Skip to main content

Apple's Two Factor Authentication Doesn't Protect iCloud Backups Or Photo Streams

posted onSeptember 3, 2014
by l33tdawg

L33tdawg: Hate to say we told you so, but well, Vladimir Katalov did - last year at that! Take a look at his presentation slides (PDF) if you haven't already

One of the common bits of advice you’ll see people giving you around this celebrity picture hack is to enable two-factor authentication on your accounts — including Apple’s. That’s good advice, but it wouldn’t have protected any of these celebrities and it doesn’t protect the other accounts that are compromised by hackers that are able to obtain an Apple ID email and password.

While Apple has offered two-factor authentication on accounts for some time now, there is an omission in that system that hackers are taking advantage of. iCloud backups are not protected by two-factor authentication, and can be installed on new devices with only an Apple ID and password.

Of course, that’s still a very big ‘only’. Your email and password are as much protection as almost any service on earth offers you by default — and once a hacker obtains those you’re probably in trouble in any case. The early evidence, and Apple’s statement on the matter, indicates that hackers obtained passwords through guessing security questions, social engineering, phishing or other ‘targeted’ attacks — rather than a leak of the password data itself by Apple. Notably, access to iPhone backups can also be accessed using an authentication token (a file created by iTunes) which can be obtained using malware or phishing — and which does not require a password at all.

Source

Tags

iCloud Apple Security Privacy HITB2013KUL

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th