Commentary #2 – Apple’s Two Factor Authentication Should Apply to iCloud Backups
Watch my Google multifactor how to: https://www.youtube.com/watch?v=E-qIJp0hNB8
A number of celebrities had their privacy significantly violated this week when their Apple iCloud accounts were compromised and photo backups were downloaded by unauthorized individuals.
While Apple is correct in saying their security system was not compromised, they could be doing more to help users protect their data.
Normally this sort of attack is preventable by enabling two factor or two step authentication on an account. This method of authentication requires entering a code after a username and password is accepted. The code is either pushed to a mobile device or is generated on the device using an authentication app. It combines something the user has (the mobile device) plus something they know (their user name and password).
This means that even if a hacker obtained a user name and password they could not access the account without having physical access to the mobile phone.
Apple has a two factor authentication system, and the company recommended that users enable it this week in the wake of the celebrity hacking incident. That would be great advice if the company’s two factor system actually protected device backups stored on iCloud. It unfortunately does not.
Apple’s two factor authentication is used only for making payment or email changes to an account, or when purchasing an app, album, or book on a device that hasn’t previously been used with that Apple account before. It does not protect any iCloud features including email, photos, and full system backups.
Russian security firm Elcomsoft’s Phone Password Breaker is able to log in and download iCloud device backups without any second factor authentication. It just needs a user name and password to access a user’s account and grab everything – including photos, call logs, and other personal data. The software is used by law enforcement agencies but is also available as a $200 download to anyone.
In the past a good password was usually good enough. But now as more and more websites are compromised and user information is stolen, having that second authentication factor is becoming more and more critical to securing personal data.
Apple needs to act quickly to extend its two factor authentication to all of its services like its competitors Microsoft and Google already do.
Subscribe to my email list to get a weekly digest of upcoming videos! – http://lon.tv/email
Visit the Lon.TV store to purchase some of my previously reviewed items! http://lon.tv/store
Want to help the channel? Start a Patreon subscription!
Follow me on Facebook!
Follow me on Twitter!
Follow me on Google+
- “You’re the Key” Information Security News – 2/4/16
- Your Own iCloud Bypass Server
- What Is Future Of Cloud Computing? Cyber Security Expert Scott Schober On CCTV
- Vladimir KATALOV – Cracking and analyzing iCloud protocols [EN]
- Use Security Code to turn on iCloud Keychain?
- Urgent !! How To Remove iCloud Without Password ON All iOS 10 Version And Turn OFF Find my iPhone
- Urgent !! How To Bypass iCloud Without Password ON All iOS 10 Version And Turn OFF Find my iPhone
- Unlock iPhone 5s Without Fingerprint Bypass Password Security
- Tutorial – How to Fix/Unlock iCloud Locked iPhone – Disable Find My iPhone – iOS 7.1.1
- The Police Tool Pervs Use To Hack iCloud – #NewWorldNextWeek
- The entered icloud cannot be used to unlock this iPhone… why? – iPhone 4S
- The Celebrity iCloud iBrute iHack: Security Now 471
- Terraria iOS Hacked iCloud Account (2) (Still Working)
- Terraria icloud giveaway (CLOSED)
- Terraria Hacked iCloud World For Mobile HAS EVERY ITEM !!!
- Spy Camera Tiny Mini DV MD80 In Depth Review And Instructions