The tool will now enable iCloud Backup retrieval of active two-factor authentication (image: Manufacturer) 
probably used for iCloud Celebrity Hack forensics software “Phone Breaker” expands the possibilities to read user data stored in Apple’s cloud service. Support for third-party access to iCloud Drive to follow.
The Russian software maker Elcomsoft has responded with an update for forensics software Phone Breaker on Apple’s new security measures, which the Group crowds in publishing personal had introduced nude photos of celebrities. In the attack on iCloud accounts of actresses presumably Phone Breaker had been used to read iPhone backups with knowledge before geklauter login information.
The new version of Phone Breaker allows for the retrieval of iCloud backups again which were made with iOS 8, the manufacturer promises in a statement on Wednesday. The program will now support all versions of iOS to iOS 8.1.x as well as the latest hardware, including iPhone and iPhone 6 6 Plus.
More iCloud data backups in addition
In addition to iCloud backups to the forensic software can also read other user data, including iWork documents, data from third-apps like WhatsApp and some system files as the user dictionary for autocorrection. Access to this data is currently functioning but only for accounts that are not yet up to iCloud Drive, emphasizes Elcomsoft – Support for Apple in autumn newly introduced “online disk” will follow early 2015.
The program. can also access iCloud backups by Elcomsoft’s statement now, if the user has enabled Apple’s Multi-factor authentication: The retrieval requires knowledge of username, password and additional information such as the Security Code or the recovery key advance.
Password Loser access via token
Alternatively, is it also possible, however, to obtain the iCloud backup without this information: For an authentication token is required which can be from a Mac or Windows can read -PC when a iCloud account was set up on this. An appropriate tool provides with Password Breaker, it can also detect recently tokens to external drives and disk images. About the authentication token to the download of iCloud backups be possible without entering a username and password, even with two-factor authentication – the user will also not notified about this access Apple
. is the price you pay for the convenience of the need for the second factor to the first application only. It affects almost all two-factor systems for end users who are currently in use – from Apple to Google. For some programs can be the default setting for saving the two-factor authentication off, but not for example in iCloud backups. A true two-factor authentication, which is in addition to the password the one-time code must be entered to each use, but is only used in high security environments for applications where this is required by regulations.
The use of authentication -Tokens is a promising approach for forensics says Elcomsoft – but they are not a panacea. The token can expire after a certain time or be invalidated by the user. In addition, the detection of the token set physical access and may require additional hurdles to overcome, such as a hard disk encryption. (lbe)
No comments:
Post a Comment