Skip to main content

Phone Breaker iCloud-hacking software now supports 2FA, allows access to WhatsApp & iWork files

Elcomsoft’s Phone Breaker software, used by law enforcement agencies but also thought to have been used by iCloud hackers to access celebrity nudes, has been updated to support accounts using two-factor authentication, reports MacWorld. It can also now access WhatsApp message files and iWork documents.

It’s not as scary as it sounds – the software can only be used once the attacker already has an Apple ID and password, together with either a second trusted device or your recovery key. A phishing attack is the most common way to obtain these, so as long as you use strong, unique passwords and don’t click on links in emails claiming to be from Apple, you should be safe. But it does allow users of the software to download either entire iPhone backups or selected data direct from iCloud much more easily than having to go through a compromised device by hand.

The more security-conscious will, though, want to heed Apple’s advice not to store your account recovery code on any of your devices: the software can automatically scan both your Mac and any external drives for these.

If you don’t yet have a recovery code for your Apple ID, do get one: even an unsuccessful hack attempt can lock you out of your account, and without a recovery key, there’s no way back in.

Via Engadget

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Andrew Messenger - 10 years ago

    “the software can only be used once the attacker already has an Apple ID and password, together with either a second trusted device or your recovery key.”

    pardon my ignorance but… isn’t this also called “logging in?”

    • Ben Lovejoy - 10 years ago

      The difference is the software allows you to download either entire device backups, or specified information. It’s much, much faster than trying to access it manually.

      • Andrew Messenger - 10 years ago

        ah okay. so it’s what the software does when you have all the authentication information in your possession that matters.

      • Ben Lovejoy - 10 years ago

        Yep – I’ve added a few extra words to clarify this.

  2. airmanchairman - 10 years ago

    The Divine Secure Enclave on the Mystical A8x Processor… the final frontier.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications