iCloud hack Stories July 4, 2016

One of the men behind the ‘Celebgate‘ phishing attack has pleaded guilty to accessing more than 300 iCloud and Gmail accounts, including ‘at least 30’ belonging to celebrities. The plea was announced by the U.S. Attorneys Office for the Central District of California.

Edward Majerczyk, 28, who resides in Chicago and Orland Park, Illinois, was named in a criminal information filed today in United States District Court in Los Angeles. Majerczyk has signed a plea agreement in which he agrees to plead guilty to a felony violation of the Computer Fraud and Abuse Act, specifically, one count of unauthorized access to a protected computer to obtain information.

Another of the Celebgate offenders, Ryan Collins, also took a plea back in March in return for a recommended sentence of 18 months …

expand full story

iCloud hack Stories January 14, 2015

More than four months after Tim Cook promised emailed login alerts and the reintroduction of two-factor authentication in the wake of the high-profile celebrity iCloud hacks, five Apple logins remain unprotected by the system. Hackers of NY founder Dani Grant used videos to demonstrate each of the vulnerabilities in a blog post.

Grant showed that two-factor authentication isn’t needed when using an unknown Mac to login to iMessage, iTunes, FaceTime, the App Store or Apple’s website. According to Grant, only one of the five services sent an email notification advising that an unknown device was used to log in …  expand full story

Sylvania HomeKit Light Strip

iCloud hack Stories December 18, 2014

Phone Breaker iCloud-hacking software now supports 2FA, allows access to WhatsApp & iWork files

Elcomsoft’s Phone Breaker software, used by law enforcement agencies but also thought to have been used by iCloud hackers to access celebrity nudes, has been updated to support accounts using two-factor authentication, reports MacWorld. It can also now access WhatsApp message files and iWork documents.

It’s not as scary as it sounds – the software can only be used once the attacker already has an Apple ID and password, together with either a second trusted device or your recovery key. A phishing attack is the most common way to obtain these, so as long as you use strong, unique passwords and don’t click on links in emails claiming to be from Apple, you should be safe. But it does allow users of the software to download either entire iPhone backups or selected data direct from iCloud much more easily than having to go through a compromised device by hand.

The more security-conscious will, though, want to heed Apple’s advice not to store your account recovery code on any of your devices: the software can automatically scan both your Mac and any external drives for these.

If you don’t yet have a recovery code for your Apple ID, do get one: even an unsuccessful hack attempt can lock you out of your account, and without a recovery key, there’s no way back in.

Via Engadget

iCloud hack Stories September 25, 2014

The software developer credited by Apple for discovering last year’s developer center flaw says that he informed Apple of an iCloud weakness that may have been used to obtain celebrity nudes more than six months before the photos were accessed.

The Daily Dot reports that Ibrahim Balic advised Apple in March of a Find My Phone weakness that would allow brute-force attacks on iCloud accounts. It has been suggested that this may have been one of the methods used to access the accounts – or even complete iPhone backups – of celebrities …  expand full story

iCloud hack Stories September 18, 2014

Apple briefs Congress in its continuing effort to promote its privacy credentials

Politico reports that Apple briefed a Congressional committee on the security and privacy of its products following concerns raised by the celebrity nudes story.

A week after Apple rolled out new products that track users’ health and fitness, the company dispatched its executives to Capitol Hill to address emerging privacy and security concerns […]

Bud Tribble, the company’s chief technology officer, and Afshad Mistri, its health product manager, briefed the powerful House Energy and Commerce Committee, according to three congressional sources.

Apple is clearly focusing on communicating its commitment to securing user data. Tim Cook yesterday published a letter on the company’s website addressing the issue. Apple also added a new webpage specifically focusing on the security credentials of iOS, OS X and its cloud services.

While it now appears clear that the methods used to obtain celebrity nudes from iCloud were a combination of phishing and weak security questions rather than any fundamental weakness in the service itself, Apple will be keenly aware that perceptions matter as much as, if not more than, facts.

Photo credit: Wikipedia

iCloud hack Stories September 8, 2014

A YouGov survey of more than 1,000 American consumers commissioned by security company Tresorit found that just over a third of them have taken steps to beef-up their online security in response to the iCloud hacks.

The most common response was to change passwords for stronger ones, with 13 percent creating different passwords for each online service and 6 percent enabling two-step verification …  expand full story

Powered by WordPress.com VIP