Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hacker Team Claims Compromise of Apple's iCloud and Activation Lock, Possibly via SSL Bug [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Like the stupid SSL bug that was there for at least a year if not more. Or even this one that Apple was notified about and apparently hasn't done anything about it so far. Apple might be good, but that doesn't mean they are the best and should just blindly be trusted and defended all the time.
I may be alone but I really don't see the big deal even IF this is true. If my phone was stolen and I remote wiped it and activation locked it I feel I have done my best and Apple has provided me with the tools to do my best.
This is like if someone broke into my house stole my safe with all my valuables and then used a plasma torch to open it. Do I run to my safe company and say how dare you make a safe so easy to break into? No I don't.
This is going to turn into a thing where people over react and demand we have security like a Mission Impossible self destructing phone that can be enabled through iCloud (sad that Im joking and at the same time not)
So basically I think this will be patched if its a real vulnerability and in the end keep an eye on your stuff so it doesn't get stolen, have some personal responsibility because in the end if your phone or anything else gets stolen you're already beat. thats my 2cents
This is like if someone broke into my house stole my safe with all my valuables and then used a plasma torch to open it. Do I run to my safe company and say how dare you make a safe so easy to break into? No I don't.
This is going to turn into a thing where people over react and demand we have security like a Mission Impossible self destructing phone that can be enabled through iCloud (sad that Im joking and at the same time not)
So basically I think this will be patched if its a real vulnerability and in the end keep an eye on your stuff so it doesn't get stolen, have some personal responsibility because in the end if your phone or anything else gets stolen you're already beat. thats my 2cents
Last edited:
A serious company has basic functionality tests in place for critical security components.
We know Apple does not.
Is this the same community that informed Google of a major flaw that allowed phones to be taken over 8 months before going public.
We won't know how they did this until they release it, but if they can spoof Apple's iCloud servers, as the article says, they can do a lot more than unlock a stolen phone. They could intercept data passing between the phone and the server, possibly send malware to the device by pretending to be the Apple server, and could probably do other things as well, including stealing your passwords.
Hopefully they'll present this at Blackhat or Defcon with the details.
so basically the problem is having a windows machine!
No, the Windows machine is used to spoof Apple's servers and the iPhone. It is iPhones that are being at risk.
I imagine this will be solved with a simple iOS update and a change of Apple's server.
That being said -- on a similar topic - Now that Activation Lock exists, it is astonishing to me the sheer amount of iCloud locked iPhones on eBay that are pretty much only good for parts/trash. On the one hand, yes it might keep phones in the owners possession, but on the other hand, it creates a lot of garbage that will end up in the landfill.
Possibly even more surprising to me is that people are paying almost full price for these locked phones
Its actually ok apparently these hackers bought 30,000 of them
From Apple's website:
"With an easy-to-use interface, amazing features, and security at its core, iOS 7 is the foundation of iPhone, iPad, and iPod touch". Perhaps that's why.
So a hack that took five months of studying to exploit should be found in "basic functionality test"????
Newsflash....everything is hackable. With the right amount of time, equipment, skill and willpower nothing is completely 100% without any doubt invulnerable.
I'm a little hesitant to take hackers 100% at their word and say Apple hasn't done ANYTHING. Its true Apple hasn't done anything PUBLICLY - but you and I have no clue what's going on behind closed doors.
Moral of the story - Apple is better than most. With the rise of cyber crime and hacking happening, no one is safe. Companies are going to need to make HUGE investments in cyber security to stay ahead of the curve. Apple isn't exempt from any of that, but they also aren't alone.
----------
Ok? So because they say "security" is at the core of iOS 7 that means it HAS to be invulnerable or else we go on a tirade about how Apple lies and doesn't do anything about the issues they have?
Please....
GoToFail? Yes, it was a basic functionality failure.
SecureTransport has few specific jobs. One is to encrypt and decrypt data between you and another peer, and the second is to verify the identify of the other peer during the initial key/certificate exchange.
The security flaw was that it was never doing the second part; leaving it vulnerable to generic identity spoofing.
Apple will use this excuse to deny giving NSA access to there servers but looks like apple did it intentionally to let them in. Funny how folks beleive apple is trustworthy when they leave back doors open. Google, Microsoft, apple and the rest of them, minus BB seem to be leaving holes so governments can access. But now the other bad guys found the hole and exploit it. Way to go Apple.
The sad thing is there are many things these people could spend their time hacking where the accomplishment isn't exclusively aimed towards helping thieves use their stolen property.
There's copyright infringement where no one is hurt by another digital copy existing and then there's actual stealing of a physical thing where the owner's loss is total and absolute.
There's copyright infringement where no one is hurt by another digital copy existing and then there's actual stealing of a physical thing where the owner's loss is total and absolute.
Translation is difficult.. The original article does not state that the hackers unlocked 30.000 iPhones. The hackers said that 30.000 iPhones were unlocked. It does not say who did this.
