Password-cracking firm discovers security holes in Apple’s two-step verification process
The password cracking bunch at ElcomSoft have released an analysis to demonstrate that knowing someone else’s Apple ID login details gives you access to their iCloud backups.Apple recently introduced a two-step authentication process which strengthens the security of Apple ID. However, that security doesn’t extend to your iDevice backups stored in iCloud.
If your iPhone is set to do regular backups to the cloud, be on the lookout for anyone who might have physical access to your device and an interest in stealing your data, a report by ElcomSoft suggests.
The firm says, “In its current implementation, Apple’s two-factor authentication does not prevent anyone from restoring an iOS backup onto a new (not trusted) device.”
An even bigger issue is the ability to download information from iCloud.
“…Apple’s implementation does not apply to iCloud backups, allowing anyone and everyone knowing the user’s Apple ID and password to download and access information stored in the iCloud,” says the firm.
ElcomSoft says anyone can verify this by logging into their iCloud account: “…you’ll have full information to everything stored there without being requested any additional logon information,” according to the company.