We noticed that, during the keynote address on Tuesday, Apple didn’t make any mention at all of the iCloud debacle which went down just before its iPhone 6 announcement. Tim Cook promised to upgrade iCloud security when he was interviewed straight after the release of the nude photos, but it appears we should still be concerned. A very detailed overview was given by Ars Technica on just how hackers were able to, and still can, attack your iOS device and retrieve your personal data from iCloud backups, without you ever suspecting anything at all.
Ars used very simple software tools, the same believed to have been used in the nude photo scandal, to hack into iPhone’s and access very private and personal data from family members’ iCloud accounts. It’s true that these tools work more efficiently on devices running previous iOS versions, however they’ve been used successfully on iPhone’s running iOS with the ability to be jailbroken. It’s assumed that these are the same methods that will be used on the iOS 8 devices.
And worryingly, it appears that you don’t have to be that skilled in hacking to be able to pull off this neat trick: you need some technical ability and a few skills, and you’ve now got access to your family/friends’ iOS devices.
It’s the hacking into iCloud that’s the difficult job because it requires access to a computer or iOS device that’s trusted by the device. It’s possible to break into these devices through a phishing scheme, through physical access, or through brute force attacks like the iCloud hack. Of course once you’ve gained access to iCloud those tools will provide you with an instant treasure trove of information and data ready to be downloaded and investigated. Actually, it seems that you can access all backups on iCloud, and this includes older backups, giving you the freedom to pick and choose whatever you want.
It can also be taken another step further by cloning an iOS device, with the option of stalking the target with the Find My Phone app once the credentials on iTunes have been stolen.
Apple should immediately improve their security on iCloud, and advise users exactly what’s required to protect their private and important data, particularly when you consider that Apple is now hoping it’s consumers will entrust them with even more private data by acting as the go-between for wireless payments on Apple Watch and iPhone 6.
Read below and you’ll see the type of information hackers are able to obtain from backups on iCloud – posted by Ars. This article is definitely worth taking a look at.
- SQLite databases complete with history of phone calls, iMessage messages and SMS, including voicemail message data (plus the number they came from and timestamps at the time of trashing) going right back to the original purchase of the phone. Deleting call history – I don’t think so!
- A file named ‘recents’ containing Messenger, email, and SMS addresses complete with message header information and other data.
- A database of ‘accounts’ with all the Twitter, email, and Apple-associated identity accounts that have ever been held. Before the phone was purchased some details had been synced over from accounts closed.
- A file containing all ‘known’ Wi-Fi hotspots, with the Mac addresses and SSIDS of every hotspot the iPhone was ever connected to.
- Some images, assumed to be deleted long ago, found on each backup in three different photo folders. Each image bears the default EXIF data that comes attached with Apple’s camera app: date the image was taken, GPS longitude, latitude, and altitude. These were images from our oldest iCloud backup and were part of an even older incremental backup which had never been cleared from the Cloud: they were discovered in an identical image folder, contained within the DCIM folder of the backup image.
- A search for a file containing Apple Map addresses.
- Mailbox files connected to the email accounts used with the Apple Mail app.
- An address-book database containing more than one thousand email addresses, Facebook profile links, phone numbers, and other contact information.