Insights For Success

Strategy, Innovation, Leadership and Security

Did iCloud just get hacked?

technologyEdward KiledjianComment
Image by  Johan Viirok  used under Creative Commons License

Image by Johan Viirok used under Creative Commons License

Ordinarily, a bad actor would have to steal some of your information before breaking into your 2-factor protected iCloud account. They would need your AppleID, your password and a 2-factor authentication code (or a digital token stolen from an authenticated device like a laptop or desktop).

Now everyone's favorite russian purveyor of fine cracking software, Elcomsoft (link), has a tool called Phone Breaker. This new software requires the aforementioned information but then creates a permanent authentication token which means they won't have to re-authenticate until you change your password. 

It also has a long list of "wonderful" features to make stealing information easier. Sure law enforcement uses this but does anyone believe they use it for legal purposes with a warrant or that other more nefarious bad actors won't use it?