The data that Apple does store is kept for good reason… expand full story
Elcomsoft Stories February 9, 2017
Elcomsoft Stories December 18, 2014
Phone Breaker iCloud-hacking software now supports 2FA, allows access to WhatsApp & iWork files
Elcomsoft’s Phone Breaker software, used by law enforcement agencies but also thought to have been used by iCloud hackers to access celebrity nudes, has been updated to support accounts using two-factor authentication, reports MacWorld. It can also now access WhatsApp message files and iWork documents.
It’s not as scary as it sounds – the software can only be used once the attacker already has an Apple ID and password, together with either a second trusted device or your recovery key. A phishing attack is the most common way to obtain these, so as long as you use strong, unique passwords and don’t click on links in emails claiming to be from Apple, you should be safe. But it does allow users of the software to download either entire iPhone backups or selected data direct from iCloud much more easily than having to go through a compromised device by hand.
The more security-conscious will, though, want to heed Apple’s advice not to store your account recovery code on any of your devices: the software can automatically scan both your Mac and any external drives for these.
If you don’t yet have a recovery code for your Apple ID, do get one: even an unsuccessful hack attempt can lock you out of your account, and without a recovery key, there’s no way back in.
Elcomsoft Stories September 3, 2014
A forensics consult and security researcher who analyzed metadata from leaked photos of Kate Upton said that the photos appear to have been obtained using software intended for use by law enforcement officials, reports Wired. The software, Elcomsoft Phone Password Breaker (EPPB), allows users to download a complete backup of all data on an iPhone once the iCloud ID and password have been obtained.
If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages …