two-step verification was possibly misleading and some experts said that the holes in Apple's two-step verification system amounted to a "fundamental security flaw" and that it was "like double locking your front door and leaving the window open."
No comments:
Post a Comment