So it transpires that iCloud isn't secure enough & makes you more vulnerable to data theft.
http://www.theregister.co.uk/2012/05/17/elcomsoft_data_retrieval_tool/
http://www.theregister.co.uk/2012/05/17/elcomsoft_data_retrieval_tool/
iCloud security issues
- Thread starter bigboss
- Start date
Paul.
Well-known member
I don't get it... They need the username and password to access iCloud, they suggest having access to the phone or offline backup and breaking in to get the Apple ID, but everything on iCloud is already on the phone (or backup) anyway that you have just broken in to? So whats the point?
Seems a bit like saying I can hack your gmail account, if I stand over your shoulder and watch you type your password in
Seems a bit like saying I can hack your gmail account, if I stand over your shoulder and watch you type your password in
There are ways to get the password. That's not difficult.
http://securityxploded.com/apple-itunes-password-decryptor.php
http://www.elcomsoft.com/eppb.html
http://www.elcomsoft.com/iphone-forensic-toolkit.html
It's called "password breaker" & that you can "recover passwords". What does that mean then?
Basically, it is now possible to access your information without the need for access to your physical phone.
Apparently meant for Forensic use only. But if it is indeed possible, nothing to stop hackers from creating something similar.
http://securityxploded.com/apple-itunes-password-decryptor.php
http://www.elcomsoft.com/eppb.html
http://www.elcomsoft.com/iphone-forensic-toolkit.html
It's called "password breaker" & that you can "recover passwords". What does that mean then?
Basically, it is now possible to access your information without the need for access to your physical phone.
Apparently meant for Forensic use only. But if it is indeed possible, nothing to stop hackers from creating something similar.
Paul.
Well-known member
But that software requires acces to the host machine of the iPhone. The itunes password needs to be saved in a web browser, firstly why would you enter the password in to a browser outside of iTunes? If you did, why would you alow a browser to save your password with credit card info attached? Finally, why would you save your password on someone else's machine?
Its safe to assume that the majority of people arnt stupid enough to save credit card bearing passwords on other peoples machines, so the hacker has to have access to the iPhone owners host computer anyway, and already has access to the mobilesync folder without expensive software. You can just backup a blank iPhone from this file and wander off with the data anyway?
By the way, I'm not arguing the safety of the iPhone, I'm not deluded enough to think that. I'm just arguing the pointlessness of this software, and I don't tend to like the tone of articles that drop 'fanboi'. Did you notice the reg article stated 'marketed at' law enforcement agencies and not 'only available to'?
Its safe to assume that the majority of people arnt stupid enough to save credit card bearing passwords on other peoples machines, so the hacker has to have access to the iPhone owners host computer anyway, and already has access to the mobilesync folder without expensive software. You can just backup a blank iPhone from this file and wander off with the data anyway?
By the way, I'm not arguing the safety of the iPhone, I'm not deluded enough to think that. I'm just arguing the pointlessness of this software, and I don't tend to like the tone of articles that drop 'fanboi'. Did you notice the reg article stated 'marketed at' law enforcement agencies and not 'only available to'?
Similar threads
Facebook
Twitter
Instagram