Hackers Are Ready for New Attacks On iCloud. It's Easier Than You'd Expect

Hackers Are Ready for New Attacks On iCloud. It's Easier Than You'd Expect

by Dan Vlasic on 11 October 2014 · 3097 views

The notorious iCloud celebrity hack created media buzz around Apple right before the iPhone 6 and iPhone 6 Plus launch, even though it doesn't look like the scandal affected the sales. Nonetheless, the company’s security practices have been scrutinized by security researchers and media outlets and the resulting conclusions are not in favor of Apple.

Following the celebrity photo leak, Apple quickly released an overhaul to its security system, which ended up being nothing more than yet another notification a user will get in his email when somebody accesses his account and iCloud backups from a new device for the first time.

1 full Hackers Are Ready for New Attacks On iCloud Its Easier Than Youd Expect

Image: 9to5mac forum

Hackers Affected by the Leak

Because the celebrity hack scandal got so much exposure, AnonIB website where the iCloud hackers where advertising their services and exchanging tricks and techniques got closed for about two weeks. When the website finished "the maintenance" that iCloud hack thread was taken down, leaving a lot of people without a place to advertise their services (hackers have to feed their children, too). Many of them were very outraged by the stupidity of the people who poked the bear and made authorities apply pressure on the anonymous owners of AnonIB, which resulted in the iCloud hack thread being taken down.

Nonetheless, the hackers are quickly getting over the low blow, regrouping and migrating to secure chat rooms, where they share the ideas on the upcoming and current iCloud hacks.

New Tricks

It turns out the overhauled security system leaves plenty of room for maneuvering for those who know where to look. Those hackers who still use AnonIB to discuss iCloud backups have taken note that the only real change introduced by Apple was the notification system that now covers iCloud backups. The company claims that whenever somebody accesses their account from a new place, the user receives automatic and immediate notification in their emails, alerting them that their iCloud may be under attack.

The problem with this new notification feature is that it does not prevent hackers from gaining access to the iCloud and the backups. Moreover, the target audience for the images hacks consists of young females, even teenage females – the age category that is very unlikely to check their emails as regularly as tech nerds do. As a result the notifications are likely to remain unnoticed at the moment the hack is taking place.

Fortify Your Passwords and Security Questions, Don't Store Your Nudes in iCloud

Provided a hacker gains access to the target’s iCloud backup due to a weak password or security questions that are easy to figure out, the hacker can then obtain any information from the iCloud backup before the victim realizes what is happening.

There is more. Hackers can obtain access to the victim's iCloud account without the victim being notified at all. AnonIB hackers suggest entering the victim's email account before hacking the iCloud, and marking all emails from Apple as spam, which will consecutively send all Apple’s notifications, including iCloud security ones, directly to the spam folder.

4 large Hackers Are Ready for New Attacks On iCloud Its Easier Than Youd Expect

Image: AnonIB via BusinessInsider

When you look at it from the user's perspective, Apple’s security notifications only mean just an extra email to sort out on a daily basis, and hackers report that in most cases these notifications take about 10 minutes to arrive. Provided a hacker has access to the victim's email, these security notifications can as well be deleted.

2 large Hackers Are Ready for New Attacks On iCloud Its Easier Than Youd Expect

Image: AnonIB via BusinessInsider

Of course, those simple methods work when the hackers are capable of getting around the victim's password and security questions – one more reason to enhance your passwords efficiency and here's a guide that will help you do that.

As far as iCloud backup file encryption, apparently hackers have been using very expensive software designed for law enforcement to access and decrypt backup files. Another bad news is hackers now have access to a free and open source tool called iLoot developed by Alexey Troshichev, the same security researcher responsible for finding a Find my iPhone software bug. iLoot is available at GitHub for everyone to grab it. Even though the programs page on GitHub warns about legal consequences of illegal actions, it places full responsibility for illegal actions on those who use the tool for malicious purposes.

The bottom line is not much has changed for Apple’s users, and the security system of iDevices is as secure, or hackable, as it was before the iCloud celeb photo hack.

Sources: Business Insider, GitHub, 9to5 Mac, AnonIB.

Comments (0)
Featured Articles