What Hackers Find Out About You When They Get Into iCloud Is Terrifying
But this story published late yesterday by Ars Technica is essential reading for anyone who cares about the privacy and security of iPhone users.
Basically, author Sean Gallagher bought two pieces of commercially available software that the iCloud hackers are thought to have used: Elcomsoft's iOS Forensic Toolkit (EIFT) and Elcomsoft Phone Password Breaker (EPPB). He then spent some time trying to hack his way into the phones of various family members.
What Gallagher found ought to terrify anyone who either doesn't understand how iCloud works, or who hasn't activated all the security features of iCloud (which is to say, a huge portion of all iCloud users).
Once you have hacked into an iCloud account, the Elcomsoft tools let you download a full backup of the account's owner. You basically get complete access to everything on their phone. The Ars Technica report confirms an earlier one we covered noting that hackers probably now have copies of Kate Upton's entire phone.Worse, you get access to all the stuff that used to be on the phone but the user thought was deleted. That confirms an earlier post on Business Insider explaining that celebs probably were not storing naked selfies on their phones or in iCloud - because they mistakenly believed they were deleted.
Here is what he found on the iCloud backups he hacked:
- Phone call history
- Text messages
- Voicemail message data (numbers and times) "dating back to the phone's original purchase. So much for deleting call history."
- Addresses for e-mail and texts, plus phone numbers and Facebook contacts.
- All the e-mail and Twitter accounts ever held by the phone's owner. "Some details synced over from accounts closed before the target phone was purchased." (Emphasis added.)
- Every wifi hotspot the phone has ever connected to.
- Long-deleted photos. (This may explain why so many celebrities had nudes in their iCloud - they believed they had deleted them but iCloud keeps a copy.)
- Addresses searched for in Apple Maps.
The material then lets those same hackers stalk their targets in real time, Gallagher says:
Even creepier, the iCloud access also gives the attacker the ability to stalk the victim in real-time by using the Find My iPhone feature. If the phone is turned on and Find My iPhone was configured, the attacker can use the feature just as the owner would (of course, odds are that it's on the owner's person). We were able to identify the location of family members in this way as soon as the target phone was turned on.
This would imply that anyone who believes their iCloud has been hacked ought to ditch the phone and all their iCloud accounts, and start over with a new device and a new set of accounts.
- Sensex climbs over 250 pts on buying in Reliance, M&M
- 7 healthier and tasty alternatives to ice cream
- Rupee rises 17 paise to close at 83.33 against US dollar
- More Indians are travelling than ever before, as 97 mn passengers took flight in Q1 2024: Report
- IMD forcasts heatwave for few states in next 5 days