During the presentation of the iPhone 6 and Watch theme party security has been bypassed.But since the publication of intimate pictures of the hacked iCloud Hollywood stars took only ten days.
Meanwhile, from the date of leak Apple has blocked the function of infinite password when Find My iPhone, through which is supposed to have occurred hacking accounts. Other methods of protection until just cooked, and their release is expected soon. In turn, security researchers from Ars Technica, writes Gazeta, tested how difficult now to hack iCloud, and found that it can be done in at least two ways.
Method One: Advanced
With this technique, the researchers extract the image of your smartphone, which is automatically saved to iCloud and allows you to restore if necessary, all data in minutes. In its work, the experts used the program Elcomsoft Phone Password Breaker (EPPB) and Elcomsoft iOS Forensic Toolkit (EIFT). EIFT - is a program designed to upload the backup to your computer directly from your smartphone.
However, backup, even downloaded to your computer is an encrypted file. It is in order to decrypt it, and need a second program, EPPB. It is intended primarily for law enforcement agencies, and because the developer strictly monitors its spread. The solution allows the method of selection of the encryption key to produce an image with all the necessary information.
Hack iPhone 5s directly was not so easy: open code 64-bit ARM processor program EIFT not yet know how, and because the system image to upload from your smartphone on a wire failed. But the iPhone 4 with an older version of iOS 5.1 «cleared» your encrypted file without a problem, and it can already be easily hacked.
In fact, no matter how obtained backup smartphone: it can be stored on your computer by standard means of iTunes.
Likewise, the image downloaded from iCloud, easily succumbed to breaking through EPPB: developers have reported that the method of key recovery file has been opened for two days on a weak computer with a processor Intel Atom. C powerful machine, this process will occur significantly faster.
Method two: simple
This method does not need to do anything to break, you need to find your Apple ID and password, as well as "empty" iPhone. Get username and password from iCloud, you can simply phishing email or by using the password recovery function.
You can restore the backup on any smartphone, enough for it with a clean iPhone log in iCloud. Once an attacker enters the username and password of the victim, he gets in a full copy of the smartphone: with photos, history calls, correspondence and so on.
Moreover, through the web interface, you can activate iCloud Find My iPhone on a map and track the movement of the victim in the case, if it is your smartphone with you. With iCloud, you can upload the site, all data that are synchronized in the cloud, photos, videos, browser history, phone calls, correspondence and so on.
To cope with the second method should be activation of two-factor authentication . When it except the login and password attackers will also need to enter a special code received by SMS or email. However, experts believe that it will not be enough: in their view, the requirement to put a finger on the scanner Fingerprint Touch ID would be much more reliable. In addition, the researchers said, that Apple should be encrypted backups themselves more serious.