4 posts / 0 new
Last post
bigboss's picture
Offline
Last seen: 5 hours 12 min ago
Joined: 25/03/2009 - 21:40
Posts: 12705
iCloud security issues

So it transpires that iCloud isn't secure enough & makes you more vulnerable to data theft.

http://www.theregister.co.uk/2012/05/17/elcomsoft_data_retrieval_tool/

Paul.'s picture
Offline
Last seen: 1 day 14 hours ago
Joined: 26/11/2010 - 21:44
Posts: 2956
RE: iCloud security issues

I don't get it... They need the username and password to access iCloud, they suggest having access to the phone or offline backup and breaking in to get the Apple ID, but everything on iCloud is already on the phone (or backup) anyway that you have just broken in to?  So whats the point?

Seems a bit like saying I can hack your gmail account, if I stand over your shoulder and watch you type your password in Smile

bigboss's picture
Offline
Last seen: 5 hours 12 min ago
Joined: 25/03/2009 - 21:40
Posts: 12705
RE: iCloud security issues

There are ways to get the password. That's not difficult.

http://securityxploded.com/apple-itunes-password-decryptor.php

http://www.elcomsoft.com/eppb.html

http://www.elcomsoft.com/iphone-forensic-toolkit.html

It's called "password breaker" & that you can "recover passwords". What does that mean then?

Basically, it is now possible to access your information without the need for access to your physical phone.

Apparently meant for Forensic use only. But if it is indeed possible, nothing to stop hackers from creating something similar.

Paul.'s picture
Offline
Last seen: 1 day 14 hours ago
Joined: 26/11/2010 - 21:44
Posts: 2956
RE: iCloud security issues

But that software requires acces to the host machine of the iPhone.  The itunes password needs to be saved in a web browser, firstly why would you enter the password in to a browser outside of iTunes? If you did, why would you alow a browser to save your password with credit card info attached? Finally, why would you save your password on someone else's machine?

 

Its safe to assume that the majority of people arnt stupid enough to save credit card bearing passwords on other peoples machines, so the hacker has to have access to the iPhone owners host computer anyway, and already has access to the mobilesync folder without expensive software.  You can just backup a blank iPhone from this file and wander off with the data anyway?

 

By the way, I'm not arguing the safety of the iPhone, I'm not deluded enough to think that.  I'm just arguing the pointlessness of this software, and I don't tend to like the tone of articles that drop 'fanboi'.  Did you notice the reg article stated 'marketed at' law enforcement agencies and not 'only available to'?

Log in or register to post comments