Apple's iCloud facility, which stores iPhone and iPad users' photos and personal data, has a "fundamental security flaw", an expert has warned.
The online service is under scrutiny after intimate images of celebrities were stolen and leaked.
It has emerged that a security measure called two-step verification, which is recommended by Apple, can be bypassed using easily available software that allows access to iCloud back-ups.
Apple declined to comment.
The program still requires hackers to know the user's email address and password, and there is no clear evidence that it was used in the recent breaches.
Two-step verification - which requires a user to type in a short code sent by Apple to their phone or tablet in order to access their account - is supposed to offer an extra level of protection.
On Tuesday, Apple suggested its customers "always use a strong password and enable two-step verification" after it acknowledged that some of its accounts had been compromised by a "very targeted attack".
But one expert said Apple had given people "a false sense of security".
Technology magazine Wired first reported that software from a Russian firm, ElcomSoft, was being mentioned on a hackers discussion group as a useful tool for infiltrating iCloud accounts.
The program, marketed to law enforcement agencies, claims to offer access to iCloud content without the operator needing to be in possession of the iPhone or iPad concerned.
It uses a system devised by Moscow-based computer programmer Vladimir Katalov, which downloads copies of iCloud data.
It is not known whether the facility was utilised by those who stole naked images of Jennifer Lawrence and others.
The online service is under scrutiny after intimate images of celebrities were stolen and leaked.
It has emerged that a security measure called two-step verification, which is recommended by Apple, can be bypassed using easily available software that allows access to iCloud back-ups.
Apple declined to comment.
The program still requires hackers to know the user's email address and password, and there is no clear evidence that it was used in the recent breaches.
Two-step verification - which requires a user to type in a short code sent by Apple to their phone or tablet in order to access their account - is supposed to offer an extra level of protection.
On Tuesday, Apple suggested its customers "always use a strong password and enable two-step verification" after it acknowledged that some of its accounts had been compromised by a "very targeted attack".
But one expert said Apple had given people "a false sense of security".
Technology magazine Wired first reported that software from a Russian firm, ElcomSoft, was being mentioned on a hackers discussion group as a useful tool for infiltrating iCloud accounts.
The program, marketed to law enforcement agencies, claims to offer access to iCloud content without the operator needing to be in possession of the iPhone or iPad concerned.
It uses a system devised by Moscow-based computer programmer Vladimir Katalov, which downloads copies of iCloud data.
It is not known whether the facility was utilised by those who stole naked images of Jennifer Lawrence and others.
No comments:
Post a Comment