Skip to main content

Lack of two-factor authentication allows remote iCloud data download

posted onOctober 24, 2013
by l33tdawg

Russian security researcher Vladimir Katalov analyzed Apple's secretive iCloud and Find My Phone protocols to discover that neither are protected by two-factor authentication, and iCloud data can be downloaded remotely without a user ever knowing.

In "Cracking and Analyzing Apple’s iCloud Protocols," presented to a crowded room at Hack In The Box security conference last Thursday in Kuala Lumpr, Malaysia, Vladimir Katalov revealed that user information and data is not as inaccessible as Apple is telling the public.

Katalov's findings appear to support his emphatic statement that Apple can access data it claims to not be able to access. A malicious attacker only needs an Apple ID and password to perform remote iCloud backups — and do not need the user's linked devices. He explained that there is no way for a user to encrypt their iCloud backups.

Source

Tags

Apple iCloud Security HITB2013KUL

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th