Two-factor authentication for iCloud now protects user backups

Gigaom

Many of the compromising photos from the cache of celebrity photos leaked last month were obtained by hackers spoofing a target’s iCloud account to download an unencrypted backup of the target’s phone.

Despite being the standard advice offered by both Apple and the media, turning on iCloud two-factor authentication (or “two step verification,” as [company]Apple[/company] calls it) actually did nothing protect to users from this specific attack vector. CEO Tim Cook promised change in the Wall Street Journal and, true to his word, Apple turned on two-factor back on earlier today. According to Ars Technica, it now covers the backups that most of the leaked nudes came from.

The problem with Apple’s implementation was that two-factor didn’t cover iCloud device backups or Find My iPhone. So while photos or emails may have been protected under two-factor authentication, hackers using tools like Elcomsoft Phone Password Breaker could download complete phone backups…

View original post 138 more words

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s