Many of the compromising photos from the cache of celebrity photos leaked last month were obtained by hackers spoofing a target’s iCloud account to download an unencrypted backup of the target’s phone.
Despite being the standard advice offered by both Apple and the media, turning on iCloud two-factor authentication (or “two step verification,” as [company]Apple[/company] calls it) actually did nothing protect to users from this specific attack vector. CEO Tim Cook promised change in the Wall Street Journal and, true to his word, Apple turned on two-factor back on earlier today. According to Ars Technica, it now covers the backups that most of the leaked nudes came from.
The problem with Apple’s implementation was that two-factor didn’t cover iCloud device backups or Find My iPhone. So while photos or emails may have been protected under two-factor authentication, hackers using tools like Elcomsoft Phone Password Breaker could download complete phone backups…
View original post 138 more words