Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hackers Using Law Enforcement Tools to Access iCloud Backups Unprotected by Two-Factor Authentication
- Thread starter MacRumors
- Start date
- Sort by reaction score
Unfortunately we don't have any apple store around and when I visited one in Australia they could not help me. Apple servers automatically put the code +33 on front of our phone numbers in their 2-factor form when they should give us the possibility to enter a different international code. But we are such a small number of people that this would be a miracle if it was implemented...
Search the forums. There was a period where, if you had Address Book contacts on your desktop, there was no way to get the address book contacts onto your iPhone, except via iCloud. No other way.
In fact, I think I even had a post on these forums about it.
Only recently was it reverted back to where you can once again do a local iTunes sync. This was a huge problem, many people complaining.
Here is the post, one of several complaining about it at the time: https://forums.macrumors.com/threads/1659397/
IMO, Apple's 2 factor verification isn't really 2 factor authentication and shouldn't be called that - it's only used in limited situations whereas true 2 factor authentication would be used every time you access the account for any reason from an untrusted device
Even Microsoft do it properly for outlook.com accounts (including single use app passwords for things like IMAP access that don't support the 2 factor auth with a separate verification code) - Apple really need to step up and get it implemented properly!
Even Microsoft do it properly for outlook.com accounts (including single use app passwords for things like IMAP access that don't support the 2 factor auth with a separate verification code) - Apple really need to step up and get it implemented properly!
Easiest way to prevent naked photos of yourself to be stolen, is to not have naked pics of you taken. They all consented to the photos or took them themselves, it's not like this was a peeping tom. In this digital age, famous young girls especially should keep this in mind.
It's fine to expect privacy, but to take pics that you would be mortified and want to die if they were released to the net, then store them in the cloud is just not smart and they are at fault somewhat too. think "what if this leaks" before every pic you have taken. I'm sure most boob shots would be like "who cares" and carry on.
----------
strange, I have always synced contacts manually in itunes, never noticed a time that didn't work. I also have gone long periods between phone syncs/updates though.
This is on the Drudge Report right now. Links to a Daily Mail article that is 2 days old.
Go to the Daily Mail website and they have an entire section devoted to what they call the "Apple hacking scandal". Quite irresponsible to call it an Apple hacking scandal considering the fact that there is no conclusive evidence that iCloud was hacked (and Apple says it wasn't) or that FMI brute force was the source.
Color me highly skeptical that it's just a coincidence this leaks now right before Apple has a big event scheduled.
Go to the Daily Mail website and they have an entire section devoted to what they call the "Apple hacking scandal". Quite irresponsible to call it an Apple hacking scandal considering the fact that there is no conclusive evidence that iCloud was hacked (and Apple says it wasn't) or that FMI brute force was the source.
Color me highly skeptical that it's just a coincidence this leaks now right before Apple has a big event scheduled.
€100.000 or €1.000.000, from one (zero more) I can live the rest of my life on Bali without a job, the other not so much.
Words make a big difference and even one word changed can change the context and meaning of a sentence or a whole article.
In this case, the word 'using' in the title implies that the law enforcement tools are being used against iCloud. Change 'using' to 'may be using' removes the implication altogether and leaves the door open to other possibilities of different tools being used against iCloud or none at all.
The first interpretation makes a statement from authority while the second does not.
Words mean things.
I don't use either one, but I'm still shocked to find out that two-factor verification is not used through the iCloud service.
Are you also depressed over the world?
It's just ****ing sad that this kind of abusive is happening.
That celebrities are harassed like this.
Calling these celebrities stupid, etc. for having these pictures and videos on iCloud is just victim blaming. Yeah, I wouldn't keep that **** on the cloud, but that doesn't mean it's not their right to keep their private files on their private cloud.
It makes me sick to think of the people who attained and published the pictures and videos. To violate another human being's privacy like that.
It's just ****ing sad that this kind of abusive is happening.
That celebrities are harassed like this.
Calling these celebrities stupid, etc. for having these pictures and videos on iCloud is just victim blaming. Yeah, I wouldn't keep that **** on the cloud, but that doesn't mean it's not their right to keep their private files on their private cloud.
It makes me sick to think of the people who attained and published the pictures and videos. To violate another human being's privacy like that.
Great piece from Matthew Panzarino on Tech Crunch:
http://techcrunch.com/2014/09/02/why-apple-should-be-more-transparent-about-security/
While I think this leak was a concerted effort to tarnish Apple's reputation right before a big event I still think Apple needs to get better at cloud services and security. If WWDC told us anything it's that Apple is making a big bet on iCloud. This stuff needs to "just work" and not have people concerned that their data isn't secure. Perhaps Cook needs to split up Eddy Cue's duties and bring someone on to the executive team who's really experienced in cloud services to oversee iCloud and all Apple's back end stuff.
http://techcrunch.com/2014/09/02/why-apple-should-be-more-transparent-about-security/
While I think this leak was a concerted effort to tarnish Apple's reputation right before a big event I still think Apple needs to get better at cloud services and security. If WWDC told us anything it's that Apple is making a big bet on iCloud. This stuff needs to "just work" and not have people concerned that their data isn't secure. Perhaps Cook needs to split up Eddy Cue's duties and bring someone on to the executive team who's really experienced in cloud services to oversee iCloud and all Apple's back end stuff.
...to put nude photos and/or porn of any kind on the cloud?
How incredibly stupid. Like putting it up on the web and hoping no one will see it.
One would think that the worlds most valuable brand, like Apple, would implement a system that would be really hard to crack and wont let some third person to just "walk pass by the security guard". Guess that isnt the case.
...to put nude photos and/or porn of any kind on the cloud?
How incredibly stupid. Like putting it up on the web and hoping no one will see it.
Hope you don't use iCloud backups.
If you do, I hope you consider everything on your phone public domain
Essentially you are saying it is incredibly stupid to use iCloud backups
Somehow I feel like apples intention isn't for iCloud backups to be public domain, otherwise i need to be changing my settings..and telling everyone I know too..
Last edited:
yikes
yikes
thanks for this info.
pls, apple, get better on all of this. real soon. pls.
yikes
thanks for this info.
pls, apple, get better on all of this. real soon. pls.
iCloud does make it convenient, but I agree, you're opening yourself up by using anyone else's server. Local, local, local. I mean, does the "inconvenience" of using iTunes really outweigh the potential downsides of letting your lack-of-self-control nudie photos (or any other personal data) into the wild?
Law Enforcement should never, ever have been provided with tools to do this.
You can fantasize about their needs for it, but it is just that...a fantasy. A fantasy that comes from watching too many crime shows on TV, where every week there is a new dastardly criminal that needs to be brought down by any means possible.
It's just not real. All this software does, in the wrong hands, is allow for misuse, and leaks, and torrents, and basically....this.
None of what I just said has anything to do with what happened here, or whether it not it would have happened. But it was a good opportunity to voice my concern that law enforcement has been given keys to things that they never should have. Ever.
You can fantasize about their needs for it, but it is just that...a fantasy. A fantasy that comes from watching too many crime shows on TV, where every week there is a new dastardly criminal that needs to be brought down by any means possible.
It's just not real. All this software does, in the wrong hands, is allow for misuse, and leaks, and torrents, and basically....this.
None of what I just said has anything to do with what happened here, or whether it not it would have happened. But it was a good opportunity to voice my concern that law enforcement has been given keys to things that they never should have. Ever.
This is good. For passwords, I make up fake words or passphrases that make absolutely no sense. Maybe throw in a special character or two for good measure.
it should have been encrypted day one. This was predictable. The device and backup should always been encrypted.