Home Forums Smartphones & tablets Apple iPhone iCloud security issues

Have your say & ask the experts!

iCloud security issues

3 replies [Last post]
Sat, May 19 2012, 12:23AM
bigboss
bigboss's picture
Online
Joined: 25 Mar 2009
Posts: 9448

So it transpires that iCloud isn't secure enough & makes you more vulnerable to data theft.

http://www.theregister.co.uk/2012/05/17/elcomsoft_data_retrieval_tool/

__________________

My Home Cinema  Pioneer KRP 500A, Yamaha RX-V1900, MA Radius R225HD LCR, R90HD rears, AW12 sub, Panasonic BD60, PS3, Boxee Box, Sky HD, Boxee Box, Logitech Harmony One, Logitech PS3 Adapter, Sonos ZP90

Bedroom Samsung UE32C6510, PS3 slim white, Apple TV, Sonos S5, Sonos ZP90, Audioengine 2, Oppo OPDV971H

Miscellaneous: Synology DS212J + 2 X WD Red 2TB drives, WD 1TB NAS, Sonos ZoneBridge, BT HH3 as modem & AirPort Extreme router

Top
Sat, May 19 2012, 1:15AM
#1
Paul.
Paul.'s picture
Offline
Joined: 26 Nov 2010
Posts: 2406
RE: iCloud security issues

I don't get it... They need the username and password to access iCloud, they suggest having access to the phone or offline backup and breaking in to get the Apple ID, but everything on iCloud is already on the phone (or backup) anyway that you have just broken in to?  So whats the point?

Seems a bit like saying I can hack your gmail account, if I stand over your shoulder and watch you type your password in Smile

__________________

Paul's BR/805 system thread

(where the photos live) Paul's Flickr page

Top
Sat, May 19 2012, 6:56AM
#2
bigboss
bigboss's picture
Online
Joined: 25 Mar 2009
Posts: 9448
RE: iCloud security issues

There are ways to get the password. That's not difficult.

http://securityxploded.com/apple-itunes-password-decryptor.php

http://www.elcomsoft.com/eppb.html

http://www.elcomsoft.com/iphone-forensic-toolkit.html

It's called "password breaker" & that you can "recover passwords". What does that mean then?

Basically, it is now possible to access your information without the need for access to your physical phone.

Apparently meant for Forensic use only. But if it is indeed possible, nothing to stop hackers from creating something similar.

__________________

My Home Cinema  Pioneer KRP 500A, Yamaha RX-V1900, MA Radius R225HD LCR, R90HD rears, AW12 sub, Panasonic BD60, PS3, Boxee Box, Sky HD, Boxee Box, Logitech Harmony One, Logitech PS3 Adapter, Sonos ZP90

Bedroom Samsung UE32C6510, PS3 slim white, Apple TV, Sonos S5, Sonos ZP90, Audioengine 2, Oppo OPDV971H

Miscellaneous: Synology DS212J + 2 X WD Red 2TB drives, WD 1TB NAS, Sonos ZoneBridge, BT HH3 as modem & AirPort Extreme router

Top
Sat, May 19 2012, 10:44AM
#3
Paul.
Paul.'s picture
Offline
Joined: 26 Nov 2010
Posts: 2406
RE: iCloud security issues

But that software requires acces to the host machine of the iPhone.  The itunes password needs to be saved in a web browser, firstly why would you enter the password in to a browser outside of iTunes? If you did, why would you alow a browser to save your password with credit card info attached? Finally, why would you save your password on someone else's machine?

 

Its safe to assume that the majority of people arnt stupid enough to save credit card bearing passwords on other peoples machines, so the hacker has to have access to the iPhone owners host computer anyway, and already has access to the mobilesync folder without expensive software.  You can just backup a blank iPhone from this file and wander off with the data anyway?

 

By the way, I'm not arguing the safety of the iPhone, I'm not deluded enough to think that.  I'm just arguing the pointlessness of this software, and I don't tend to like the tone of articles that drop 'fanboi'.  Did you notice the reg article stated 'marketed at' law enforcement agencies and not 'only available to'?

__________________

Paul's BR/805 system thread

(where the photos live) Paul's Flickr page

Top